Multiples infections (Gomeo,....)

dilllidan · 28 Juin 2011

Bonsoir, je fait appel à vos connaissances, j'ai mon pc portable qui est touché par de multiples infections qui occasionnent des problemes de fonctionnements ( redirection de page web, vidéo internet explorer figées et sans son...)

Avez vous une marche à suivre pour des rapports, et pouvez vous m'aider?

Merci beaucoup. :hello:

KeyserSoze · 28 Juin 2011

Salut, désactives la restauration système et fais un scan avec malwarebyte antimalware pour commencer.

Ensuite, installe spybot, vaccination et scan aussi.

dilllidan · 28 Juin 2011

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Version de la base de données: 6920

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

28/06/2011 22:57:34
mbam-log-2011-06-28 (22-57-34).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 157565
Temps écoulé: 4 minute(s), 58 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

dilllidan · 28 Juin 2011

28.06.2011 23:08:10 - ##### check started #####
28.06.2011 23:08:10 - ### Version: 1.6.2
28.06.2011 23:08:10 - ### Date: 28/06/2011 23:08:10
28.06.2011 23:08:16 - ##### checking bots #####
28.06.2011 23:08:32 - found: MeMedia.AdVantage Root class
28.06.2011 23:08:46 - found: Babylon.Toolbar Réglages
28.06.2011 23:08:46 - found: Babylon.Toolbar Type library
28.06.2011 23:16:18 - found: Fraud.WindowsRecovery Réglages
28.06.2011 23:16:18 - found: Fraud.WindowsRecovery Réglages
28.06.2011 23:17:30 - found: Toolbar.Facemood ID Application
28.06.2011 23:17:30 - found: Toolbar.Facemood Class ID
28.06.2011 23:17:30 - found: Toolbar.Facemood Root class
28.06.2011 23:17:30 - found: Toolbar.Facemood Root class
28.06.2011 23:49:09 - ##### check finished #####

dilllidan · 28 Juin 2011

--- Report generated: 2011-06-28 23:49 ---

MeMedia.AdVantage: [SBI $E0E6B2C4] Root class (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MEAD.1

Babylon.Toolbar: [SBI $AA4747ED] Réglages (Clé du registre, nothing done)
HKEY_CLASSES_ROOT\AppID\escort.DLL

Babylon.Toolbar: [SBI $4AB6C1F6] Type library (Clé du registre, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}

Fraud.WindowsRecovery: [SBI $9C8FE954] Réglages (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-21-1237001430-92446686-3516833831-1000\Software\75fa38b7-8b94-4995-ad32-52e938867954

Fraud.WindowsRecovery: [SBI $597FC39E] Réglages (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-21-1237001430-92446686-3516833831-1000\Software\BD

Toolbar.Facemood: [SBI $8F44A361] ID Application (Clé du registre, nothing done)
HKEY_CLASSES_ROOT\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}

Toolbar.Facemood: [SBI $CDB19D2C] Class ID (Clé du registre, nothing done)
HKEY_CLASSES_ROOT\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}

Toolbar.Facemood: [SBI $040843B5] Root class (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\facemoods.facemoodsHlpr

Toolbar.Facemood: [SBI $040843B5] Root class (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\facemoods.facemoodsHlpr.1

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-06-28 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-06-21 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-06-22 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-05-24 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-06-14 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-06-20 Includes\Trojans.sbi (*)
2011-05-11 Includes\TrojansC-02.sbi (*)
2011-05-11 Includes\TrojansC-03.sbi (*)
2011-06-20 Includes\TrojansC-04.sbi (*)
2011-06-21 Includes\TrojansC-05.sbi (*)
2011-06-14 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

dilllidan · 28 Juin 2011

voici les rapports. Puis je corriger les problemes signalés dans spybot? Merci beaucoup pour ton aide précieuse.

g225 · 29 Juin 2011

Oui corriger le tout et faire ceci:

Téléchargement d' Ad-remover (Windows XP/Vista/7 32/64 bits)

Vous devez être connecté pour voir les liens.

Pour les systèmes Vista/7 désactiver l' UAC et cliquer sur Ad-Remover sur le Bureau.

Séléctionner l'option "scanner" et quand il a terminée et trouvé des choses vous fermez le logiciel et le réouvrir et prendre l'option "nettoyage" pour supprimer le tout.

Le scan terminée, une fenêtre va s'ouvrir dans le "bloc note". (C:\Ad-Report-CLEAN[1].log) Je veux le scan avec écrit supprimé et non celui avec trouvé et présent.

Pour me copier/coller les log dans le "Bloc note" vous allez dans le menu Édition et cliquer sur "Sélectionner tout" et retourner dans "Édition" et cliquer sur "copier"
Sur le forum, faire un click droit et cliquer sur "coller".

KeyserSoze · 29 Juin 2011

dilllidan :

Oui !

Refais un scan pour voir ce que ça donne.

help-manformatique · 29 Juin 2011

désinstalle spybot, il sert à rien à part ralentir ton PC, fais ce que g225 te dit et post le rapport et fais aussi sa :

1)

Vous devez être connecté pour voir les images.

TDSS Killer[/#ff]

Vous devez être connecté pour voir les images.

telecharge sur ton bureau

Vous devez être connecté pour voir les liens.

, dezippe le et execute le , un rapport sera crée ici:

C:\TDSSKillerVersion_Date_Time_log.txt.<< copie_colle son contenu

tu as aussi directement l'executable là :

Vous devez être connecté pour voir les liens.

o execute le , La fenêtre suivante va s'ouvrir::

Vous devez être connecté pour voir les images.

o Clique sur Start scan et laisse l'outil scanner ton disque dur sans l'interrompre et sans utiliser le PC.
o Si des fichiers infectés sont trouvées, une nouvelle fenêtre va s'ouvrir:

Vous devez être connecté pour voir les images.

o Si TDSS.tdl2 est détecté l'option delete sera cochée par défaut.

o Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.

o Si TDSS.tdl4(\HardDisk0\MBR) est détecté assure toi que Cure est bien cochée.

o Si Suspicious file est indiqué, laisse l'option cochée sur Skip

o Clique sur Continue puis sur Reboot now pour redémarrer le PC.

o Copie-colle le rapport généré dans ta prochaine réponse (Il est aussi sauvegardé à la racine de ta partition système sous le nom C:\TDSSKiller_Quarantine\JJ.MM.AA_HH.MM.SS. (JJ.MM.AA date du passage de l'outil, HH.MM.SS heure de passage).

tutoriel-->

Vous devez être connecté pour voir les liens.

dilllidan · 29 Juin 2011

bonjour et merci de votre suivi, voici le rapport AD

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web:

Vous devez être connecté pour voir les liens.

