Se connecter / S'enregistrer
Votre question

Virus je pense

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
1 Août 2011 15:26:56

Je pense être infecté par des virus mais je ne suis pas sûr, je voudrais savoir si c'est vraiment le cas.
Merci.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:26:16, on 01/08/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Micro Application\LauncherMA.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\HiJackThis\HiJackThis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&mntrId=644972ea...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=644972ea000000000000001bb98235b0&tlver=1.4.19.19&affID=17159
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Messenger Plus Live France Toolbar - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll
O2 - BHO: VirtualCamera IEMenu Class - {0246A1A7-820A-469A-85A7-7B7F01EB808C} - C:\Program Files\VirtualCamera\VirtualCameraMenuSwap.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Messenger Plus Live France Toolbar - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: Messenger Plus Live France Toolbar - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_SA1EE.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Lanceur.lnk = C:\Program Files\Micro Application\LauncherMA.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe
O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe
O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: User Privilege Service (usprserv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 29053 bytes

Autres pages sur : virus pense

a c 940 8 Sécurité
1 Août 2011 15:36:46

Bonjour,

Recommandations pendant la désinfection :

  • n'utilise ton PC que pour un strict minimum et surtout n'installe aucun autre programme (hormis les outils indiqués)
  • suis bien les instructions dans l'ordre où elles sont indiquées et n'utilise aucun outil de désinfection de ta propre initiative
  • signale si tu as ouvert le même sujet dans un autre forum, cela peut s'avérer fort dangereux pour ton système
  • un blocage est toujours possible pendant la procédure de désinfection, sauvegarde toutes tes données personnelles auparavant ou dès que c'est possible

    ------------------------------------------------------------------------------------

    Ad_Remover - Recherche :

  • Télécharge Ad_Remover de C_XX en cliquant sur l'icône Download et enregistre-le sur ton Bureau
  • Sous Vista et Windows 7, il est recommandé de désactiver UAC (Contrôle de Comptes Utilisateurs)
    *Désactiver UAC sous Vista
    *Désactiver UAC sous Windows 7
  • Double-clique sur l'icône AD-R.exe pour lancer l'installation
    /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Sur le menu principal, clique sur Scanner et confirme l'action pour lancer la Recherche
  • A la fin du scan, un rapport Ad-Report-SCAN.txt s'ouvre. Copie-colle le contenu de ce rapport dans ta réponse sur le forum
    Le rapport se trouve sous C:\Ad-Report-SCAN.txt

    ------------------------------------------------------------------------------------

    Est attendu le rapport C:\Ad-Report-SCAN.txt

    @+
    1 Août 2011 15:46:44

    ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 12/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 15:44:41 le 01/08/2011, Mode normal

    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86)
    Kensuke@PC-DE-KENSUKE (Compaq-Presario GG690AA-ABF SR5110FR)

    ============== RECHERCHE ==============


    Fichier trouvé: C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar
    Dossier trouvé: C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ask Search Assistant
    Dossier trouvé: C:\Program Files\Ask Search Assistant
    Dossier trouvé: C:\Program Files\Ask.com
    Dossier trouvé: C:\Users\Kensuke\AppData\Local\AskToolbar
    Dossier trouvé: C:\Users\Kensuke\AppData\LocalLow\AskToolbar
    Dossier trouvé: C:\Users\Kensuke\AppData\LocalLow\Conduit
    Dossier trouvé: C:\Program Files\Conduit
    Dossier trouvé: C:\Users\Kensuke\AppData\Roaming\FissaSearch
    Dossier trouvé: C:\Users\Kensuke\AppData\LocalLow\PriceGong
    Dossier trouvé: C:\Users\Kensuke\AppData\LocalLow\vShare
    Dossier trouvé: C:\Program Files\vShare
    Dossier trouvé: C:\Users\Kensuke\AppData\Roaming\OfferBox

    Clé trouvée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Clé trouvée: HKLM\Software\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}
    Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
    Clé trouvée: HKLM\Software\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
    Clé trouvée: HKLM\Software\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
    Clé trouvée: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé trouvée: HKLM\Software\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
    Clé trouvée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Clé trouvée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Clé trouvée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Clé trouvée: HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
    Clé trouvée: HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
    Clé trouvée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Clé trouvée: HKLM\Software\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
    Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
    Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
    Clé trouvée: HKLM\Software\Classes\Toolbar.CT2567681
    Clé trouvée: HKLM\Software\Classes\vShare.IMedixProtocol
    Clé trouvée: HKLM\Software\Classes\vShare.IMedixProtocol.1
    Clé trouvée: HKLM\Software\Classes\vShare.PugiObj
    Clé trouvée: HKLM\Software\Classes\vShare.PugiObj.1
    Clé trouvée: HKLM\Software\Classes\vShare.ScriptHelpers
    Clé trouvée: HKLM\Software\Classes\vShare.ScriptHelpers.1
    Clé trouvée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
    Clé trouvée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Clé trouvée: HKLM\Software\Conduit
    Clé trouvée: HKCU\Software\Ask.com
    Clé trouvée: HKCU\Software\AskSearchAsst
    Clé trouvée: HKCU\Software\AskToolbar
    Clé trouvée: HKCU\Software\FissaSearch
    Clé trouvée: HKCU\Software\OfferBox
    Clé trouvée: HKCU\Software\vShare
    Clé trouvée: HKCU\Software\AppDataLow\AskToolbarInfo
    Clé trouvée: HKCU\Software\AppDataLow\Toolbar
    Clé trouvée: HKCU\Software\AppDataLow\Software\AskToolbar
    Clé trouvée: HKCU\Software\AppDataLow\Software\Conduit
    Clé trouvée: HKCU\Software\AppDataLow\Software\PriceGong
    Clé trouvée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
    Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
    Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}
    Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
    Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}
    Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask.com Search Assistant
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Fissa
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ask.com Search Assistant
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Fissa
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\vShare
    Clé trouvée: HKLM\Software\Classes\PROTOCOLS\Handler\vsharechrome
    Clé trouvée: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar

    Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}
    Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
    Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{043C5167-00BB-4324-AF7E-62013FAEDACF}
    Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
    Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{043C5167-00BB-4324-AF7E-62013FAEDACF}


    ============== SCAN ADDITIONNEL ==============

    **** Internet Explorer Version [9.0.8112.16421] ****

    HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKCU_Main|Start Page - hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=644972ea000000000000001bb98235b0&tlver=1.4.19.19&affID=17159
    HKLM_Main|Default_Page_URL - hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=73&bd=Presario&pf=desktop
    HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Start Page - hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=73&bd=Presario&pf=desktop
    AboutUrls|Tabs - hxxp://search.babylon.com/?babsrc=NT_ss&mntrId=644972ea000000000000001bb98235b0&tlver=1.4.19.19&affID=17159
    HKCU_URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC} - "UrlSearchHook Class" (C:\Program Files\Ask.com\GenericAskToolbar.dll)
    HKCU_URLSearchHooks|{59994074-c06d-4a75-9768-49e5a8c21264} - "Messenger Plus Live France Toolbar" (C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll)
    HKLM_URLSearchHooks|{59994074-c06d-4a75-9768-49e5a8c21264} - "Messenger Plus Live France Toolbar" (C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll)
    HKCU_SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF} - "Web Search..." (hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp)
    HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "Ask Search" (hxxp://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16050&src=crm&q={searchTer...)
    HKCU_SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2} - "Ask" (hxxp://www.plusnetwork.com/s/?q={searchTerms}&iesrc={referrer:source?})
    HKCU_SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5} - "Search the web (Babylon)" (hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=644972ea000000000...)
    HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "Messenger Plus Live France Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
    HKCU_SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9} - "Fissa" (hxxp://www.fissa.com/fr/results/?s=b&c=1006224125&suid=EiZ4NZd...{searchTe...)
    HKLM_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "Messenger Plus Live France Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
    HKCU_Toolbar\WebBrowser|{35065594-9169-4A34-B167-FC4865038E53} (C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll)
    HKCU_Toolbar\WebBrowser|{59994074-C06D-4A75-9768-49E5A8C21264} (C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll)
    HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (C:\Program Files\Ask.com\GenericAskToolbar.dll)
    HKCU_Toolbar\WebBrowser|{043C5167-00BB-4324-AF7E-62013FAEDACF} (C:\Program Files\vShare\vshare_toolbar.dll)
    HKLM_Toolbar|{35065594-9169-4A34-B167-FC4865038E53} (C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll)
    HKLM_Toolbar|{59994074-c06d-4a75-9768-49e5a8c21264} (C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll)
    HKLM_Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440} (C:\Program Files\Ask.com\GenericAskToolbar.dll)
    HKLM_Toolbar|{043C5167-00BB-4324-AF7E-62013FAEDACF} (C:\Program Files\vShare\vshare_toolbar.dll)
    HKLM_Toolbar|{98889811-442D-49dd-99D7-DC866BE87DBC} (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll)
    HKCU_ElevationPolicy\{80AEB564-68C1-4159-AD69-3FA17AED6708} - C:\Program Files\Real\RealPlayer\realplay.exe (x)
    HKCU_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (?)
    HKLM_ElevationPolicy\${ELV_GUID} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
    HKLM_ElevationPolicy\43046ff1-3496-4e8d-9ad0-770f7ec513bf - C:\Program Files\Messenger_Plus_Live_France\Messenger_Plus_Live_FranceToolbarHelper.exe (?)
    HKLM_ElevationPolicy\99cd0500-cd6e-4ad2-a1d9-8e2db2b3ce0f - C:\Program Files\Messenger_Plus_Live_France\Messenger_Plus_Live_FranceToolbarHelper.exe (?)
    HKLM_ElevationPolicy\d1f1ebbf-2ee1-43b9-9afc-44af73f118f1 - C:\Program Files\Messenger_Plus_Live_France\Messenger_Plus_Live_FranceToolbarHelper.exe (?)
    HKLM_ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\lip.exe (?)
    HKLM_ElevationPolicy\{3B9A6E32-36C9-4946-B78C-3F58E3785EC1} - C:\Program Files\Java\jre7\bin\unpack200.exe (Oracle Corporation)
    HKLM_ElevationPolicy\{4426E0F4-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (x)
    HKLM_ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} - C:\Program Files\Java\jre7\bin\jp2launcher.exe (Oracle Corporation)
    HKLM_ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} - C:\Program Files\Java\jre7\bin\javaws.exe (Oracle Corporation)
    HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
    HKLM_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (?)
    HKLM_ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} - C:\Program Files\Java\jre7\bin\ssvagent.exe (Oracle Corporation)
    HKLM_Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - "?" (?)
    HKLM_Extensions\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} - "BitComet Search" (C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll,203)
    HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
    BHO\{0246A1A7-820A-469A-85A7-7B7F01EB808C} - "VirtualCamera IEMenu Class" (C:\Program Files\VirtualCamera\VirtualCameraMenuSwap.dll)
    BHO\{043C5167-00BB-4324-AF7E-62013FAEDACF} - "vShare Toolbar" (C:\Program Files\vShare\vshare_toolbar.dll)
    BHO\{2EECD738-5844-4a99-B4B6-146BF802613B} - "CescrtHlpr Object" (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll)
    BHO\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - "BitComet Helper" (C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll)
    BHO\{59994074-c06d-4a75-9768-49e5a8c21264} - "Messenger Plus Live France Toolbar" (C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll)
    BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
    BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
    BHO\{96372AB6-15EB-4316-B497-71C741BC548C} - "Easy Gif Animator Toolbar Helper" (C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll)
    BHO\{D4027C7F-154A-4066-A1AD-4243D8127440} - "LimeWire Toolbar" (C:\Program Files\Ask.com\GenericAskToolbar.dll)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