C:\Program Files\Ad-Remover\main.exe (SCAN [4]) -> Lancé à 19:00:26 le 29/06/2011, Mode normal

Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86)
Guillaume@PC-DE-GUILLAUME (TOSHIBA Satellite P200)

============== RECHERCHE ==============

============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [5.0 (fr)] ****

HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)
HKLM_MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0 (x)
HKLM_MozillaPlugins\Adobe Reader (x)
HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x)
Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Searchplugins\fcmdSrchddr.xml ( hxxp://start.facemoods.com/?a=ddr&f=4&q={searchTerms}/)
Components\browsercomps.dll (Mozilla Foundation)

-- C:\Users\Guillaume\AppData\Roaming\Mozilla\FireFox\Profiles\lz6vnylv.default --
Extensions\illimitux@illimitux.net (Illimitux)
Extensions\nostmp (?)
Prefs.js - browser.search.selectedEngine, Search The Web
Prefs.js - browser.startup.homepage, hxxp://www.google.fr/
Prefs.js - browser.startup.homepage_override.buildID, 20110615151330
Prefs.js - browser.startup.homepage_override.mstone, rv:5.0

========================================

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU_Main|Start Page - hxxp://google.fr/
HKLM_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_ElevationPolicy\{12CC1876-EA8F-48D1-B1A5-8E5E535BD1B8} - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (x)
HKCU_ElevationPolicy\{29D4D10D-3DAF-4AC3-8450-42DC9AE2BF79} - C:\Windows\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe (x)
HKCU_ElevationPolicy\{2B7CF7D7-3FBF-40E2-B805-16658976D05A} - C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe (x)
HKCU_ElevationPolicy\{3A4A6777-C3E3-49F6-84F6-DE3C7DCF537E} - C:\Windows\System32\Macromed\Flash\FlashUtil9f.exe (x)
HKCU_ElevationPolicy\{562EDAF2-6129-406B-B213-61778227914C} - C:\Program Files\Windows Live\Toolbar\wltuser.exe (x)
HKCU_ElevationPolicy\{7538CDE5-85F2-49F7-8E63-3243E6B70551} - C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE (x)
HKCU_ElevationPolicy\{77377A8C-FAC2-4CAA-B493-AC45DF9ECBCB} - C:\Program Files\Pando Networks\Pando\pando.exe (Pando Networks)
HKCU_ElevationPolicy\{914E97F8-6449-4EF2-A402-738AD9603C45} - C:\Program Files\BitTorrent\bittorrent.exe (x)
HKCU_ElevationPolicy\{A4B78EDB-E312-4F19-A79A-600D3056DDCB} - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (x)
HKCU_ElevationPolicy\{B62862F2-38AB-45E4-93B1-E170ACFFE0DD} - C:\Windows\System32\Macromed\Flash\FlashUtil10a.exe (x)
HKCU_ElevationPolicy\{BD57C507-3FE1-4EC7-ADEC-2C206EEBB58D} - C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe (x)
HKCU_ElevationPolicy\{FE426366-CFD7-4A51-BD21-B9B1BB4180E3} - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (x)
HKLM_ElevationPolicy\{3A1704E0-708D-11DE-89C7-D8AE56D89593} - C:\Program Files\Pando Networks\Pando\Pando.exe (Pando Networks)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - "@C:\Windows\WindowsMobile\INetRepl.dll,-222" (C:\Windows\WindowsMobile\INetRepl.dll,210)
HKLM_Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - "?" (?)
HKLM_Extensions\{76577871-04EC-495E-A12B-91F7C3600AFA} - "eBay - Achetez, Vendez" (C:\Toshiba\Webshops\eBay\ebay.ico)
HKLM_Extensions\{8A918C1D-E123-4E36-B562-5C1519E434CE} - "Amazon.fr" (C:\Toshiba\Webshops\Amazon\amazon.ico)
HKLM_Extensions\{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - "eBay" (C:\Toshiba\ebay\ebay.ico)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 5 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 25/06/2011 19:13:09 (6546 Octet(s))
C:\Ad-Report-SCAN[1].txt - 22/06/2011 23:12:03 (6780 Octet(s))
C:\Ad-Report-SCAN[2].txt - 25/06/2011 17:04:38 (6805 Octet(s))
C:\Ad-Report-SCAN[3].txt - 29/06/2011 17:36:46 (5106 Octet(s))
C:\Ad-Report-SCAN[4].txt - 29/06/2011 19:00:30 (5033 Octet(s))

Fin à: 19:01:29, 29/06/2011

============== E.O.F ==============

dilllidan · 29 Juin 2011

j'envoie le rapport de nettoyage des qu'il aura fini merci.

dilllidan · 29 Juin 2011

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web:

Vous devez être connecté pour voir les liens.

C:\Program Files\Ad-Remover\main.exe (CLEAN [2]) -> Lancé à 19:40:10 le 29/06/2011, Mode normal

Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86)
Guillaume@PC-DE-GUILLAUME (TOSHIBA Satellite P200)

============== ACTION(S) ==============

(!) -- Fichiers temporaires supprimés.