    C:\Ad-Report-SCAN[1].txt - 01/08/2011 15:45:23 (14286 Octet(s))

    Fin à: 15:46:23, 01/08/2011

    ============== E.O.F ==============


    Mercu
    Contenus similaires
    a c 940 8 Sécurité
    1 Août 2011 16:10:37

    Bonjour,

    ------------------------------------------------------------------------------------

    Ad_Remover - Nettoyage :

  • Ferme toutes les applications, y compris ton navigateur
  • Relance Ad_Remover par un double-clique sur l'icône AD-R.exe pour lancer l'installation
    /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Sur le menu principal, clique sur Nettoyage et confirme l'action
  • A la fin du scan, un rapport Ad-Report-CLEAN.txt s'ouvre. Copie-colle le contenu de ce rapport dans ta réponse sur le forum
    Le rapport se trouve sous C:\Ad-Report-CLEAN.txt

    ---------------------------------------------------------------------------------------------

    Malwarebyte's Anti-Malware :

  • Télécharge et installe Malwarebyte's Anti-Malware (clique sur Download Free version)
  • A la fin de l'installation, veille à ce que l'option Mettre à jour Malwarebytes' Anti-Malware soit cochée
  • Clique sur Terminer
  • Lance Malwarebyte's en double-cliquant sur l'icône sur le bureau
    /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Les Mises à jour se téléchargent, puis ouvre Malwarebyte's
  • Dans l'onglet Recherche, coche Exécuter un examen complet puis clique sur Rechercher
  • Sélectionne ton disque dur, puis clique sur Lancer l'examen
  • A la fin du scan, clique sur Afficher les résultats
  • Pour supprimer les éléments détectés, clique sur Supprimer la sélection
  • Si un redémarrage est demandé, clique sur Yes
  • Le rapport mbam-log[date-heure].txt s'ouvre, copie-colle le contenu de ce rapport dans ta réponse sur le forum

    ---------------------------------------------------------------------------------------------

    OTL :

  • Télécharge OTL de Old_Timer et enregistre le sur le Bureau
  • Ferme toutes les autres fenêtres et double-clique sur OTL.exe
    /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Vérifie que les cases Tous les utilisateurs, Recherche Lop et Recherche Purity soient cochées
  • Dans le cadre Personnalisation, copie-colle l'intégralité de ce qui suit
    netsvcs
    msconfig
    drivers32
    /md5start
    explorer.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    /md5stop
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    hklm\system\CurrentControlSet\Control\Session Manager\SubSystems /s
    nslookup http://www.google.fr /c
    CREATERESTOREPOINT

  • Clique ensuite sur Analyse et patiente le temps du scan

  • A la fin de l'analyse, les rapports OTL.txt et Extras.txt s'affichent
  • Les rapports étant trop longs pour le forum, héberge-les sur ce site cijoint.fr et indique les liens fournis dans ta réponse.
    Les rapports sont sauvegardés sur le Bureau.

    ---------------------------------------------------------------------------------------------

    Sont donc attendus les rapports :
  • Ad-Report-CLEAN.txt
  • mbam-log[date-heure].txt
  • OTL.txt et Extras.txt

    @+
    1 Août 2011 16:19:06

    ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 12/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 16:13:24 le 01/08/2011, Mode normal

    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86)
    Kensuke@PC-DE-KENSUKE (Compaq-Presario GG690AA-ABF SR5110FR)

    ============== ACTION(S) ==============


    Fichier supprimé: C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar
    Dossier supprimé: C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ask Search Assistant
    Dossier supprimé: C:\Program Files\Ask Search Assistant
    Dossier supprimé: C:\Program Files\Ask.com
    Dossier supprimé: C:\Users\Kensuke\AppData\Local\AskToolbar
    Dossier supprimé: C:\Users\Kensuke\AppData\LocalLow\AskToolbar
    Dossier supprimé: C:\Users\Kensuke\AppData\LocalLow\Conduit
    Dossier supprimé: C:\Program Files\Conduit
    Dossier supprimé: C:\Users\Kensuke\AppData\Roaming\FissaSearch
    Dossier supprimé: C:\Users\Kensuke\AppData\LocalLow\PriceGong
    Dossier supprimé: C:\Users\Kensuke\AppData\LocalLow\vShare
    Dossier supprimé: C:\Program Files\vShare
    Dossier supprimé: C:\Users\Kensuke\AppData\Roaming\OfferBox

    (!) -- Fichiers temporaires supprimés.


    Clé supprimée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Clé supprimée: HKLM\Software\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
    Clé supprimée: HKLM\Software\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
    Clé supprimée: HKLM\Software\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
    Clé supprimée: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé supprimée: HKLM\Software\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
    Clé supprimée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Clé supprimée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Clé supprimée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Clé supprimée: HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
    Clé supprimée: HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
    Clé supprimée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Clé supprimée: HKLM\Software\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
    Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
    Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
    Clé supprimée: HKLM\Software\Classes\Toolbar.CT2567681
    Clé supprimée: HKLM\Software\Classes\vShare.IMedixProtocol
    Clé supprimée: HKLM\Software\Classes\vShare.IMedixProtocol.1
    Clé supprimée: HKLM\Software\Classes\vShare.PugiObj
    Clé supprimée: HKLM\Software\Classes\vShare.PugiObj.1
    Clé supprimée: HKLM\Software\Classes\vShare.ScriptHelpers
    Clé supprimée: HKLM\Software\Classes\vShare.ScriptHelpers.1
    Clé supprimée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
    Clé supprimée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Clé supprimée: HKLM\Software\Conduit
    Clé supprimée: HKCU\Software\Ask.com
    Clé supprimée: HKCU\Software\AskSearchAsst
    Clé supprimée: HKCU\Software\AskToolbar
    Clé supprimée: HKCU\Software\FissaSearch
    Clé supprimée: HKCU\Software\OfferBox
    Clé supprimée: HKCU\Software\vShare
    Clé supprimée: HKCU\Software\AppDataLow\AskToolbarInfo
    Clé supprimée: HKCU\Software\AppDataLow\Toolbar
    Clé supprimée: HKCU\Software\AppDataLow\Software\AskToolbar
    Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
    Clé supprimée: HKCU\Software\AppDataLow\Software\PriceGong
    Clé supprimée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
    Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
    Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}
    Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
    Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask.com Search Assistant
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Fissa
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ask.com Search Assistant
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Fissa
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\vShare
    Clé supprimée: HKLM\Software\Classes\PROTOCOLS\Handler\vsharechrome
    Erreur suppression clé: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar

    Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}
    Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
    Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{043C5167-00BB-4324-AF7E-62013FAEDACF}
    Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
    Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{043C5167-00BB-4324-AF7E-62013FAEDACF}


    ============== SCAN ADDITIONNEL ==============

    **** Internet Explorer Version [9.0.8112.16421] ****

    HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
    HKCU_Main|Start Page - hxxp://fr.msn.com/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
    HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Start Page - hxxp://fr.msn.com/
    HKCU_URLSearchHooks|{59994074-c06d-4a75-9768-49e5a8c21264} - "Messenger Plus Live France Toolbar" (C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll)
    HKLM_URLSearchHooks|{59994074-c06d-4a75-9768-49e5a8c21264} - "Messenger Plus Live France Toolbar" (C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll)
    HKCU_Toolbar\WebBrowser|{35065594-9169-4A34-B167-FC4865038E53} (C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll)
    HKCU_Toolbar\WebBrowser|{59994074-C06D-4A75-9768-49E5A8C21264} (C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll)
    HKLM_Toolbar|{35065594-9169-4A34-B167-FC4865038E53} (C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll)
    HKLM_Toolbar|{59994074-c06d-4a75-9768-49e5a8c21264} (C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll)
    HKLM_Toolbar|{98889811-442D-49dd-99D7-DC866BE87DBC} (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll)
    HKCU_ElevationPolicy\{80AEB564-68C1-4159-AD69-3FA17AED6708} - C:\Program Files\Real\RealPlayer\realplay.exe (x)
    HKLM_ElevationPolicy\${ELV_GUID} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
    HKLM_ElevationPolicy\43046ff1-3496-4e8d-9ad0-770f7ec513bf - C:\Program Files\Messenger_Plus_Live_France\Messenger_Plus_Live_FranceToolbarHelper.exe (?)
    HKLM_ElevationPolicy\99cd0500-cd6e-4ad2-a1d9-8e2db2b3ce0f - C:\Program Files\Messenger_Plus_Live_France\Messenger_Plus_Live_FranceToolbarHelper.exe (?)
    HKLM_ElevationPolicy\d1f1ebbf-2ee1-43b9-9afc-44af73f118f1 - C:\Program Files\Messenger_Plus_Live_France\Messenger_Plus_Live_FranceToolbarHelper.exe (?)
    HKLM_ElevationPolicy\{3B9A6E32-36C9-4946-B78C-3F58E3785EC1} - C:\Program Files\Java\jre7\bin\unpack200.exe (Oracle Corporation)
    HKLM_ElevationPolicy\{4426E0F4-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (x)
    HKLM_ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} - C:\Program Files\Java\jre7\bin\jp2launcher.exe (Oracle Corporation)
    HKLM_ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} - C:\Program Files\Java\jre7\bin\javaws.exe (Oracle Corporation)
    HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
    HKLM_ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} - C:\Program Files\Java\jre7\bin\ssvagent.exe (Oracle Corporation)
    HKLM_Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - "?" (?)
    HKLM_Extensions\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} - "BitComet Search" (C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll,203)
    HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
    BHO\{0246A1A7-820A-469A-85A7-7B7F01EB808C} - "VirtualCamera IEMenu Class" (C:\Program Files\VirtualCamera\VirtualCameraMenuSwap.dll)
    BHO\{2EECD738-5844-4a99-B4B6-146BF802613B} - "CescrtHlpr Object" (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll)
    BHO\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - "BitComet Helper" (C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll)
    BHO\{59994074-c06d-4a75-9768-49e5a8c21264} - "Messenger Plus Live France Toolbar" (C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll)
    BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
    BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
    BHO\{96372AB6-15EB-4316-B497-71C741BC548C} - "Easy Gif Animator Toolbar Helper" (C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 108 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 01/08/2011 16:13:45 (12203 Octet(s))
    C:\Ad-Report-SCAN[1].txt - 01/08/2011 15:45:23 (14425 Octet(s))

    Fin à: 16:14:37, 01/08/2011

    ============== E.O.F ==============
    1 Août 2011 17:11:34

    OTL logfile created on: 01/08/2011 16:25:21 - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Kensuke\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    2,50 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 53,55% Memory free
    5,21 Gb Paging File | 3,77 Gb Available in Paging File | 72,25% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 234,49 Gb Total Space | 20,82 Gb Free Space | 8,88% Space Free | Partition Type: NTFS
    Drive D: | 7,91 Gb Total Space | 1,01 Gb Free Space | 12,81% Space Free | Partition Type: NTFS
    Drive F: | 2,29 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
    Drive K: | 55,70 Gb Total Space | 24,44 Gb Free Space | 43,89% Space Free | Partition Type: NTFS

    Computer Name: PC-DE-KENSUKE | User Name: Kensuke | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/08/01 16:23:29 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Kensuke\Downloads\OTL.exe
    PRC - [2011/07/09 06:51:19 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    PRC - [2011/07/06 19:52:38 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    PRC - [2011/06/29 15:59:30 | 000,432,848 | ---- | M] (Sony Ericsson) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
    PRC - [2010/12/13 14:52:46 | 000,074,960 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
    PRC - [2010/10/16 13:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    PRC - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    PRC - [2010/01/15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    PRC - [2009/11/25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    PRC - [2009/11/25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
    PRC - [2009/11/25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    PRC - [2009/11/25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    PRC - [2009/11/25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/02/10 17:54:02 | 000,485,376 | ---- | M] (Micro Application) -- C:\Program Files\Micro Application\LauncherMA.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2009/01/21 18:34:22 | 000,016,712 | R--- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    PRC - [2009/01/21 18:34:16 | 000,532,808 | R--- | M] (Corel, Inc.) -- C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    PRC - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/07/07 17:46:45 | 000,416,768 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\CursorFX\CursorFX.exe
    PRC - [2008/01/19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2007/02/15 12:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    PRC - [2007/01/11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    PRC - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
    PRC - [2006/09/28 15:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/08/01 16:23:29 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Kensuke\Downloads\OTL.exe
    MOD - [2010/08/31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
    SRV - [2011/06/29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
    SRV - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/09/12 16:30:52 | 000,251,248 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
    SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2009/11/25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
    SRV - [2009/11/25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
    SRV - [2009/11/25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
    SRV - [2009/11/25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
    SRV - [2009/08/21 15:38:40 | 000,316,816 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\Windows\System32\appdrvrem01.exe -- (appdrvrem01) Application Driver Auto Removal Service (01)
    SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/07/07 13:48:48 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
    SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2007/01/11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
    SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMDrvService)
    DRV - [2010/10/22 08:23:05 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2010/08/30 13:19:54 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
    DRV - [2010/08/11 12:04:01 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
    DRV - [2010/08/11 12:02:40 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
    DRV - [2010/08/11 12:02:40 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
    DRV - [2010/05/20 15:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV - [2009/11/25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2009/11/25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2009/11/25 01:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2009/11/25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2009/11/25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2009/08/21 15:38:41 | 003,033,712 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\System32\drivers\appdrv01.sys -- (appdrv01) Application Driver (01)
    DRV - [2009/07/30 18:12:56 | 000,282,144 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
    DRV - [2009/07/30 18:12:56 | 000,282,144 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2009/04/11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
    DRV - [2008/11/12 17:02:18 | 000,146,464 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
    DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2008/08/07 13:59:47 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
    DRV - [2007/12/04 17:10:30 | 000,016,640 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
    DRV - [2007/11/05 16:59:46 | 000,055,296 | ---- | M] (VerySoft) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\verysplit.sys -- (VERYSPLIT)
    DRV - [2007/10/13 14:35:54 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2007/05/02 11:12:36 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdm.sys -- (ssm_mdm)
    DRV - [2007/05/02 11:12:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
    DRV - [2007/05/02 11:12:34 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
    DRV - [2007/05/02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
    DRV - [2007/05/02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
    DRV - [2007/05/02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
    DRV - [2007/02/21 14:53:22 | 000,192,512 | ---- | M] (MorningSound Co., Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\VirtualCam.sys -- (VirtualCam)
    DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2006/07/20 16:17:02 | 000,038,656 | ---- | M] (VerySoft LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\verysplitpro.sys -- (VERYSPLITPRO)
    DRV - [2006/07/17 18:03:00 | 000,015,616 | ---- | M] (VerySoft LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsaudio.sys -- (VSAudio) VerySoft Virtual Audio Device (WDM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKLM\..\URLSearchHook: {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll (Conduit Ltd.)


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-2568919069-2304821469-2086324654-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKU\S-1-5-21-2568919069-2304821469-2086324654-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-2568919069-2304821469-2086324654-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
    IE - HKU\S-1-5-21-2568919069-2304821469-2086324654-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 6D 6E E7 F4 A7 CA 01 [binary data]
    IE - HKU\S-1-5-21-2568919069-2304821469-2086324654-1000\..\URLSearchHook: {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-2568919069-2304821469-2086324654-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2568919069-2304821469-2086324654-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
    FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Kensuke\Program Files\DNA\plugins\npbtdna.dll File not found
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Kensuke\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )

    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Kensuke\Program Files\DNA

    [2009/05/12 18:27:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kensuke\AppData\Roaming\mozilla\Extensions
    [2009/05/12 18:27:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kensuke\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
    [2011/04/21 13:43:34 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

    O1 HOSTS File: ([2008/04/29 18:36:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (VirtualCamera IEMenu Class) - {0246A1A7-820A-469A-85A7-7B7F01EB808C} - C:\Program Files\VirtualCamera\VirtualCameraMenuSwap.dll (MorningSound Soft)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
    O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll (BitComet)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Messenger Plus Live France Toolbar) - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll (Conduit Ltd.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Easy Gif Animator Toolbar Helper) - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll ()
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll ()
    O3 - HKLM\..\Toolbar: (Messenger Plus Live France Toolbar) - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-2568919069-2304821469-2086324654-1000\..\Toolbar\WebBrowser: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll ()
    O3 - HKU\S-1-5-21-2568919069-2304821469-2086324654-1000\..\Toolbar\WebBrowser: (Messenger Plus Live France Toolbar) - {59994074-C06D-4A75-9768-49E5A8C21264} - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
    O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
    O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
    O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2568919069-2304821469-2086324654-1000..\Run: [CursorFX] C:\Program Files\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
    O4 - HKU\S-1-5-21-2568919069-2304821469-2086324654-1000..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
    O4 - HKU\S-1-5-21-2568919069-2304821469-2086324654-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
    O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - Startup: C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lanceur.lnk = C:\Program Files\Micro Application\LauncherMA.exe (Micro Application)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
    O7 - HKU\S-1-5-21-2568919069-2304821469-2086324654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
    O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
    O9 - Extra Button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll (BitComet)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_... ("Ma-Config.com control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows... (Java Plug-in 1.7.0)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-wind... (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-wind... (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows... (Java Plug-in 1.7.0)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-wind... (Java Plug-in 1.7.0)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKU\S-1-5-21-2568919069-2304821469-2086324654-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/06/02 00:48:06 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2010/09/16 16:07:12 | 000,000,087 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{24587c0c-a80b-11dd-bae7-001bb98235b0}\Shell\AutoRun\command - "" = K:\start.exe
    O33 - MountPoints2\{24587c0c-a80b-11dd-bae7-001bb98235b0}\Shell\iledefrance\command - "" = K:\start.exe
    O33 - MountPoints2\{2f383528-f220-11df-b1c5-001bb98235b0}\Shell - "" = AutoRun
    O33 - MountPoints2\{2f383528-f220-11df-b1c5-001bb98235b0}\Shell\AutoRun\command - "" = G:\Startme.exe
    O33 - MountPoints2\{39acb0b9-b623-11dd-ab4c-001bb98235b0}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\Recycled\ctfmon.exe
    O33 - MountPoints2\{39acb0b9-b623-11dd-ab4c-001bb98235b0}\Shell\Open(0)\command - "" = K:\Recycled\ctfmon.exe
    O33 - MountPoints2\{3c5b6c69-a527-11df-bb4d-001bb98235b0}\Shell\AutoRun\command - "" = H:\Install.exe
    O33 - MountPoints2\{3c5b6c69-a527-11df-bb4d-001bb98235b0}\Shell\menu1\command - "" = H:\Install.exe
    O33 - MountPoints2\{3c5b6c6c-a527-11df-bb4d-001bb98235b0}\Shell - "" = AutoRun
    O33 - MountPoints2\{3c5b6c6c-a527-11df-bb4d-001bb98235b0}\Shell\AutoRun\command - "" = N:\Startme.exe
    O33 - MountPoints2\{4674ed19-a851-11dd-84c2-001bb98235b0}\Shell - "" = AutoRun
    O33 - MountPoints2\{4674ed19-a851-11dd-84c2-001bb98235b0}\Shell\AutoRun\command - "" = L:\LaunchU3.exe
    O33 - MountPoints2\{47507e1e-5e69-11de-a094-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{47507e1e-5e69-11de-a094-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Start.exe -- [2010/09/15 17:04:54 | 000,259,328 | R--- | M] (Avanquest Software)
    O33 - MountPoints2\{68974fa9-716e-11df-8ea4-001bb98235b0}\Shell\Auto\command - "" = C:\Windows\System32\cmd.exe -- [2008/01/19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation)
    O33 - MountPoints2\{68974fa9-716e-11df-8ea4-001bb98235b0}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
    O33 - MountPoints2\{759107f5-9875-11de-9f8f-001bb98235b0}\Shell - "" = AutoRun
    O33 - MountPoints2\{759107f5-9875-11de-9f8f-001bb98235b0}\Shell\AutoRun\command - "" = M:\USBAutoRun.exe
    O33 - MountPoints2\{d36b6f49-27db-11dd-b59c-001bb98235b0}\Shell\Auto\command - "" = C:\Windows\System32\cmd.exe -- [2008/01/19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation)
    O33 - MountPoints2\{d36b6f49-27db-11dd-b59c-001bb98235b0}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
    O33 - MountPoints2\{ebe3f1c8-7989-11dc-b8d8-001bb98235b0}\Shell - "" = AutoRun
    O33 - MountPoints2\{ebe3f1c8-7989-11dc-b8d8-001bb98235b0}\Shell\AutoRun\command - "" = F:\Launcher.exe
    O33 - MountPoints2\{eec23cb0-24b6-11dd-9519-001bb98235b0}\Shell\AutoRun\command - "" = M:\EXPLORER.EXE
    O33 - MountPoints2\{eec23cb0-24b6-11dd-9519-001bb98235b0}\Shell\explore\Command - "" = M:\EXPLORER.EXE
    O33 - MountPoints2\{eec23cb0-24b6-11dd-9519-001bb98235b0}\Shell\open\Command - "" = M:\EXPLORER.EXE
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: MSVideo7 - ˜S# File not found
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.ffds - C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll ()
    Drivers32: vidc.sccd - ˜S# File not found
    Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: VIDC.WMV3 - C:\Windows\System32\wmv9vcm.dll (Microsoft Corporation)
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/08/01 16:21:18 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/08/01 15:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
    [2011/08/01 15:23:39 | 000,000,000 | ---D | C] -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2011/07/21 18:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
    [2011/07/21 18:34:38 | 000,000,000 | ---D | C] -- C:\rsit
    [2011/07/13 10:23:59 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2011/07/13 10:23:55 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
    [2011/07/13 10:23:55 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
    [2008/04/28 14:45:25 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\scanner.exe
    [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [2 C:\Users\Kensuke\Desktop\*.tmp files -> C:\Users\Kensuke\Desktop\*.tmp -> ]
    [2 C:\Users\Kensuke\Desktop\*.tmp files -> C:\Users\Kensuke\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/08/01 16:16:20 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/08/01 16:16:17 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/08/01 16:16:17 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/08/01 16:16:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/08/01 15:50:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/08/01 15:43:42 | 000,002,305 | ---- | M] () -- C:\Users\Kensuke\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2011/07/28 10:37:40 | 000,021,848 | ---- | M] () -- C:\Users\Kensuke\Desktop\nouilles-japonaises-udon.jpg
    [2011/07/24 15:41:04 | 000,232,960 | ---- | M] () -- C:\Users\Kensuke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/07/21 13:25:32 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2011/07/20 02:57:20 | 000,001,256 | ---- | M] () -- C:\Users\Kensuke\Desktop\PhotoFiltre.ini
    [2011/07/19 17:09:15 | 000,002,516 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
    [2011/07/19 17:09:12 | 000,000,088 | RHS- | M] () -- C:\ProgramData\07326453EC.sys
    [2011/07/17 16:19:18 | 000,006,270 | ---- | M] () -- C:\Users\Kensuke\AppData\Roaming\wklnhst.dat
    [2011/07/15 11:42:00 | 000,057,344 | ---- | M] () -- C:\Users\Kensuke\AppData\Roaming\CDRusersDB.v12
    [2011/07/14 12:03:14 | 003,675,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/07/10 22:50:05 | 001,533,908 | ---- | M] () -- C:\Users\Kensuke\Desktop\img164.jpg
    [2011/07/10 22:42:52 | 000,888,942 | ---- | M] () -- C:\Users\Kensuke\Desktop\img167.jpg
    [2011/07/10 22:29:02 | 000,837,616 | ---- | M] () -- C:\Users\Kensuke\Desktop\img166.jpg
    [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [2 C:\Users\Kensuke\Desktop\*.tmp files -> C:\Users\Kensuke\Desktop\*.tmp -> ]
    [2 C:\Users\Kensuke\Desktop\*.tmp files -> C:\Users\Kensuke\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/07/30 17:25:10 | 000,021,848 | ---- | C] () -- C:\Users\Kensuke\Desktop\nouilles-japonaises-udon.jpg
    [2011/07/10 22:45:08 | 001,533,908 | ---- | C] () -- C:\Users\Kensuke\Desktop\img164.jpg
    [2011/07/10 22:45:08 | 000,888,942 | ---- | C] () -- C:\Users\Kensuke\Desktop\img167.jpg
    [2011/07/10 22:45:08 | 000,837,616 | ---- | C] () -- C:\Users\Kensuke\Desktop\img166.jpg
    [2011/07/06 10:36:59 | 000,001,736 | ---- | C] () -- C:\Users\Kensuke\Desktop\bookmark.htm
    [2011/03/25 02:00:04 | 000,000,059 | ---- | C] () -- C:\Windows\wininit.ini
    [2011/03/11 17:58:21 | 001,890,304 | ---- | C] () -- C:\Users\Kensuke\AppData\Roaming\questdb.v12
    [2011/02/14 01:46:59 | 000,000,101 | ---- | C] () -- C:\Users\Kensuke\AppData\Roaming\Movies2iPhone.ini
    [2010/10/24 15:23:52 | 000,034,296 | ---- | C] () -- C:\Windows\System32\drivers\mbamcatchme.sys
    [2010/10/23 22:13:44 | 000,000,006 | ---- | C] () -- C:\Users\Kensuke\AppData\Roaming\start
    [2010/10/23 21:53:35 | 000,000,006 | ---- | C] () -- C:\Users\Kensuke\AppData\Roaming\completescan
    [2010/10/23 21:41:19 | 000,000,010 | ---- | C] () -- C:\Users\Kensuke\AppData\Roaming\install
    [2010/10/23 21:38:29 | 000,000,182 | ---- | C] () -- C:\Users\Kensuke\AppData\Roaming\27625.bat
    [2010/10/23 21:37:32 | 000,000,016 | ---- | C] () -- C:\Users\Kensuke\AppData\Roaming\dxqkew.dat
    [2010/10/05 21:52:16 | 000,095,439 | ---- | C] () -- C:\Users\Kensuke\AppData\Roaming\mdbu.bin
    [2010/06/22 15:10:50 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
    [2010/06/22 15:10:50 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
    [2009/11/11 23:52:14 | 000,006,136 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2009/10/27 11:53:55 | 000,021,399 | ---- | C] () -- C:\Users\Kensuke\AppData\Roaming\UserTile.png
    [2009/10/20 22:35:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/10/20 22:35:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/09/15 17:36:39 | 000,035,085 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/09/15 17:34:19 | 000,035,085 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2009/05/31 18:53:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2008/11/06 22:36:22 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2008/11/06 22:36:22 | 000,000,088 | RHS- | C] () -- C:\ProgramData\07326453EC.sys
    [2008/07/24 13:48:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/04/30 17:56:09 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2008/04/29 13:49:35 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2008/03/02 23:51:58 | 000,074,701 | ---- | C] () -- C:\Windows\System32\Uninstal.exe
    [2007/11/25 00:36:58 | 000,480,848 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
    [2007/11/25 00:32:23 | 000,000,168 | RHS- | C] () -- C:\Windows\System32\07326453EC.sys
    [2007/11/25 00:32:22 | 000,002,516 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
    [2007/11/22 19:18:52 | 000,006,270 | ---- | C] () -- C:\Users\Kensuke\AppData\Roaming\wklnhst.dat
    [2007/10/30 20:57:03 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2007/10/12 16:49:32 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
    [2007/10/12 16:49:32 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
    [2007/10/12 16:49:32 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
    [2007/10/12 16:49:32 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
    [2007/10/12 16:49:32 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
    [2007/10/12 16:49:32 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
    [2007/10/12 16:49:32 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
    [2007/10/12 16:49:32 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
    [2007/10/12 16:49:32 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
    [2007/10/12 16:49:32 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
    [2007/10/12 16:49:32 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
    [2007/10/12 16:49:32 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
    [2007/10/12 16:49:32 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
    [2007/10/12 16:49:32 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
    [2007/10/12 16:49:32 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
    [2007/10/12 16:49:32 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
    [2007/10/12 16:49:32 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
    [2007/10/12 16:49:32 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
    [2007/10/12 16:49:32 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2007/10/12 16:40:03 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
    [2007/10/10 16:20:43 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini
    [2007/09/20 18:49:20 | 000,000,033 | ---- | C] () -- C:\Windows\Multimedia manager.INI
    [2007/09/20 18:44:16 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
    [2007/09/20 18:42:29 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
    [2007/09/20 09:00:08 | 000,000,026 | ---- | C] () -- C:\Windows\System32\satsukidecodersettings.ini
    [2007/09/20 07:45:25 | 000,232,960 | ---- | C] () -- C:\Users\Kensuke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/09/20 07:18:26 | 000,002,032 | ---- | C] () -- C:\Users\Kensuke\AppData\Local\d3d9caps.dat
    [2007/09/19 00:02:03 | 000,000,045 | -H-- | C] () -- C:\Windows\dcom5682.dat
    [2007/06/02 09:58:36 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
    [2007/06/02 09:58:36 | 000,117,366 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
    [2007/06/02 09:58:36 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
    [2007/06/02 09:58:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
    [2007/06/02 00:36:43 | 000,111,416 | ---- | C] () -- C:\Windows\hpqins13.dat
    [2007/06/02 00:19:03 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
    [2007/06/02 00:16:17 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
    [2007/06/02 00:16:17 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
    [2007/04/21 16:42:38 | 000,057,344 | ---- | C] () -- C:\Users\Kensuke\AppData\Roaming\CDRusersDB.v12
    [2006/11/02 21:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
    [2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 14:47:37 | 003,675,960 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 12:33:01 | 000,336,466 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 12:33:01 | 000,040,636 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