============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [5.0 (fr)] ****

HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)
HKLM_MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0 (x)
HKLM_MozillaPlugins\Adobe Reader (x)
HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x)
Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Searchplugins\fcmdSrchddr.xml ( hxxp://start.facemoods.com/?a=ddr&f=4&q={searchTerms}/)
Components\browsercomps.dll (Mozilla Foundation)

-- C:\Users\Guillaume\AppData\Roaming\Mozilla\FireFox\Profiles\lz6vnylv.default --
Extensions\illimitux@illimitux.net (Illimitux)
Extensions\nostmp (?)
Prefs.js - browser.search.selectedEngine, Search The Web
Prefs.js - browser.startup.homepage, hxxp://www.google.fr/
Prefs.js - browser.startup.homepage_override.buildID, 20110615151330
Prefs.js - browser.startup.homepage_override.mstone, rv:5.0

========================================

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_ElevationPolicy\{12CC1876-EA8F-48D1-B1A5-8E5E535BD1B8} - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (x)
HKCU_ElevationPolicy\{29D4D10D-3DAF-4AC3-8450-42DC9AE2BF79} - C:\Windows\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe (x)
HKCU_ElevationPolicy\{2B7CF7D7-3FBF-40E2-B805-16658976D05A} - C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe (x)
HKCU_ElevationPolicy\{3A4A6777-C3E3-49F6-84F6-DE3C7DCF537E} - C:\Windows\System32\Macromed\Flash\FlashUtil9f.exe (x)
HKCU_ElevationPolicy\{562EDAF2-6129-406B-B213-61778227914C} - C:\Program Files\Windows Live\Toolbar\wltuser.exe (x)
HKCU_ElevationPolicy\{7538CDE5-85F2-49F7-8E63-3243E6B70551} - C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE (x)
HKCU_ElevationPolicy\{77377A8C-FAC2-4CAA-B493-AC45DF9ECBCB} - C:\Program Files\Pando Networks\Pando\pando.exe (Pando Networks)
HKCU_ElevationPolicy\{914E97F8-6449-4EF2-A402-738AD9603C45} - C:\Program Files\BitTorrent\bittorrent.exe (x)
HKCU_ElevationPolicy\{A4B78EDB-E312-4F19-A79A-600D3056DDCB} - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (x)
HKCU_ElevationPolicy\{B62862F2-38AB-45E4-93B1-E170ACFFE0DD} - C:\Windows\System32\Macromed\Flash\FlashUtil10a.exe (x)
HKCU_ElevationPolicy\{BD57C507-3FE1-4EC7-ADEC-2C206EEBB58D} - C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe (x)
HKCU_ElevationPolicy\{FE426366-CFD7-4A51-BD21-B9B1BB4180E3} - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (x)
HKLM_ElevationPolicy\{3A1704E0-708D-11DE-89C7-D8AE56D89593} - C:\Program Files\Pando Networks\Pando\Pando.exe (Pando Networks)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - "@C:\Windows\WindowsMobile\INetRepl.dll,-222" (C:\Windows\WindowsMobile\INetRepl.dll,210)
HKLM_Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - "?" (?)
HKLM_Extensions\{76577871-04EC-495E-A12B-91F7C3600AFA} - "eBay - Achetez, Vendez" (C:\Toshiba\Webshops\eBay\ebay.ico)
HKLM_Extensions\{8A918C1D-E123-4E36-B562-5C1519E434CE} - "Amazon.fr" (C:\Toshiba\Webshops\Amazon\amazon.ico)
HKLM_Extensions\{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - "eBay" (C:\Toshiba\ebay\ebay.ico)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 20 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 25/06/2011 19:13:09 (6546 Octet(s))
C:\Ad-Report-CLEAN[2].txt - 29/06/2011 19:40:13 (4809 Octet(s))
C:\Ad-Report-SCAN[1].txt - 22/06/2011 23:12:03 (6780 Octet(s))
C:\Ad-Report-SCAN[2].txt - 25/06/2011 17:04:38 (6805 Octet(s))
C:\Ad-Report-SCAN[3].txt - 29/06/2011 17:36:46 (5106 Octet(s))
C:\Ad-Report-SCAN[4].txt - 29/06/2011 19:00:30 (5171 Octet(s))

Fin à: 19:41:28, 29/06/2011

============== E.O.F ==============

help-manformatique · 29 Juin 2011

Fais le TDSSKiller

dilllidan · 29 Juin 2011

le tdsskiller en fonctionne pas il ne se lance pas...

help-manformatique · 29 Juin 2011

Essaye ceci :

Télécharge

Vous devez être connecté pour voir les liens.

sur ton Bureau.

Double clique sur aswMBR.exe pour l'exécuter
Double-clique sur aswMBR.exe présent sur ton bureau.(Clic droit -> "Exécuter en tant qu'administrateur" pour VISTA / SEVEN

Clique sur le bouton «Scan»

Vous devez être connecté pour voir les images.

Clic sur save log ,Enregistre le rapport sur le bureau
Poste le rapport dans ta prochaine réponse

CopyRight© hackinginterdit

dilllidan · 29 Juin 2011

voici le rapport par contre il a fait l'opération trés rapidement ( 30 secondes) est ce normal?

aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-29 20:28:52
-----------------------------
20:28:52.802 OS Version: Windows 6.0.6002 Service Pack 2
20:28:52.802 Number of processors: 2 586 0xF0D
20:28:52.804 ComputerName: PC-DE-GUILLAUME UserName: Guillaume
20:29:25.990 Initialize success
20:30:29.357 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:30:29.361 Disk 0 Vendor: Hitachi_ BBCO Size: 152627MB BusType: 3
20:30:29.377 Disk 0 MBR read successfully
20:30:29.381 Disk 0 MBR scan
20:30:29.387 Disk 0 unknown MBR code
20:30:29.393 Disk 0 scanning sectors +312578048
20:30:29.429 Disk 0 scanning C:\Windows\system32\drivers
20:30:36.659 Service scanning
20:30:39.055 Disk 0 trace - called modules:
20:30:39.087 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x87aec1ed]<<
20:30:39.096 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f21820]
20:30:39.103 3 CLASSPNP.SYS[893338b3] -> nt!IofCallDriver -> [0x86964668]
20:30:39.112 5 acpi.sys[806996bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86447030]
20:30:39.117 \Driver\iaStor[0x8640c030] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x87aec1ed
20:30:39.133 Scan finished successfully
20:31:39.267 Disk 0 MBR has been saved successfully to "C:\Users\Guillaume\Desktop\MBR.dat"
20:31:39.286 The log file has been saved successfully to "C:\Users\Guillaume\Desktop\aswMBR.txt"

help-manformatique · 29 Juin 2011

Oui c'est normal, ta essayé clique droit " executer en tant qu'administrateur" pour TDSSKiller

dilllidan · 29 Juin 2011

oui rien n'y fait meme en sans echec.... aucune action....

help-manformatique · 29 Juin 2011

C'est pas grave, on va faire un diagnostic plus complet du PC :

Vous devez être connecté pour voir les images.