    ========== LOP Check ==========

    [2008/04/21 21:02:44 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Aegisub
    [2010/06/13 12:31:19 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Audacity
    [2010/10/24 20:12:04 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\C85650F7BB8413059B7883BE7F0A7491
    [2008/07/31 19:51:07 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\DNA
    [2010/09/16 09:39:14 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Emtrace
    [2007/11/26 20:46:39 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\EPSON
    [2010/02/09 20:22:16 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Facebook
    [2011/08/01 15:17:29 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\FileZilla
    [2007/12/22 20:14:11 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\FlashGet
    [2009/04/24 09:20:21 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\HotSync
    [2010/10/25 12:17:43 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Leadertech
    [2009/09/12 23:33:50 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\LG Electronics
    [2008/11/08 01:32:03 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Micro Application
    [2008/11/07 15:50:21 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Mostick
    [2009/02/26 15:45:50 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\NCH Swift Sound
    [2010/08/14 15:25:01 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Pro Cycling Manager 2009
    [2007/09/20 18:45:18 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Samsung
    [2010/08/27 09:20:23 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Sony
    [2010/08/27 09:16:20 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Sony Setup
    [2010/06/07 14:34:20 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2010/06/24 22:05:19 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Template
    [2009/03/21 11:56:03 | 000,000,388 | ---- | M] () -- C:\Windows\Tasks\NSSstub.job
    [2011/08/01 16:15:04 | 000,032,502 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/12/16 11:31:44 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5DA374D4-9520-4C2E-850F-031205B684A1}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========



    < MD5 for: EXPLORER.EXE >
    [2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
    [2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
    [2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
    [2007/11/15 09:22:37 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
    [2007/11/15 09:22:37 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
    [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
    [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
    [2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
    [2006/11/02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
    [2008/01/19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\10caef54f115a84895c68fbc95676a0c\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
    [2008/01/19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

    < MD5 for: SVCHOST.EXE >
    [2006/11/02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
    [2008/01/19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SoftwareDistribution\Download\10caef54f115a84895c68fbc95676a0c\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
    [2008/01/19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
    [2008/01/19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2008/01/19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\10caef54f115a84895c68fbc95676a0c\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
    [2008/01/19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
    [2008/01/19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
    [2006/11/02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

    < MD5 for: WININIT.EXE >
    [2008/01/19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SoftwareDistribution\Download\10caef54f115a84895c68fbc95676a0c\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
    [2008/01/19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
    [2008/01/19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
    [2006/11/02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

    < MD5 for: WINLOGON.EXE >
    [2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
    [2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
    [2006/11/02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
    [2008/01/19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\10caef54f115a84895c68fbc95676a0c\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
    [2008/01/19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

    < %SYSTEMDRIVE%\*.exe >
    [2002/08/08 23:40:48 | 000,153,088 | ---- | M] () -- C:\UNWISE.EXE

    < %ALLUSERSPROFILE%\Application Data\*. >

    < %ALLUSERSPROFILE%\Application Data\*.exe /s >

    < %APPDATA%\*. >
    [2010/06/24 19:54:58 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Adobe
    [2010/06/07 14:34:20 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Adobe Mini Bridge CS5
    [2008/04/21 21:02:44 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Aegisub
    [2011/01/26 19:03:52 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Apple Computer
    [2009/04/24 09:20:40 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Arcsoft
    [2010/06/13 12:31:19 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Audacity
    [2010/10/24 20:12:04 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\C85650F7BB8413059B7883BE7F0A7491
    [2008/11/06 22:41:34 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Corel
    [2010/07/03 14:50:31 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\DivX
    [2008/07/31 19:51:07 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\DNA
    [2011/05/20 16:50:32 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\dvdcss
    [2010/09/16 09:39:14 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Emtrace
    [2007/11/26 20:46:39 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\EPSON
    [2010/02/09 20:22:16 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Facebook
    [2011/08/01 15:17:29 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\FileZilla
    [2007/12/22 20:14:11 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\FlashGet
    [2007/09/18 22:53:58 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Google
    [2008/08/10 19:13:13 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Hamachi
    [2007/09/18 22:01:29 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Hewlett-Packard
    [2009/04/24 09:20:21 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\HotSync
    [2007/09/18 22:06:11 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Identities
    [2007/10/12 16:49:29 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\InstallShield
    [2007/09/19 00:17:45 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Lavasoft
    [2010/10/25 12:17:43 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Leadertech
    [2009/09/12 23:33:50 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\LG Electronics
    [2011/03/11 17:58:20 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Macromedia
    [2010/10/24 15:23:55 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Malwarebytes
    [2006/11/02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Media Center Programs
    [2011/07/21 18:59:21 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Media Player Classic
    [2008/11/08 01:32:03 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Micro Application
    [2011/03/20 22:53:05 | 000,000,000 | --SD | M] -- C:\Users\Kensuke\AppData\Roaming\Microsoft
    [2007/10/30 20:53:33 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Microsoft Web Folders
    [2011/07/16 10:40:23 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\mIRC
    [2008/11/07 15:50:21 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Mostick
    [2008/11/07 15:50:28 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Mozilla
    [2009/02/26 15:45:50 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\NCH Swift Sound
    [2008/01/01 15:57:26 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Nero
    [2011/07/25 00:40:10 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\OpenOffice.org2
    [2010/08/14 15:25:01 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Pro Cycling Manager 2009
    [2008/11/22 14:04:20 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Real
    [2007/10/04 22:21:37 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Roxio
    [2007/09/20 18:45:18 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Samsung
    [2011/08/01 15:17:29 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Skype
    [2009/05/31 18:53:20 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\skypePM
    [2010/08/27 09:20:23 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Sony
    [2010/08/27 09:16:20 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Sony Setup
    [2007/12/19 00:18:47 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\SopCast
    [2010/06/07 14:34:20 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2008/04/23 14:00:49 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\teamspeak2
    [2010/06/24 22:05:19 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Template
    [2007/12/30 19:32:07 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\TVU Networks
    [2011/06/05 19:13:55 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\vlc
    [2011/08/01 15:17:29 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Winamp
    [2007/09/23 09:46:43 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\WinRAR
    [2011/02/01 17:53:43 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\Yahoo!

    < %APPDATA%\*.exe /s >
    [2010/02/09 20:22:16 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Kensuke\AppData\Roaming\Facebook\uninstall.exe
    [2010/04/06 11:36:31 | 001,956,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Kensuke\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
    [2011/05/18 19:16:54 | 000,010,134 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
    [2011/08/01 15:23:40 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    [2011/06/14 21:36:07 | 000,010,134 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Installer\{C06EFB22-B5DB-46C5-9215-BCB5C19C0858}\ARPPRODUCTICON.exe
    [2011/06/14 21:36:07 | 000,053,248 | R--- | M] (Macrovision Corporation) -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Installer\{C06EFB22-B5DB-46C5-9215-BCB5C19C0858}\NewShortcut1_C06EFB22B5DB46C59215BCB5C19C0858.exe
    [2009/06/21 17:07:53 | 000,010,134 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
    [2011/03/20 22:53:05 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    [2008/12/02 08:40:14 | 000,028,672 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\K\UninstallMSI.exe
    [2008/12/01 13:29:00 | 000,014,336 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\K\UninstallMSI32.exe
    [2008/12/01 13:29:00 | 000,016,896 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\K\UninstallMSI64.exe
    [2009/02/09 09:15:00 | 001,138,688 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\K\USBAutoRun.exe
    [2008/12/02 08:40:14 | 000,028,672 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\L\UninstallMSI.exe
    [2008/12/01 13:29:00 | 000,014,336 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\L\UninstallMSI32.exe
    [2008/12/01 13:29:00 | 000,016,896 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\L\UninstallMSI64.exe
    [2009/02/09 09:15:00 | 001,138,688 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\L\USBAutoRun.exe
    [2008/12/02 08:40:14 | 000,028,672 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\M\UninstallMSI.exe
    [2008/12/01 13:29:00 | 000,014,336 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\M\UninstallMSI32.exe
    [2008/12/01 13:29:00 | 000,016,896 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\M\UninstallMSI64.exe
    [2009/02/09 09:15:00 | 001,138,688 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\M\USBAutoRun.exe

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >
    [2007/10/13 14:35:54 | 000,685,816 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

    < hklm\system\CurrentControlSet\Control\Session Manager\SubSystem
    a c 940 8 Sécurité
    1 Août 2011 19:09:23

    Re,

    Merci pour les rapports, mais tu as oublié le rapport Malwarebytes.
    Le scan est peut-être en train de se faire ?

    ---------------------------------------------------------------------------------------------

    Il ne reste que moins de 9% d'espace libre sur ta partition C:
    Vista nécessite au moins 15% d'espace libre pour bien fonctionner.
    je t'invite donc à faire un peu de ménage, désinstaller les applications que tu n'utilises plus, transférer des données personnelles sur un autre support ....

    ---------------------------------------------------------------------------------------------

    Mets à jour ta version Avast :

    La dernière version est la 6. Télécharge et installe cette dernière version :
    avast!


    ---------------------------------------------------------------------------------------------

    Spybot est obsolète de nos jours.
    Il serait préférable que tu le désinstalles et que tu le remplaces par des scans réguliers avec Malwarebytes.
    Si tu en es d'accord, fais ce qui suit :

    Désactive TeaTimer de Spybot Search & Destroy :

  • Lance Spybot et clique sur Mode, puis coche Mode Avancé
  • Clique sur Outils, puis sur Résident
  • Décoche la case Résident "TeaTimer" et referme Spybot

    Ensuite tu désinstalles SpyBot via Programmes et fonctionnalités.

    ---------------------------------------------------------------------------------------------

    Installe la dernière version Java :

    Télécharge et installe cette dernière version Java

    ---------------------------------------------------------------------------------------------

    Nous allons vérifier aussi tes supports amovibles :

    USBFix - Recherche :

  • Télécharge UsbFix de El Desaparecido & C_XX en cliquant sur Download et enregistre-le sur ton Bureau
  • /!\ Important -> Branche tous les périphériques externes (clés, disques durs ....)
  • Double-clique sur UsbFix sur ton Bureau
    /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Clique sur l'option Recherche et laisse l'outil analyser ton système
  • La recherche se lance
  • Copie-colle le contenu du rapport UsbFix.txt qui s'affiche dans ta prochaine réponse.
  • Le rapport se trouve sous C:\UsbFix.txt

    Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide

    ---------------------------------------------------------------------------------------------

    Correctif OTL :

  • /!\ Important -> Branche tous les périphériques externes (clés, disques durs ....)
  • Ferme toutes les autres fenêtres et double-clique sur OTL.exe
    /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Copie l'intégralité de ce code ci-dessous

    :OTL
    SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
    [2011/04/21 13:43:34 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
    O2 - BHO: (Messenger Plus Live France Toolbar) - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll (Conduit Ltd.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Messenger Plus Live France Toolbar) - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
    O3 - HKU\S-1-5-21-2568919069-2304821469-2086324654-1000\..\Toolbar\WebBrowser: (Messenger Plus Live France Toolbar) - {59994074-C06D-4A75-9768-49E5A8C21264} - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll (Conduit Ltd.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.7.0)
    [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [2 C:\Users\Kensuke\Desktop\*.tmp files -> C:\Users\Kensuke\Desktop\*.tmp -> ]
    [2 C:\Users\Kensuke\Desktop\*.tmp files -> C:\Users\Kensuke\Desktop\*.tmp -> ]
    [2011/05/18 19:16:54 | 000,010,134 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
    [2011/06/14 21:36:07 | 000,010,134 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Installer\{C06EFB22-B5DB-46C5-9215-BCB5C19C0858}\ARPPRODUCTICON.exe
    [2009/06/21 17:07:53 | 000,010,134 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
    [2008/04/23 14:00:49 | 000,000,000 | ---D | M] -- C:\Users\Kensuke\AppData\Roaming\teamspeak2
    [2008/12/02 08:40:14 | 000,028,672 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\K\UninstallMSI.exe
    [2008/12/01 13:29:00 | 000,014,336 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\K\UninstallMSI32.exe
    [2008/12/01 13:29:00 | 000,016,896 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\K\UninstallMSI64.exe
    [2009/02/09 09:15:00 | 001,138,688 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\K\USBAutoRun.exe
    [2008/12/02 08:40:14 | 000,028,672 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\L\UninstallMSI.exe
    [2008/12/01 13:29:00 | 000,014,336 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\L\UninstallMSI32.exe
    [2008/12/01 13:29:00 | 000,016,896 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\L\UninstallMSI64.exe
    [2009/02/09 09:15:00 | 001,138,688 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\L\USBAutoRun.exe
    [2008/12/02 08:40:14 | 000,028,672 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\M\UninstallMSI.exe
    [2008/12/01 13:29:00 | 000,014,336 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\M\UninstallMSI32.exe
    [2008/12/01 13:29:00 | 000,016,896 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\M\UninstallMSI64.exe
    [2009/02/09 09:15:00 | 001,138,688 | R--- | M] () -- C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\M\USBAutoRun.exe
    @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:88050731

    :files
    C:\Program Files\uusee\UUSeePlayer.exe

    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\uusee\UUSeePlayer.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\Curr entControlSet\Services\SharedA ccess\Parameters\FirewallPolic y\FirewallRules]
    "TCP Query User{6DF93892-F1C4-4136-8273-B3BA453CCBBC}C:\program files\uusee\uuseeplayer.exe"=-
    "UDP Query User{5E7FA3F3-B3EC-4462-A0E8-417F3753DAD2}C:\program files\uusee\uuseeplayer.exe"=-
    [HKEY_USERS\S-1-5-21-2568919069-2304821469-2086324654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Antimalware Doctor"=-

    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]

  • Colle l'intégralité du code dans le cadre Personnalisation
  • Clique ensuite sur le bouton Correction

  • L'outil lance la suppression, ne pas l'interrompre
  • Si l'outil te demande de redémarrer le PC, tu acceptes
  • Poste le contenu du rapport situé dans C:\_OTL\MovedFiles\********_******.log
    les *** sont des chiffres représentant la date [MoisJourAnnée] et l'heure

    ---------------------------------------------------------------------------------------------

    Sont attendus les rapports :
  • C:\UsbFix.txt
  • C:\_OTL\MovedFiles\********_******.log

    @+
    1 Août 2011 19:24:44

    Chantal 11
    voila


    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Version de la base de données: 7345

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    01/08/2011 19:24:03
    mbam-log-2011-08-01 (19-24-03).txt

    Type d'examen: Examen complet (C:\|D:\|K:\|)
    Elément(s) analysé(s): 477002
    Temps écoulé: 2 heure(s), 50 minute(s), 21 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\Users\Kensuke\downloads\vlcsetup (1).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    1 Août 2011 19:42:15

    All processes killed
    ========== OTL ==========
    Service stllssvr stopped successfully!
    Service stllssvr deleted successfully!
    C:\Program Files\mozilla firefox\searchplugins\babylon.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59994074-c06d-4a75-9768-49e5a8c21264}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59994074-c06d-4a75-9768-49e5a8c21264}\ deleted successfully.
    C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{59994074-c06d-4a75-9768-49e5a8c21264} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59994074-c06d-4a75-9768-49e5a8c21264}\ not found.
    File C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll moved successfully.
    Registry value HKEY_USERS\S-1-5-21-2568919069-2304821469-2086324654-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{59994074-C06D-4A75-9768-49E5A8C21264} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59994074-C06D-4A75-9768-49E5A8C21264}\ not found.
    File C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP\WiseCustomCalla.dll deleted successfully.
    C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP folder deleted successfully.
    C:\Windows\DUMP2386.tmp deleted successfully.
    C:\Windows\DUMP257a.tmp deleted successfully.
    C:\Windows\msdownld.tmp folder deleted successfully.
    C:\Windows\System32\SET4A5F.tmp deleted successfully.
    C:\Windows\System32\SETECB9.tmp deleted successfully.
    C:\Windows\System32\SETFEA1.tmp deleted successfully.
    C:\Users\Kensuke\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe moved successfully.
    C:\Users\Kensuke\AppData\Roaming\Microsoft\Installer\{C06EFB22-B5DB-46C5-9215-BCB5C19C0858}\ARPPRODUCTICON.exe moved successfully.
    C:\Users\Kensuke\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe moved successfully.
    C:\Users\Kensuke\AppData\Roaming\teamspeak2 folder moved successfully.
    C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\K\UninstallMSI.exe moved successfully.
    C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\K\UninstallMSI32.exe moved successfully.
    C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\K\UninstallMSI64.exe moved successfully.
    C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\K\USBAutoRun.exe moved successfully.
    C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\L\UninstallMSI.exe moved successfully.
    C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\L\UninstallMSI32.exe moved successfully.
    C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\L\UninstallMSI64.exe moved successfully.
    C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\L\USBAutoRun.exe moved successfully.
    C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\M\UninstallMSI.exe moved successfully.
    C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\M\UninstallMSI32.exe moved successfully.
    C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\M\UninstallMSI64.exe moved successfully.
    C:\Users\Kensuke\AppData\Roaming\Microsoft\Windows\Templates\M\USBAutoRun.exe moved successfully.
    ADS C:\ProgramData\TEMP:88050731 deleted successfully.
    ========== FILES ==========
    File\Folder C:\Program Files\uusee\UUSeePlayer.exe not found.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uusee\UUSeePlayer.exe deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\Curr entControlSet\Services\SharedA ccess\Parameters\FirewallPolic y\FirewallRules not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\Curr entControlSet\Services\SharedA ccess\Parameters\FirewallPolic y\FirewallRules not found.
    Registry value HKEY_USERS\S-1-5-21-2568919069-2304821469-2086324654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Antimalware Doctor not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Kensuke
    ->Temp folder emptied: 1723286 bytes
    ->Temporary Internet Files folder emptied: 9373515 bytes
    ->Java cache emptied: 34089529 bytes
    ->Google Chrome cache emptied: 28369289 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 1960150 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 159212 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    Error loading Shell32.dll! Cannot empty RecycleBin.
    RecycleBin emptied: 8505939579 bytes