Diagnostic :

■ Télécharge
Vous devez être connecté pour voir les liens.
(de OldTimer[/#ff]) sur ton Bureau.

■ Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.
(Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")
■ Coche en haut la case devant "Tous les utilisateurs"
■ Sous Personnalisation, copie-colle l'ensemble du texte ci-dessous, laisse les autres options par défaut.
[fixed]netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.*
%SYSTEMDRIVE%\*.exe
%PROGRAMFILES%\*.*
%PROGRAMFILES%\*.
/md5start
volsnap.sys
hidserv.dll
appmgmts.dll
eventlog.dll
winlogon.exe
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
wininet.dll
wininit.exe
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
winlogon.exe
wininit.ini
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
c:\$recycle.bin\*.* /s [/fixed]
■ Clique sur le bouton Analyse en haut à gauche puis patiente quelques instants.
■ A la fin du scan, deux rapports s'ouvriront OTL.Txt et Extras.Txt. Copie/colle ici l'ensemble des rapports.
PS : Les rapports sont aussi enregistrés sur le bureau

Pour les rapports, merci d'utiliser
Vous devez être connecté pour voir les liens.
: dépose le fichier via "parcourir" et poste simplement le lien obtenu.

dilllidan · 29 Juin 2011

rapport 1

OTL logfile created on: 29/06/2011 20:56:38 - Run 1
OTL by OldTimer - Version 3.2.24.2 Folder = C:\Users\Guillaume\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,59% Memory free
4,22 Gb Paging File | 2,98 Gb Available in Paging File | 70,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 11,59 Gb Free Space | 15,62% Space Free | Partition Type: NTFS
Drive E: | 73,36 Gb Total Space | 4,22 Gb Free Space | 5,75% Space Free | Partition Type: NTFS

Computer Name: PC-DE-GUILLAUME | User Name: Guillaume | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/29 20:51:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Guillaume\Desktop\OTL.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/11/25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/09/28 15:41:12 | 000,024,645 | ---- | M] (Apache Software Foundation) -- C:\OSGeo4W\apache\bin\httpd.exe
PRC - [2009/07/20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/20 08:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/09/19 11:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/09/03 12:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 10:39:00 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2007/02/12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 14:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

========== Modules (SafeList) ==========

MOD - [2011/06/29 20:51:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Guillaume\Desktop\OTL.exe
MOD - [2010/08/31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- Reg Error: Key error. -- (TrkWks)
SRV - File not found [Auto | Stopped] -- -- (TOSHIBA Bluetooth Service)
SRV - File not found [Unknown | Running] -- Reg Error: Key error. -- (RpcSs) Appel de procédure distante (RPC)
SRV - File not found [Auto | Stopped] -- -- (Planificateur LiveUpdate automatique)
SRV - File not found [Unknown | Running] -- Reg Error: Key error. -- (DcomLaunch)
SRV - File not found [Auto | Running] -- Reg Error: Key error. -- (BITS)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/20 14:50:18 | 000,152,064 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/09/28 15:41:12 | 000,024,645 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\OSGeo4W\apache\bin\httpd.exe -- (ApacheOSGeo4WWebServer)
SRV - [2009/07/20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/23 18:11:23 | 000,355,584 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008/05/29 10:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/19 11:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/03/29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/12/14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/11/17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

========== Driver Services (SafeList) ==========

DRV - [2011/06/19 16:49:34 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/06/19 16:49:34 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/11/25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/25 00:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/11/25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/08/24 13:04:55 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/07/29 06:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/07/26 16:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/06/18 15:10:42 | 000,373,568 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv09.sys -- (acedrv09)
DRV - [2007/05/30 18:54:22 | 000,201,696 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp09.sys -- (acehlp09)
DRV - [2007/04/30 07:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/04/16 10:19:10 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/03/13 14:53:47 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt73.sys -- (RT73)
DRV - [2007/03/06 15:01:04 | 000,014,848 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\CplIR.SYS -- (CplIR)
DRV - [2007/01/18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2007/01/18 16:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2007/01/04 16:41:50 | 000,255,488 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2006/11/28 21:46:22 | 000,028,224 | -H-- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50)
DRV - [2006/11/28 21:46:20 | 000,027,072 | -H-- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2006/11/02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/07/28 16:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2006/07/10 18:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2006/07/06 13:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/07/05 14:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006/06/14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Aspi32.sys -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar =

Vous devez être connecté pour voir les liens.

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search The Web"
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.103
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/26 14:03:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/26 14:03:18 | 000,000,000 | ---D | M]

[2010/06/22 12:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guillaume\AppData\Roaming\Mozilla\Extensions
[2011/06/26 22:21:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\lz6vnylv.default\extensions
[2010/06/22 12:54:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\lz6vnylv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/30 22:07:46 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\lz6vnylv.default\extensions\illimitux@illimitux.net
[2011/06/26 14:03:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\lz6vnylv.default\extensions\nostmp
[2011/06/26 14:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/30 00:17:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/27 17:20:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/30 20:53:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/06/26 13:41:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/16 06:38:33 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/26 13:41:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 10:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/01 10:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2011/03/02 20:59:12 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2010/01/01 10:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/01/01 10:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: &Envoyer à OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mappy.com ([]http in Sites de confiance)
O15 - HKCU\..Trusted Domains: orange.fr ([]http in Sites de confiance)
O15 - HKCU\..Trusted Domains: voila.fr ([rw.search.ke] http in Sites de confiance)
O15 - HKCU\..Trusted Domains: weborama.fr ([orange] http in Sites de confiance)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}

Vous devez être connecté pour voir les liens.

(OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}

Vous devez être connecté pour voir les liens.

(Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}

Vous devez être connecté pour voir les liens.

(Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

Vous devez être connecté pour voir les liens.

(Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Vous devez être connecté pour voir les liens.

(Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

Vous devez être connecté pour voir les liens.

(Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Vous devez être connecté pour voir les liens.

(Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

Vous devez être connecté pour voir les liens.

(Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 109.0.66.10 109.0.66.20
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Guillaume\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Guillaume\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/06/25 20:06:13 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/07/25 07:34:07 | 000,000,000 | ---D | M] - E:\autopano -- [ NTFS ]
O32 - AutoRun File - [2011/06/25 20:06:15 | 000,000,000 | RHSD | M] - E:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{4b4e8251-30b4-11de-94ce-001b38aa3947}\Shell - "" = AutoRun
O33 - MountPoints2\{4b4e8251-30b4-11de-94ce-001b38aa3947}\Shell\AutoRun\command - "" = K:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{cdda72a5-899a-11dd-adea-001b38aa3947}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{cdda72a5-899a-11dd-adea-001b38aa3947}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {0E0AD121-9B2B-25E9-D860-822530FA9A7E} - Browser Customizations
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {78CFE052-F5B3-3960-CDC4-A55037D4571A} - Internet Explorer
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\Windows\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: Nouvelle valeur #1 - File not found
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.vp60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.X264 - C:\Windows\System32\x264vfw.dll ()
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/29 20:51:51 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Guillaume\Desktop\OTL.exe
[2011/06/29 20:12:59 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Users\Guillaume\Desktop\aswMBR.exe
[2011/06/29 19:53:50 | 001,448,752 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Guillaume\Desktop\TDSSKiller.exe
[2011/06/29 17:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2011/06/28 23:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/28 23:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/06/28 23:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/28 22:43:21 | 000,000,000 | ---D | C] -- C:\Users\Guillaume\Recent
[2011/06/27 21:12:23 | 000,000,000 | ---D | C] -- C:\Users\Guillaume\Documents\VideoPad Projects
[2011/06/26 22:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/26 13:41:46 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/06/26 13:41:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/06/26 13:41:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/06/26 13:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/06/25 20:06:13 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2011/06/22 23:19:48 | 000,000,000 | ---D | C] -- C:\Users\Guillaume\Desktop\tdsskiller[1]
[2011/06/22 21:10:22 | 002,520,999 | ---- | C] (Nicolas Coolman ) -- C:\Users\Guillaume\Desktop\ZHPDiag2.exe
[2011/06/20 23:08:54 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/20 23:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/20 23:08:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/20 23:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/19 21:16:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2011/06/19 21:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2011/06/19 21:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2011/06/19 21:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2011/06/19 21:16:42 | 000,000,000 | ---D | C] -- C:\Users\Guillaume\AppData\Roaming\NCH Software
[2011/06/19 21:16:07 | 003,292,760 | ---- | C] (NCH Software) -- C:\Users\Guillaume\Desktop\vpsetup.exe
[2011/06/19 21:15:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\custom matrices
[2011/06/19 21:15:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime
[2011/06/19 21:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack
[2011/06/19 21:15:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\C2MP
[2011/06/19 20:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/06/19 20:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/06/19 20:03:59 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/06/19 20:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/06/19 19:55:41 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/06/19 19:48:50 | 000,000,000 | ---D | C] -- C:\Users\Guillaume\Desktop\telephone
[2011/06/19 19:36:30 | 000,000,000 | ---D | C] -- C:\Users\Guillaume\Documents\MAGIX_Video_deluxe_2008_PLUS
[2011/06/19 19:36:30 | 000,000,000 | ---D | C] -- C:\Users\Guillaume\Documents\MAGIX Téléchargements
[2011/06/19 19:20:51 | 000,000,000 | ---D | C] -- C:\Users\Guillaume\AppData\Local\Sony Ericsson
[2011/06/19 17:40:32 | 000,000,000 | ---D | C] -- C:\Users\Guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Ericsson
[2011/06/19 17:16:45 | 000,000,000 | ---D | C] -- C:\Users\Guillaume\AppData\Local\Sony
[2011/06/19 17:15:35 | 000,000,000 | ---D | C] -- C:\Users\Guillaume\Podcasts
[2011/06/19 17:15:35 | 000,000,000 | ---D | C] -- C:\Users\Guillaume\Documents\Media Go
[2011/06/19 17:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2011/06/19 17:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2011/06/19 17:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2011/06/19 17:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2011/06/19 17:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Media Go Install
[2011/06/19 17:12:20 | 000,000,000 | ---D | C] -- C:\Users\Guillaume\AppData\Roaming\Sony
[2011/06/19 16:49:34 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2011/06/19 16:49:34 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2011/06/19 16:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Ericsson
[2011/06/19 16:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2011/06/19 16:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2011/06/18 21:18:36 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/18 21:18:34 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/18 21:18:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/18 21:18:33 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/29 21:00:00 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\Maintenance en 1 clic.job
[2011/06/29 20:51:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Guillaume\Desktop\OTL.exe
[2011/06/29 20:31:39 | 000,000,512 | ---- | M] () -- C:\Users\Guillaume\Desktop\MBR.dat
[2011/06/29 20:13:10 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Users\Guillaume\Desktop\aswMBR.exe
[2011/06/29 19:43:12 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/29 19:43:12 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/29 19:43:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/29 17:36:40 | 000,001,641 | ---- | M] () -- C:\Users\Guillaume\Desktop\AD-R.lnk
[2011/06/29 17:21:50 | 000,681,798 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/06/29 17:21:50 | 000,598,368 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/29 17:21:50 | 000,127,504 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/06/29 17:21:50 | 000,104,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/28 23:05:16 | 000,001,020 | ---- | M] () -- C:\Users\Guillaume\Desktop\Spybot - Search & Destroy.lnk
[2011/06/28 19:13:28 | 001,448,752 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Guillaume\Desktop\TDSSKiller.exe
[2011/06/26 20:24:54 | 000,508,506 | ---- | M] () -- C:\Users\Guillaume\Desktop\DSC_0092.jpg
[2011/06/26 14:03:21 | 000,000,835 | ---- | M] () -- C:\Users\Guillaume\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/26 13:41:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/06/26 13:41:22 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/06/26 13:41:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/06/26 13:41:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/06/25 20:32:00 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
[2011/06/23 19:07:31 | 000,000,138 | ---- | M] () -- C:\Users\Guillaume\defogger_reenable
[2011/06/22 23:28:04 | 001,007,120 | ---- | M] () -- C:\Users\Guillaume\Desktop\rkill.scr
[2011/06/22 21:12:09 | 000,000,800 | ---- | M] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2011/06/22 21:12:09 | 000,000,793 | ---- | M] () -- C:\Users\Public\Desktop\ZHPDiag.lnk
[2011/06/22 21:12:09 | 000,000,788 | ---- | M] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2011/06/22 09:30:38 | 002,520,999 | ---- | M] (Nicolas Coolman ) -- C:\Users\Guillaume\Desktop\ZHPDiag2.exe
[2011/06/21 22:50:33 | 000,169,984 | -H-- | M] () -- C:\Users\Guillaume\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/20 23:08:55 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/20 22:38:38 | 217,264,965 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/20 22:23:26 | 000,000,400 | ---- | M] () -- C:\ProgramData\45407992
[2011/06/20 22:20:31 | 000,000,240 | -H-- | M] () -- C:\ProgramData\~45407992
[2011/06/20 22:20:31 | 000,000,168 | -H-- | M] () -- C:\ProgramData\~45407992r
[2011/06/19 21:16:46 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\VideoPad Video Editor.lnk
[2011/06/19 21:16:30 | 003,292,760 | ---- | M] (NCH Software) -- C:\Users\Guillaume\Desktop\vpsetup.exe
[2011/06/19 17:47:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2011/06/19 17:47:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2011/06/19 16:49:34 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2011/06/19 16:49:34 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2011/06/07 18:56:16 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/29 20:31:39 | 000,000,512 | ---- | C] () -- C:\Users\Guillaume\Desktop\MBR.dat
[2011/06/28 23:05:16 | 000,001,020 | ---- | C] () -- C:\Users\Guillaume\Desktop\Spybot - Search & Destroy.lnk
[2011/06/27 20:43:13 | 000,508,506 | ---- | C] () -- C:\Users\Guillaume\Desktop\DSC_0092.jpg
[2011/06/26 14:03:21 | 000,000,823 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/26 13:38:27 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/23 19:07:12 | 000,000,138 | ---- | C] () -- C:\Users\Guillaume\defogger_reenable
[2011/06/22 23:28:00 | 001,007,120 | ---- | C] () -- C:\Users\Guillaume\Desktop\rkill.scr
[2011/06/22 23:06:50 | 000,001,641 | ---- | C] () -- C:\Users\Guillaume\Desktop\AD-R.lnk
[2011/06/22 21:15:32 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin
[2011/06/22 21:12:09 | 000,000,800 | ---- | C] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2011/06/22 21:12:09 | 000,000,793 | ---- | C] () -- C:\Users\Public\Desktop\ZHPDiag.lnk
[2011/06/22 21:12:09 | 000,000,788 | ---- | C] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2011/06/20 23:08:55 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/20 22:53:18 | 000,002,554 | ---- | C] () -- C:\Users\Guillaume\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2011/06/20 22:53:18 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/06/20 22:53:18 | 000,000,967 | ---- | C] () -- C:\Users\Guillaume\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk
[2011/06/20 22:53:18 | 000,000,948 | ---- | C] () -- C:\Users\Guillaume\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/20 22:53:18 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\VideoPad Video Editor.lnk
[2011/06/20 22:53:18 | 000,000,941 | ---- | C] () -- C:\Users\Guillaume\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/06/20 22:53:18 | 000,000,903 | ---- | C] () -- C:\Users\Guillaume\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/20 22:53:18 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2011/06/20 22:53:18 | 000,000,835 | ---- | C] () -- C:\Users\Guillaume\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/20 22:53:18 | 000,000,667 | ---- | C] () -- C:\Users\Guillaume\Application Data\Microsoft\Internet Explorer\Quick Launch\Autopano Pro.lnk
[2011/06/20 22:53:18 | 000,000,258 | ---- | C] () -- C:\Users\Guillaume\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/06/20 22:53:18 | 000,000,240 | ---- | C] () -- C:\Users\Guillaume\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/06/20 22:38:38 | 217,264,965 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/20 22:04:40 | 000,000,240 | -H-- | C] () -- C:\ProgramData\~45407992
[2011/06/20 22:04:40 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~45407992r
[2011/06/20 22:04:34 | 000,000,400 | ---- | C] () -- C:\ProgramData\45407992
[2011/06/19 21:16:46 | 000,000,956 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
[2011/06/19 20:04:07 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/06/19 17:47:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2011/06/19 17:47:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2011/05/15 18:59:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\Chorus
[2011/05/15 18:59:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\Bundle
[2010/12/28 01:54:07 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/15 16:20:18 | 000,000,268 | R--- | C] () -- C:\ProgramData\HAL
[2010/10/15 16:20:18 | 000,000,268 | R--- | C] () -- C:\Users\Guillaume\AppData\Roaming\Graphics
[2010/10/15 16:20:18 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2010/10/15 16:20:16 | 000,000,268 | R--- | C] () -- C:\ProgramData\Halftone
[2010/10/15 16:20:16 | 000,000,268 | R--- | C] () -- C:\Users\Guillaume\AppData\Roaming\Guides
[2010/10/15 16:18:18 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010/09/19 14:28:03 | 000,001,456 | ---- | C] () -- C:\Users\Guillaume\AppData\Local\Adobe Enregistrer pour le Web 11.0 Prefs
[2010/06/10 13:47:17 | 000,033,792 | ---- | C] () -- C:\Windows\System32\Sp32w.dll
[2010/06/10 13:47:14 | 000,058,368 | ---- | C] () -- C:\Windows\System32\STB2P32.DLL
[2010/06/10 13:47:14 | 000,018,944 | ---- | C] () -- C:\Windows\System32\BPROP.DLL
[2010/05/24 21:33:00 | 004,670,829 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2010/05/24 21:33:00 | 001,529,856 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2010/05/24 21:33:00 | 001,447,921 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2010/05/24 21:33:00 | 000,877,385 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2010/05/24 21:33:00 | 000,810,113 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/05/24 21:33:00 | 000,336,384 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2010/05/24 21:33:00 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2010/05/24 21:33:00 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2010/05/24 21:33:00 | 000,216,576 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2010/05/24 21:33:00 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2010/05/24 21:33:00 | 000,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010/05/24 21:33:00 | 000,139,944 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2010/05/24 21:33:00 | 000,121,856 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2010/05/24 21:33:00 | 000,116,736 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2010/05/24 21:33:00 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/05/24 21:33:00 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2010/05/24 21:33:00 | 000,097,792 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2010/05/19 22:59:20 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2010/05/19 22:59:10 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2010/05/19 22:59:02 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2010/05/19 22:58:52 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2010/05/19 22:58:24 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2010/05/19 22:58:18 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2010/05/19 22:58:08 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2010/05/19 22:57:42 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2010/05/19 22:57:38 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2010/05/19 22:57:26 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2010/05/19 22:57:20 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2010/05/19 22:55:40 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2010/05/19 22:55:36 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2010/03/23 20:53:31 | 000,000,000 | ---- | C] () -- C:\Windows\WINGEO.INI