    Total Files Cleaned = 8 184,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Kensuke
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0,00 mb



    OTL by OldTimer - Version 3.2.26.1 log created on 08012011_193338

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
    1 Août 2011 19:51:05

    ############################## | UsbFix 7.053 | [Recherche]

    Utilisateur: Kensuke (Administrateur) # PC-DE-KENSUKE [Compaq-Presario GG690AA-ABF SR5110FR]
    Mis à jour le 30/07/2011 par El Desaparecido
    Lancé à 19:44:43 | 01/08/2011
    Site Web: http://www.teamxscript.org
    Submit your sample: http://www.teamxscript.org/Upload.php
    Contact: TeamXscript.ElDesaparecido@gmail.com

    CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
    CPU 2: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
    Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-Bit) # Service Pack 2
    Internet Explorer 9.0.8112.16421

    Pare-feu Windows: Activé
    Antivirus: avast! antivirus 4.8.1229 [VPS 090220-0] 4.8.1229 [Enabled | Updated]
    RAM -> 2558 Mo
    C:\ (%systemdrive%) -> Disque fixe # 234 Go (25 Go libre(s) - 10%) [COMPAQ] # NTFS
    D:\ -> Disque fixe # 8 Go (1 Go libre(s) - 13%) [Recovery] # NTFS
    E:\ -> CD-ROM
    F:\ -> CD-ROM
    K:\ -> Disque fixe # 56 Go (25 Go libre(s) - 44%) [Animes ] # NTFS
    L:\ -> CD-ROM

    ################## | Éléments infectieux |

    Présent! F:\Start.exe
    Présent! K:\vshare-plugin.exe
    Présent! C:\Users\Kensuke\AppData\Roaming\install
    Présent! F:\autorun.inf
    Présent! F:\start.ini
    Présent! F:\start.exe

    ################## | Registre |


    ################## | Mountpoints2 |

    HKCU\.\.\.\.\Explorer\MountPoints2\{24587c0c-a80b-11dd-bae7-001bb98235b0}
    Shell\AutoRun\Command = K:\start.exe
    Shell\iledefrance\Command = K:\start.exe

    HKCU\.\.\.\.\Explorer\MountPoints2\{2f383528-f220-11df-b1c5-001bb98235b0}
    Shell\AutoRun\Command = G:\Startme.exe

    HKCU\.\.\.\.\Explorer\MountPoints2\{39acb0b9-b623-11dd-ab4c-001bb98235b0}
    Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\Recycled\ctfmon.exe
    Shell\Open(0)\Command = K:\Recycled\ctfmon.exe

    HKCU\.\.\.\.\Explorer\MountPoints2\{3c5b6c69-a527-11df-bb4d-001bb98235b0}
    Shell\AutoRun\Command = H:\Install.exe
    Shell\menu1\Command = H:\Install.exe

    HKCU\.\.\.\.\Explorer\MountPoints2\{3c5b6c6c-a527-11df-bb4d-001bb98235b0}
    Shell\AutoRun\Command = N:\Startme.exe

    HKCU\.\.\.\.\Explorer\MountPoints2\{4674ed19-a851-11dd-84c2-001bb98235b0}
    Shell\AutoRun\Command = L:\LaunchU3.exe

    HKCU\.\.\.\.\Explorer\MountPoints2\{47507e1e-5e69-11de-a094-806e6f6e6963}
    Shell\AutoRun\Command = F:\Start.exe

    HKCU\.\.\.\.\Explorer\MountPoints2\{68974fa9-716e-11df-8ea4-001bb98235b0}
    Shell\Auto\Command = cmd /C launch.bat
    Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

    HKCU\.\.\.\.\Explorer\MountPoints2\{759107f5-9875-11de-9f8f-001bb98235b0}
    Shell\AutoRun\Command = M:\USBAutoRun.exe

    HKCU\.\.\.\.\Explorer\MountPoints2\{d36b6f49-27db-11dd-b59c-001bb98235b0}
    Shell\Auto\Command = cmd /C launch.bat
    Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

    HKCU\.\.\.\.\Explorer\MountPoints2\{ebe3f1c8-7989-11dc-b8d8-001bb98235b0}
    Shell\AutoRun\Command = F:\Launcher.exe

    HKCU\.\.\.\.\Explorer\MountPoints2\{eec23cb0-24b6-11dd-9519-001bb98235b0}
    Shell\AutoRun\Command = M:\EXPLORER.EXE
    Shell\explore\Command = M:\EXPLORER.EXE
    Shell\open\Command = M:\EXPLORER.EXE


    ################## | Vaccin |

    F:\Autorun.inf -> Vaccin créé par Panda USB Vaccine

    ################## | E.O.F |
    a c 940 8 Sécurité
    1 Août 2011 20:04:57

    Re,

    USBFix - Nettoyage :

  • /!\ Important -> Branche tous les périphériques externes (clés, disques durs ....)
  • Double-clique sur UsbFix sur ton Bureau
    /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Clique sur l'option Suppression et laisse l'outil analyser ton système
  • La recherche se lance
  • Copie-colle le contenu du rapport UsbFix.txt qui s'affiche dans ta prochaine réponse.
  • Le rapport se trouve sous C:\UsbFix.txt

    Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide

    @+
    18 Août 2011 16:38:24

    désolé j'étais parti en vac !!


    ############################## | UsbFix 7.053 | [Suppression]

    Utilisateur: Kensuke (Administrateur) # PC-DE-KENSUKE [Compaq-Presario GG690AA-ABF SR5110FR]
    Mis à jour le 30/07/2011 par El Desaparecido
    Lancé à 15:53:50 | 18/08/2011
    Site Web: http://www.teamxscript.org
    Submit your sample: http://www.teamxscript.org/Upload.php
    Contact: TeamXscript.ElDesaparecido@gmail.com

    CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
    CPU 2: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
    Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-Bit) # Service Pack 2
    Internet Explorer 9.0.8112.16421

    Pare-feu Windows: Activé
    Antivirus: avast! antivirus 4.8.1229 [VPS 090220-0] 4.8.1229 [Enabled | Updated]
    RAM -> 2558 Mo
    C:\ (%systemdrive%) -> Disque fixe # 234 Go (23 Go libre(s) - 10%) [COMPAQ] # NTFS
    D:\ -> Disque fixe # 8 Go (1 Go libre(s) - 13%) [Recovery] # NTFS
    E:\ -> CD-ROM
    F:\ -> CD-ROM
    K:\ -> Disque fixe # 56 Go (25 Go libre(s) - 44%) [Animes ] # NTFS
    L:\ -> CD-ROM

    ################## | Éléments infectieux |

    Supprimé! K:\vshare-plugin.exe
    Supprimé! C:\Users\Kensuke\AppData\Roaming\install
    Supprimé! C:\$RECYCLE.BIN\S-1-5-21-1818236925-4069686688-3323932586-500
    Supprimé! C:\$RECYCLE.BIN\S-1-5-21-2152478756-3922319563-605102323-500
    Supprimé! C:\$RECYCLE.BIN\S-1-5-21-2568919069-2304821469-2086324654-1000
    Supprimé! C:\$RECYCLE.BIN\S-1-5-21-2568919069-2304821469-2086324654-500
    Supprimé! D:\$RECYCLE.BIN\S-1-5-21-2568919069-2304821469-2086324654-1000
    Supprimé! D:\$RECYCLE.BIN\S-1-5-21-2568919069-2304821469-2086324654-500
    Supprimé! K:\$RECYCLE.BIN\S-1-5-21-2568919069-2304821469-2086324654-1000

    ################## | Registre |


    ################## | Mountpoints2 |

    Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{24587c0c-a80b-11dd-bae7-001bb98235b0}
    Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{2f383528-f220-11df-b1c5-001bb98235b0}
    Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{39acb0b9-b623-11dd-ab4c-001bb98235b0}
    Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{3c5b6c6c-a527-11df-bb4d-001bb98235b0}
    Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{4674ed19-a851-11dd-84c2-001bb98235b0}
    Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{68974fa9-716e-11df-8ea4-001bb98235b0}
    Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{759107f5-9875-11de-9f8f-001bb98235b0}
    Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{d36b6f49-27db-11dd-b59c-001bb98235b0}
    Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{ebe3f1c8-7989-11dc-b8d8-001bb98235b0}