[2010/03/01 23:07:49 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/02/17 21:33:31 | 000,000,016 | ---- | C] () -- C:\Users\Guillaume\AppData\Roaming\cqfyto.dat
[2009/11/19 22:35:00 | 000,498,688 | R--- | C] () -- C:\Windows\System32\MapSuiteRasterTiffX64.dll
[2009/11/19 22:35:00 | 000,413,696 | R--- | C] () -- C:\Windows\System32\MapSuiteRasterTiffX86.dll
[2009/11/19 22:35:00 | 000,274,478 | R--- | C] () -- C:\Windows\System32\MapSuiteProjectionX86.dll
[2009/11/19 22:35:00 | 000,256,512 | R--- | C] () -- C:\Windows\System32\MapSuiteProjectionX64.dll
[2009/11/19 22:35:00 | 000,044,032 | R--- | C] () -- C:\Windows\System32\Proj4ExtensionX64.dll
[2009/11/19 22:35:00 | 000,043,520 | R--- | C] () -- C:\Windows\System32\TiffWrapperX64.dll
[2009/11/19 22:35:00 | 000,034,304 | R--- | C] () -- C:\Windows\System32\TiffWrapperX86.dll
[2009/11/03 15:05:27 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll
[2009/10/06 21:15:57 | 000,446,464 | ---- | C] () -- C:\Windows\System32\Tx32.dll
[2009/10/06 21:15:57 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ic32.ini
[2009/09/25 20:27:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/25 20:27:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/16 12:07:42 | 000,004,096 | ---- | C] () -- C:\Users\Guillaume\AppData\Local\keyfile3.drm
[2009/08/30 11:19:22 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/08/14 15:31:49 | 000,370,176 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2009/08/11 23:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/07 18:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/04/23 15:24:38 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/04/23 15:24:12 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/04/08 14:24:29 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2009/04/08 14:24:29 | 000,000,000 | ---- | C] () -- C:\Users\Guillaume\AppData\Roaming\Classic Thick
[2009/04/08 14:20:52 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/02/26 12:38:40 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009/01/11 00:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2008/12/27 18:32:48 | 000,138,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/12/27 18:32:48 | 000,022,328 | ---- | C] () -- C:\Users\Guillaume\AppData\Roaming\PnkBstrK.sys
[2008/12/27 18:32:32 | 000,111,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008/12/27 18:32:31 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2008/12/27 18:32:31 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008/11/18 11:48:43 | 000,001,356 | ---- | C] () -- C:\Users\Guillaume\AppData\Local\d3d9caps.dat
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/10/05 22:05:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/14 20:27:29 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/06/15 15:56:13 | 000,000,290 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2008/06/15 13:10:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2008/06/15 13:10:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2008/06/15 13:10:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2008/06/15 13:10:55 | 000,049,152 | ---- | C] () -- C:\Windows\VFind.exe
[2008/06/15 13:10:32 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/06/15 00:19:51 | 000,109,807 | ---- | C] () -- C:\ProgramData\BM61d9d252.xml
[2008/06/15 00:19:51 | 000,000,022 | -H-- | C] () -- C:\ProgramData\pskt.ini
[2008/05/25 19:13:56 | 000,169,984 | -H-- | C] () -- C:\Users\Guillaume\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/25 18:32:31 | 000,026,340 | ---- | C] () -- C:\Users\Guillaume\AppData\Roaming\UserTile.png
[2007/10/15 19:51:52 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/10/13 11:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007/07/10 16:35:43 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007/07/10 16:19:46 | 000,000,176 | R--- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007/07/10 16:19:46 | 000,000,176 | R--- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007/07/10 16:19:46 | 000,000,176 | R--- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/07/10 16:19:46 | 000,000,176 | R--- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/04/18 08:38:57 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2006/11/02 17:48:33 | 000,681,798 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2006/11/02 17:48:33 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2006/11/02 17:48:33 | 000,127,504 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2006/11/02 17:48:33 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:47:37 | 002,376,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:33:01 | 000,598,368 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,104,382 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/11/23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2002/09/18 01:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/06/25 19:14:28 | 000,006,546 | ---- | M] () -- C:\Ad-Report-CLEAN[1].txt
[2011/06/29 19:41:30 | 000,005,208 | ---- | M] () -- C:\Ad-Report-CLEAN[2].txt
[2011/06/22 23:13:43 | 000,006,780 | ---- | M] () -- C:\Ad-Report-SCAN[1].txt
[2011/06/25 17:05:39 | 000,006,805 | ---- | M] () -- C:\Ad-Report-SCAN[2].txt
[2011/06/29 17:38:47 | 000,005,106 | ---- | M] () -- C:\Ad-Report-SCAN[3].txt
[2011/06/29 19:01:29 | 000,005,171 | ---- | M] () -- C:\Ad-Report-SCAN[4].txt
[2006/09/18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 08:36:36 | 000,333,257 | R-S- | M] () -- C:\bootmgr
[2007/04/18 07:03:08 | 000,008,192 | ---- | M] () -- C:\BOOTSECT.BAK
[2008/06/15 13:31:36 | 000,004,985 | ---- | M] () -- C:\Bug.txt
[2006/09/18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/06/15 12:32:36 | 000,000,000 | ---- | M] () -- C:\gxojmpsv
[2008/10/14 19:57:48 | 000,000,000 | ---- | M] () -- C:\IO.SYS
[2007/04/19 07:42:46 | 000,002,606 | ---- | M] () -- C:\Manuel de l'utilisateur A200.lnk
[2007/04/19 07:42:58 | 000,002,586 | ---- | M] () -- C:\Manuel de l'utilisateur P200.lnk
[2008/11/08 20:22:02 | 000,000,384 | ---- | M] () -- C:\MDL 2.0 Debug.txt
[2008/10/14 19:57:48 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
[2011/06/29 19:42:59 | 2451,243,008 | -HS- | M] () -- C:\pagefile.sys
[2011/06/25 20:32:00 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
[2007/04/18 07:57:46 | 000,000,420 | ---- | M] () -- C:\RHDSetup.log
[2011/06/22 23:30:08 | 000,000,370 | ---- | M] () -- C:\rkill.log
[2007/10/16 06:42:55 | 000,000,282 | ---- | M] () -- C:\SWSTAMP.TXT
[2011/06/28 22:43:26 | 000,003,116 | ---- | M] () -- C:\TCleaner.txt
[2011/06/26 13:52:56 | 000,011,388 | ---- | M] () -- C:\ZHPExportRegistry-26-06-2011-13-52-56.txt
[2007/10/15 17:05:25 | 000,024,504 | ---- | M] () -- C:\_wdsuef.dmp