    ################## | Listing |

    [18/08/2011 - 16:03:40 | SHD ] C:\$Recycle.Bin
    [16/06/2011 - 09:22:02 | D ] C:\48ed69d9bdc9a1f9df
    [01/08/2011 - 16:14:38 | N | 12409] C:\Ad-Report-CLEAN[1].txt
    [01/08/2011 - 15:46:23 | N | 14425] C:\Ad-Report-SCAN[1].txt
    [11/02/2011 - 23:45:32 | D ] C:\Animes
    [02/06/2007 - 00:48:06 | N | 74] C:\autoexec.bat
    [20/10/2009 - 22:51:40 | D ] C:\Boot
    [11/04/2009 - 08:36:36 | RASH | 333257] C:\bootmgr
    [02/06/2007 - 09:59:30 | N | 8192] C:\BOOTSECT.BAK
    [20/09/2007 - 18:45:10 | N | 74] C:\CMLoader.log
    [18/09/2006 - 23:43:37 | N | 10] C:\config.sys
    [02/11/2006 - 15:02:03 | SHD ] C:\Documents and Settings
    [02/07/2011 - 17:15:36 | D ] C:\Downloads
    [05/06/2009 - 11:14:45 | D ] C:\hp
    [24/10/2007 - 21:43:44 | N | 2079] C:\INSTALL.LOG
    [07/10/2007 - 13:11:03 | N | 0] C:\IO.SYS
    [19/01/2009 - 23:08:42 | D ] C:\Lop SD
    [01/05/2008 - 19:42:56 | N | 18944] C:\lopR.txt
    [28/10/2007 - 21:02:28 | N | 15820] C:\MPMSetup.log
    [07/10/2007 - 13:11:03 | N | 0] C:\MSDOS.SYS
    [06/05/2009 - 20:03:22 | RHD ] C:\MSOCache
    [11/11/2009 - 23:50:33 | D ] C:\NVIDIA
    [18/08/2011 - 15:45:46 | ASH | 2996580352] C:\pagefile.sys
    [01/08/2011 - 19:31:29 | D ] C:\Program Files
    [11/03/2011 - 17:57:45 | HD ] C:\ProgramData
    [02/06/2007 - 00:32:34 | N | 471] C:\RHDSetup.log
    [21/07/2011 - 18:34:56 | D ] C:\rsit
    [24/10/2010 - 16:15:08 | N | 0] C:\slijmpsv
    [12/09/2009 - 23:34:06 | D ] C:\Sounds
    [18/08/2011 - 15:52:52 | SHD ] C:\System Volume Information
    [30/03/2011 - 14:40:35 | D ] C:\Séries TV
    [08/08/2002 - 23:40:48 | N | 153088] C:\UNWISE.EXE
    [18/08/2011 - 16:03:40 | D ] C:\UsbFix
    [18/08/2011 - 15:53:54 | A | 4142] C:\UsbFix.txt
    [25/02/2008 - 13:15:29 | D ] C:\Users
    [18/08/2011 - 14:08:07 | D ] C:\Windows
    [01/08/2011 - 19:33:38 | D ] C:\_OTL
    [18/08/2011 - 16:03:40 | SHD ] D:\$RECYCLE.BIN
    [04/10/2006 - 01:02:44 | N | 438328] D:\boo.mgr
    [02/06/2007 - 12:09:59 | D ] D:\boot
    [02/11/2006 - 01:53:58 | SH | 438840] D:\bootmgr
    [13/10/2006 - 16:00:52 | SH | 1322] D:\Desktop.ini
    [01/08/2011 - 17:08:59 | N | 90676] D:\Extras.Txt
    [02/06/2007 - 12:09:59 | D ] D:\hp
    [02/06/2007 - 12:09:57 | N | 106] D:\MASTER.LOG
    [18/09/2007 - 22:05:15 | D ] D:\PC-Doctor 5 for Win PE
    [18/09/2007 - 22:05:15 | N | 429] D:\pcdr.ini
    [02/06/2007 - 12:09:59 | D ] D:\PRELOAD
    [29/01/2007 - 19:56:20 | N | 109060] D:\Protect.ed
    [02/06/2007 - 12:09:59 | RD ] D:\RECOVERY
    [02/06/2007 - 12:09:57 | N | 44] D:\RESTORE.INI
    [02/06/2007 - 12:09:59 | D ] D:\SOURCES
    [04/07/2007 - 15:07:29 | SHD ] D:\System Volume Information
    [07/02/2007 - 15:56:24 | N | 34] D:\SystemRecovery.txt
    [02/06/2007 - 12:09:59 | D ] D:\Windows
    [18/08/2011 - 16:03:40 | SHD ] K:\$RECYCLE.BIN
    [18/12/2010 - 13:38:41 | N | 142108] K:\0032797_user_0002538_P0g26IRZ14PKynoMFfUMRcuYZeSCBA_400.jpg
    [30/03/2011 - 14:39:53 | D ] K:\Animes 2008
    [20/07/2010 - 20:01:26 | D ] K:\Animes 2009
    [27/06/2011 - 22:19:09 | N | 1736] K:\bookmark.htm
    [06/07/2011 - 11:29:47 | N | 13405] K:\bookmark1.htm
    [02/01/2011 - 17:10:06 | N | 13525] K:\cv.odt
    [12/12/2010 - 21:58:41 | D ] K:\ECLIPSE
    [12/12/2010 - 19:29:12 | D ] K:\eclipse-java-helios-SR1-win32
    [12/12/2010 - 19:27:51 | N | 104347466] K:\eclipse-java-helios-SR1-win32.zip
    [01/08/2011 - 17:06:06 | N | 90676] K:\Extras.Txt
    [20/12/2009 - 16:41:48 | D ] K:\Fansub
    [07/10/2010 - 22:11:19 | D ] K:\Fichiers photos
    [12/12/2010 - 21:16:48 | N | 3503078] K:\installer_java_se_development_kit_(jdk)_7_build_119_(32_bits)_Francais_French.exe
    [23/06/2011 - 21:38:28 | N | 19752] K:\io2.odt
    [24/07/2011 - 15:56:11 | D ] K:\l
    [13/07/2011 - 00:35:08 | N | 13459] K:\menu.odt
    [06/07/2011 - 12:29:24 | N | 234821993] K:\Naruto_Shippuuden_218_Fansub-Resistance[H264-HD].mp4
    [16/12/2010 - 02:07:27 | N | 17470] K:\noms_rivals.ods
    [26/04/2011 - 16:16:55 | D ] K:\Nouveau dossier
    [01/08/2011 - 17:07:07 | N | 129638] K:\OTL.Txt
    [17/12/2009 - 01:12:30 | D ] K:\Papa
    [05/10/2010 - 22:01:48 | D ] K:\photo
    [25/12/2010 - 00:10:29 | D ] K:\RM2011
    [02/01/2011 - 15:24:41 | N | 76] K:\RM2011.txt
    [06/04/2011 - 14:14:19 | N | 80] K:\sasaasasaffreoferokgerkoegokergokre.txt
    [06/01/2011 - 00:52:35 | N | 18792] K:\Shinsuke.ods
    [08/09/2009 - 09:49:16 | SHD ] K:\System Volume Information
    [28/06/2011 - 21:13:28 | N | 27883] K:\tC.ods
    [14/04/2011 - 19:52:15 | N | 212] K:\teamcyclisme_2011+anit+sky.txt

    ################## | Vaccin |

    C:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
    D:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
    K:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
    a c 940 8 Sécurité
    18 Août 2011 21:37:09

    Bonjour,

    Merci d'avoir repris la procédure :) 

    On a presque fini.
    Comment se comporte le système ?
    Plus de symptôme d'infection ?

    Si tel est le cas, on va finaliser.

    ---------------------------------------------------------------------------------------------

    Tu peux garder Malwarebytes et scanner ton système régulièrement avec en complément des analyses de ton antivirus.
    Ne pas oublier toutefois, avant de lancer l'analyse, de faire une recherche de mises à jour de Malwarebytes, dans l'onglet Mise à jour

  • Relance Ad-Remover et clique sur Désinstaller
  • Relance USBFix et clique sur Désinstaller

    ---------------------------------------------------------------------------------------------

    Purge points de restauration :

  • Ferme toutes les autres fenêtres et double-clique sur OTL.exe
    /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Copie l'intégralité de ce code ci-dessous

    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]

  • Colle l'intégralité du code dans le cadre Personnalisation
  • Clique ensuite sur le bouton Correction
  • Si l'outil te demande de redémarrer le PC, tu acceptes

    ---------------------------------------------------------------------------------------------

    Désinstallation OTL et outils utilisés :

  • Ferme toutes les autres fenêtres et double-clique sur OTL.exe
    /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Clique sur Purge d'outils

  • Valide l'avertissement par OK et laisse le pc redémarrer

    ---------------------------------------------------------------------------------------------

    Réactive l'UAC au niveau par défaut

    Réactive le Contrôle de Compte Utilisateur (UAC) via Panneau de Configuration -> Comptes Utilisateurs

    ---------------------------------------------------------------------------------------------

    Quelques précisions et conseils :

  • D'une manière générale, il faut être prudent sur le net et ne pas cliquer sur tout ce qui paraît attrayant.
    Je t'invite à prendre connaissance de cet article : Pourquoi et comment je me fais infecter ?

  • Maintenir son antivrus à jour et analyser le système régulièrement, avec en parallèle un scan avec Malwarebytes

  • Tenir son système à jour, au niveau des mises à jour Windows Update, sans oublier les logiciels installés.
    Vérifier aussi d'avoir toujours la dernière version de Java et Flash Player
    Il faut installer Flash Player sous chaque navigateur présent sur le système


  • Le P2P est un vecteur d'infections. Si les logiciels P2P installés sur ton PC sont sains, les fichiers téléchargés sont pour la plupart infectés.
    Cracks, P2P, quels sont les risques...
    Le danger des cracks !


  • Il faut être vigilant avec les supports amovibles. Nous avons vacciné ton système et les supports amovibles connectés.
    Il faudra le faire aussi pour tout autre nouveau support
    Guide sécurisation Windows face aux menaces infectieuses USB

    N'hésite pas si tu as des questions.

    Pour en savoir plus, Prévention & Protection [Dossier]

    Tu peux indiquer ton sujet comme résolu en cliquant sur le bouton Editer dans ton tout premier message.
    Ajoute ensuite [Résolu] à coté de ton titre et valide.

    Tu peux aussi, si tu le souhaites, valider une meilleure réponse, ton sujet sera alors automatiquement marqué comme Résolu

    @+
    18 Août 2011 23:51:08

    J'ai encore le problème à chaque fois par exemple je vais sur Panneau de Cofiguration systeme ou autre chose : j'ai echec du chargement de page, idem sur Windows update :S
    a c 940 8 Sécurité
    19 Août 2011 00:13:09

    Bonsoir,

    Relance OTL pour générer un nouveau rapport que tu héberges sur cijoint.fr ou pjjoint.fr

    @+
    a c 940 8 Sécurité
    11 Septembre 2011 16:19:40

    Bonjour,

    Ce n'est pas évident de suivre une sujet de désinfection au bout de presque 1 mois.

    Je t'avais demandé de désinstaller Spybot, en t'expliquant que cette application était obsolète, mais cela n'a pas été fait.

    ---------------------------------------------------------------------------------------------

    USBFix - Recherche :

  • Télécharge UsbFix de El Desaparecido et enregistre-le sur ton Bureau
  • /!\ Important -> Branche tous les périphériques externes (clés, disques durs ....)
  • Double-clique sur UsbFix sur ton Bureau
    /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Clique sur l'option Recherche et laisse l'outil analyser ton système
  • La recherche se lance
  • Copie-colle le contenu du rapport UsbFix.txt qui s'affiche dans ta prochaine réponse.
  • Le rapport se trouve sous C:\UsbFix.txt

    Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide

    @+
    11 Septembre 2011 16:42:16

    J'ai désinstallé SPybot


    ############################## | UsbFix 7.053 | [Recherche]

    Utilisateur: Kensuke (Administrateur) # PC-DE-KENSUKE [Compaq-Presario GG690AA-ABF SR5110FR]
    Mis à jour le 30/07/2011 par El Desaparecido
    Lancé à 16:39:40 | 11/09/2011
    Site Web: http://www.teamxscript.org
    Submit your sample: http://www.teamxscript.org/Upload.php
    Contact: TeamXscript.ElDesaparecido@gmail.com

    CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
    CPU 2: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
    Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-Bit) # Service Pack 2
    Internet Explorer 9.0.8112.16421

    Pare-feu Windows: Activé
    Antivirus: avast! antivirus 4.8.1229 [VPS 090220-0] 4.8.1229 [Enabled | Updated]
    RAM -> 2558 Mo
    C:\ (%systemdrive%) -> Disque fixe # 234 Go (15 Go libre(s) - 6%) [COMPAQ] # NTFS
    D:\ -> Disque fixe # 8 Go (8 Go libre(s) - 99%) [Recovery] # NTFS
    E:\ -> CD-ROM
    F:\ -> CD-ROM
    K:\ -> Disque fixe # 56 Go (25 Go libre(s) - 44%) [Animes ] # NTFS
    L:\ -> CD-ROM

    ################## | Éléments infectieux |


    ################## | Registre |


    ################## | Mountpoints2 |

    HKCU\.\.\.\.\Explorer\MountPoints2\{3c5b6c69-a527-11df-bb4d-001bb98235b0}
    Shell\AutoRun\Command = H:\Install.exe
    Shell\menu1\Command = H:\Install.exe

    HKCU\.\.\.\.\Explorer\MountPoints2\{47507e1e-5e69-11de-a094-806e6f6e6963}
    Shell\AutoRun\Command = F:\Start.exe

    HKCU\.\.\.\.\Explorer\MountPoints2\{eec23cb0-24b6-11dd-9519-001bb98235b0}
    Shell\AutoRun\Command = M:\EXPLORER.EXE
    Shell\explore\Command = M:\EXPLORER.EXE
    Shell\open\Command = M:\EXPLORER.EXE


    ################## | Vaccin |

    C:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
    D:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
    K:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)

    ################## | E.O.F |
    a c 940 8 Sécurité
    11 Septembre 2011 17:38:27

    Re,

    C'est bon, le rapport n'indique pas d'éléments infectieux.