< %SYSTEMDRIVE%\*.exe >

< %PROGRAMFILES%\*.* >
[2008/10/04 13:15:43 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %PROGRAMFILES%\*. >
[2011/06/29 17:36:40 | 000,000,000 | ---D | M] -- C:\Program Files\Ad-Remover
[2011/06/26 13:38:12 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/08/30 11:07:41 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Photoshop CS5
[2010/07/26 22:21:56 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2009/09/08 09:06:29 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2011/06/19 20:04:06 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/05/03 21:06:21 | 000,000,000 | ---D | M] -- C:\Program Files\Astonsoft
[2011/05/15 18:51:01 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2008/05/24 17:27:08 | 000,000,000 | ---D | M] -- C:\Program Files\Camera Assistant Software for Toshiba
[2008/05/25 17:59:46 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/06/19 20:05:14 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/03/19 21:58:57 | 000,000,000 | ---D | M] -- C:\Program Files\D3E Electronique
[2008/08/24 13:09:17 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools
[2008/06/03 21:34:09 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2011/05/16 07:31:33 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2011/06/26 22:59:17 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2009/11/07 11:13:22 | 000,000,000 | ---D | M] -- C:\Program Files\ffdshow
[2008/05/24 17:35:31 | 000,000,000 | -HSD | M] -- C:\Program Files\Fichiers communs
[2010/05/02 20:09:48 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
[2009/11/03 15:08:26 | 000,000,000 | ---D | M] -- C:\Program Files\Free FLV Converter
[2009/11/03 15:05:27 | 000,000,000 | ---D | M] -- C:\Program Files\Free Video Converter
[2010/04/08 10:08:22 | 000,000,000 | ---D | M] -- C:\Program Files\GeoConcept SA
[2009/10/06 21:30:23 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/06/19 19:55:33 | 000,000,000 | ---D | M] -- C:\Program Files\InstallShield Installation Information
[2009/08/30 11:19:13 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/06/18 21:28:15 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/05/27 14:04:53 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2011/06/26 12:50:51 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/06/21 22:53:57 | 000,000,000 | ---D | M] -- C:\Program Files\JDownloader
[2009/04/23 17:44:16 | 000,000,000 | ---D | M] -- C:\Program Files\MAGIX
[2011/06/20 23:08:57 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/07 22:28:59 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger Plus! Live
[2009/10/06 21:13:46 | 000,000,000 | ---D | M] -- C:\Program Files\Micro Application
[2010/06/01 09:34:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/08/25 14:12:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Analysis Services
[2008/05/25 19:52:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 14:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/08/25 14:17:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/06/18 21:30:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/08/25 14:17:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/09/20 23:53:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2010/08/25 14:18:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
[2010/08/25 14:15:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2010/08/25 14:17:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/13 17:44:48 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/06/26 14:03:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/08/25 14:20:08 |

Multiples infections (Gomeo,....)

dilllidan

KeyserSoze

dilllidan

dilllidan

dilllidan

dilllidan

g225

KeyserSoze

help-manformatique

dilllidan

dilllidan

dilllidan

help-manformatique

dilllidan

help-manformatique

dilllidan

help-manformatique

dilllidan

help-manformatique

dilllidan