    Il n'y a rien de particulier dans tes rapports, donc tes soucis avec le Panneau de configuration, n'ont pas pour origine une infection.

    Applique ce qui suit, s'il te plaît :

    Démarrer --> Tous les programmes --> Accessoires --> Clic-droit sur Invite de commandes --> Exécuter en tant qu'administrateur --> taper ou copier-coller
    sfc /scannow

    Valide par Entrée et laisse faire l'analyse.
    En fin d'analyse, un message indiquera si des fichiers corrompus ont été réparés.

    @+
    11 Septembre 2011 18:22:27

    ca dit qu'il ne trouve pas aucune violation d'intégrité

    sinon un screen du probleme :

    http://imageshack.us/photo/my-images/225/echec.jpg/



    dans mon panneau de configuration il ya des programmes qui n'ont pas d'images :
    barre de tâches
    imprimantes
    options des dossiers
    option d'administration
    programmes
    programme par défaut
    systeme

    et quand je clique sur système ou autre chose ça me met : echec du chargement de page

    a c 940 8 Sécurité
    11 Septembre 2011 21:46:17

    Bonsoir,

    Essaye ceci :

  • Télécharge Crisis Aversion Tool sur ton bureau
  • Double-clique sur l'icône CAT.exe pour lancer l'installation
    /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Dans l'onglet Fixes, coche Fix Broken Links Inside Applications et Reset Explorer Shell
  • Puis clique sur Apply Checked Fixes et laisse l'outil travailler
  • Referme l'outil. Si un rapport s'ouvre, copie-colle son contenu dans ta prochaine réponse

    Qu'en est-il des icônes dans le Panneau de configuration ?

    @+
    12 Septembre 2011 14:01:12

    toujours pareil pas de modification :s


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~ CAT Summary Log - Date: 2011.09.12 @ 1401 hrs ~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    --- CAT Version: 1.1 ---

    =============== Repairing broken links... ===============
    Registering urlmon.dll... Success.
    Registering mshtml.dll... Success.
    Registering shdocvw.dll... Success.
    Registering browseui.dll... Success.
    Registering msjava.dll... Success.
    =============== COMPLETE ===============

    =============== Repairing explorer shell ===============
    Registering acelpdec.ax... Success.
    Registering actxprxy.dll... Error: 0x80070005 - Access Denied
    Retrying with Regsvr32... Completed with exit code: 0
    Registering asctrls.ocx... Success.
    Registering daxctle.ocx... Success.
    Registering dhtmled.ocx... Success.
    Registering hhctrl.ocx... Unable to determine result.
    Registering lcodecx.ax... Success.
    Registering licmgr.dll... Success.
    Registering mpgds.ax... Success.
    Registering msdxm.ocx... Success.
    Registering plugin.ocx... Success.
    Registering proctexe.ocx... Success.
    Registering tdc.ocx... Unable to determine result.
    Registering wshom.ocx... Success.
    Registering access.cpl... Success.
    Registering appwiz.cpl... Success.
    Registering desk.cpl... Success.
    Registering firewall.cpl... Success.
    Registering hdwwiz.cpl... Success.
    Registering inetcpl.cpl... Success.
    Registering intl.cpl... Success.
    Registering nusrmgr.cpl... Success.
    Registering netsetup.cpl... Success.
    Registering powercfg.cpl... Success.
    Registering timedate.cpl... Success.
    Registering wuau.cpl... Success.
    Registering quartz.dll... Error: 0x80070005 - Access Denied
    Retrying with Regsvr32... Completed with exit code: 0
    Registering danim.dll... Success.
    Registering dxmasf.dll... Success.
    Registering dxtmsft.dll... Success.
    Registering dxtrans.dll... Success.
    Registering sbe.dll... Success.
    Registering dxva.dll... Success.
    Registering dxmrtp.dll... Success.
    Registering dxdiagn.dll... Success.
    Registering atl.dll... Success.
    Registering corpol.dll... Success.
    Registering dispex.dll... Success.
    Registering jscript.dll... Success.
    Registering scrrun.dll... Success.
    Registering scrobj.dll... Success.
    Registering vbscript.dll... Success.
    Registering wshext.dll... Success.
    Registering activeds.dll... Success.
    Registering audiodev.dll... Success.
    Registering browseui.dll... Success.
    Registering browsewm.dll... Success.
    Registering cabview.dll... Success.
    Registering cdfview.dll... Success.
    Registering clbcatex.dll... Success.
    Registering clbcatq.dll... Unable to determine result.
    Registering comcat.dll... Success.
    Registering cscui.dll... Success.
    Registering credui.dll... Success.
    Registering datime.dll... Success.
    Registering devmgr.dll... Success.
    Registering dfsshlex.dll... Error: 0x80070005 - Access Denied
    Retrying with Regsvr32... Completed with exit code: 0
    Registering dmdlgs.dll... Success.
    Registering dmdeskmgr.dll... Success.
    Registering dmocx.dll... Success.
    Registering dmview.ocx... Success.
    Registering dsuiext.dll... Success.
    Registering dsquery.dll... Error: 0x80070005 - Access Denied
    Retrying with Regsvr32... Completed with exit code: 0
    Registering dskquoiu.dll... Success.
    Registering els.dll... Success.
    Registering es.dll... Success.
    Registering fontext.dll... Success.
    Registering hlink.dll... Success.
    Registering hnetcfg.dll... Unable to determine result.
    Registering iedkcs.dll... Success.
    Registering iepeers.dll... Unable to determine result.
    Registering iesetup.dll... Success.
    Registering ils.dll... Success.
    Registering imgutil.dll... Success.
    Registering inetcfg.dll... Success.
    Registering inetcomm.dll... Success.
    Registering inseng.dll... Success.
    Registering laprxy.dll... Success.
    Registering lmrt.dll... Success.
    Registering mlang.dll... Success.
    Registering mmcndmgr.dll... Unable to determine result.
    Registering mmcshext.dll... Success.
    Registering mscoree.dll... Success.
    Registering mshhtml.dll... Success.
    Registering msieftp.dll... Success.
    Registering msoe.dll... Success.
    Registering msoeacct.dll... Success.
    Registering msrc.dll... Success.
    Registering msrating.dll... Success.
    Registering mydocs.dll... Success.
    Registering mstime.dll... Success.
    Registering netcfgx.dll... Success.
    Registering netplwiz.dll... Success.
    Registering netman.dll... Success.
    Registering netshell.dll... Success.
    Registering ntmsevt.dll... Success.
    Registering ntmsmgr.dll... Success.
    Registering ntmssvc.dll... Success.
    Registering occache.dll... Success.
    Registering ole.dll... Success.
    Registering oleaut.dll... Success.
    Registering oleacc.dll... Unable to determine result.
    Registering olepro.dll... Success.
    Registering photowiz.dll... Success.
    Registering pngfilt.dll... Success.
    Registering remotepg.dll... Unable to determine result.
    Registering rpcrt.dll... Success.
    Registering rshx.dll... Success.
    Registering sendmail.dll... Success.
    Registering slayerxp.dll... Success.
    Registering shdocvw.dll... Success.
    Registering shsvcs.dll... Success.
    Registering srclient.dll... Success.
    Registering stobject.dll... Success.
    Registering themeui.dll... Success.
    Registering twext.dll... Success.
    Registering urlmon.dll... Success.
    Registering userenv.dll... Success.
    Registering webcheck.dll... Success.
    Registering webvw.dll... Success.
    Registering winhttp.dll... Success.
    Registering wininet.dll... Success.
    Registering zipfldr.dll... Success.
    Registering msdadc.dll... Success.
    Registering nsdaenum.dll... Success.
    Registering msdaer.dll... Success.
    Registering msdaipp.dll... Success.
    Registering msdaora.dll... Success.
    Registering msdaosp.dll... Success.
    Registering msdaps.dll... Success.
    Registering msdasc.dll... Success.
    Registering msdasql.dll... Success.
    Registering msdatt.dll... Success.
    Registering msdaurl.dll... Success.
    Registering msdmeng.dll... Success.
    Registering msdmine.dll... Success.
    Registering msjtor.dll... Success.
    Registering msmdbc.dll... Success.
    Registering msmdgd.dll... Success.
    Registering msolap.dll... Success.
    Registering msolui.dll... Success.
    Registering msxactps.dll... Success.
    Registering oledb.dll... Success.
    Registering oledbr.dll... Success.
    Registering sqloledb.dll... Success.
    Registering sqlxmlx.dll... Success.
    Writing to registry: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonShell"... Successful.
    Deleting registry key "HKLM\Software\Policies\Microsoft\Explorer\GeneralTab"... Key/Value does not exist.
    Deleting registry key "HKLM\Software\Policies\Microsoft\Explorer\ProgramsTab"... Key/Value does not exist.
    Deleting registry key "HKLM\Software\Policies\Microsoft\Explorer\SecurityTab"... Key/Value does not exist.
    Deleting registry key "HKLM\Software\Policies\Microsoft\Explorer\ContentTab"... Key/Value does not exist.
    Deleting registry key "HKLM\Software\Policies\Microsoft\Explorer\PrivacyTab"... Key/Value does not exist.
    Deleting registry key "HKLM\Software\Policies\Microsoft\Explorer\AdvancedTab"... Key/Value does not exist.
    Deleting registry key "HKLM\Software\Policies\Microsoft\Explorer\ConnectionsTab"... Key/Value does not exist.
    Deleting registry key "HKCU\Software\Policies\Microsoft\Explorer\GeneralTab"... Key/Value does not exist.
    Deleting registry key "HKCU\Software\Policies\Microsoft\Explorer\ProgramsTab"... Key/Value does not exist.
    Deleting registry key "HKCU\Software\Policies\Microsoft\Explorer\SecurityTab"... Key/Value does not exist.
    Deleting registry key "HKCU\Software\Policies\Microsoft\Explorer\ContentTab"... Key/Value does not exist.
    Deleting registry key "HKCU\Software\Policies\Microsoft\Explorer\PrivacyTab"... Key/Value does not exist.
    Deleting registry key "HKCU\Software\Policies\Microsoft\Explorer\AdvancedTab"... Key/Value does not exist.
    Deleting registry key "HKCU\Software\Policies\Microsoft\Explorer\ConnectionsTab"... Key/Value does not exist.
    Killing Explorer shell... Done.
    Restarting Explorer shell... Done.
    Updating system parameters... Done.
    ============ Explorer Shell Repair Complete ============

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~ CAT Summary Log End - Date: 2011.09.12 @ 1401 hrs ~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    ---------------------------------------------------------------------


    a c 940 8 Sécurité
    12 Septembre 2011 14:11:43

    Bonjour,

    Est-ce que le problème est le même sous une toute nouvelle session administrateur que tu crées spécifiquement maintenant ?

    Si oui, je pense qu'il faut envisager une réinstallation du système.

    @+
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS