Votre question

[Résolu] supprimer virus www.searchuq.com

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
9 Février 2012 23:11:08

Bonsoir, j'ai ce site qui remplace google et qui revient tout le temps depuis quelques temps.

Donc j'aurais besoin de votre aide pour l'enlever s'il vous plait.

Voici les rapports avec OTL :

Spoiler
OTL Extras logfile created on: 09/02/2012 22:48:35 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Casanova\Mes documents\Téléchargements
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 45,00% Memory free
3,85 Gb Paging File | 2,60 Gb Available in Paging File | 67,58% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 171,42 Gb Free Space | 57,51% Space Free | Partition Type: NTFS
Drive D: | 252,99 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: HYACINTHE | User Name: Casanova | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1220945662-1364589140-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Parcourir avec XnView] -- "C:\Documents and Settings\Casanova\Bureau\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" =
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58435:TCP" = 58435:TCP:*:Enabled:p ando Media Booster
"58435:UDP" = 58435:UDP:*:Enabled:p ando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp
"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp
"13388:TCP" = 13388:TCP:*:Enabled:BitComet 13388 TCP
"13388:UDP" = 13388:UDP:*:Enabled:BitComet 13388 UDP
"52424:TCP" = 52424:TCP:*:Enabled:BitComet 52424 TCP
"52424:UDP" = 52424:UDP:*:Enabled:BitComet 52424 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"58435:TCP" = 58435:TCP:*:Enabled:p ando Media Booster
"58435:UDP" = 58435:UDP:*:Enabled:p ando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:p ando Media Booster -- ()
"C:\Program Files\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe" = C:\Program Files\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe:*:Enabled:Star Wars - The Old Republic -- (BioWare)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\World of Warcraft\WoW-1.12.0-frFR-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:p ando Media Booster -- ()
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe" = C:\Program Files\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe:*:Enabled:Star Wars - The Old Republic -- (BioWare)
"C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- (CybelSoft)
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:D TX broker -- (Visicom Media Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{043F86B7-EE12-3399-B2CA-D0B603D87963}" = Microsoft .NET Framework 4 Extended FRA Language Pack
"{04DA096D-6236-4A5D-8FB6-3081E67009BA}" = CANAL+ CANALSAT A LA DEMANDE
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver
"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
"{190601AF-7BE4-046E-CEBF-14EE74434250}" = AMD Catalyst Install Manager
"{1B19A54C-3692-4D12-BFD9-1362DD34CE78}" = Ma-Config.com
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 24
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28d3d349-94e5-4401-83e9-dd862f7da8e7}" = Nero 9 Trial
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31CFCD3D-CFE8-46E7-9A68-E61D470F3400}_is1" = List_Kill'em 1.2.5.3
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3828EC4B-D4B9-A742-4D81-9C0A3C72DF8A}" = CCC Help English
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E414048-A9DD-4F60-AA1D-018E716C88C9}" = Internet Explorer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.80
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{61DF2893-0069-4E50-A02E-3A41A97CB1B4}" = ROCCAT Arvo Keyboard Driver
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{81A917A1-DBA3-3639-53DA-B6E833D41A57}" = ccc-utility
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{82931CCC-65F4-5A50-57AD-AE6DF6B10929}" = Catalyst Control Center
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A0A087E5-149E-EC75-F45D-3A3C04344B4A}" = Catalyst Control Center Graphics Previews Common
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AB3F9176-E74A-4F28-9A09-4F22349B145E}" = Livebox
"{AC76BA86-7AD7-1036-7B44-A95000000001}" = Adobe Reader 9.5.0 - Français
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CC67DD84-77C6-C9F8-FA03-953F1C1C92A9}" = Catalyst Control Center InstallProxy
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FD71E2F7-B9FC-4072-88DB-AC19E2464D82}" = LightScribe System Software
"99838AD053C08F944E2CBD48C5CA6F6D76255C9E" = Windows Driver Package - ROCCAT (HidUsb) HIDClass (05/06/2009 1.00)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitComet" = BitComet 1.24
"CANONBJ_Deinstall_CNMCP50.DLL" = Canon i250
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"eMule" = eMule
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LimeWire" = LimeWire 5.5.10
"Ludi" = Ludi
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Extended FRA
"Mozilla Firefox 10.0 (x86 fr)" = Mozilla Firefox 10.0 (x86 fr)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Mumble" = Mumble and Murmur
"mv61xxDriver" = marvell 61xx
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VobSub" = VobSub v2.23 (Remove Only)
"VSO PhotoDVD_is1" = PhotoDVD 2.9.6.1d
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows Searchqu Toolbar" = Windows iLivid Toolbar
"WinGimp-2.0_is1" = Gimp 2.6.2
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1220945662-1364589140-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"World of Logs Client (4.2)" = World of Logs Client (4.2)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/12/2011 19:05:23 | Computer Name = HYACINTHE | Source = PerfNet | ID = 2002
Description = Impossible d'ouvrir le Service redirecteur. Les données de performance
du redirecteur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
0.

Error - 16/12/2011 19:24:33 | Computer Name = HYACINTHE | Source = Application Error | ID = 1000
Description = Application défaillante swtor.exe, version 1.0.0.0, module défaillant
mumble_ol.dll, version 0.0.0.0, adresse de défaillance 0x00012079.

Error - 16/12/2011 19:24:33 | Computer Name = HYACINTHE | Source = Application Error | ID = 1000
Description = Application défaillante swtor.exe, version 1.0.0.0, module défaillant
msvcr90.dll, version 9.0.30729.6161, adresse de défaillance 0x0003734d.

Error - 17/12/2011 04:13:54 | Computer Name = HYACINTHE | Source = PerfNet | ID = 2002
Description = Impossible d'ouvrir le Service redirecteur. Les données de performance
du redirecteur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
0.

Error - 17/12/2011 04:33:31 | Computer Name = HYACINTHE | Source = Application Hang | ID = 1002
Description = Application bloquée launcher.exe, version 3.1.7.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 17/12/2011 04:38:06 | Computer Name = HYACINTHE | Source = Application Hang | ID = 1002
Description = Application bloquée launcher.exe, version 3.1.7.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 17/12/2011 04:44:48 | Computer Name = HYACINTHE | Source = PerfNet | ID = 2002
Description = Impossible d'ouvrir le Service redirecteur. Les données de performance
du redirecteur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
0.

Error - 17/12/2011 17:37:29 | Computer Name = HYACINTHE | Source = PerfNet | ID = 2002
Description = Impossible d'ouvrir le Service redirecteur. Les données de performance
du redirecteur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
0.

Error - 17/12/2011 17:51:31 | Computer Name = HYACINTHE | Source = PerfNet | ID = 2002
Description = Impossible d'ouvrir le Service redirecteur. Les données de performance
du redirecteur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
0.

Error - 18/12/2011 05:09:21 | Computer Name = HYACINTHE | Source = PerfNet | ID = 2002
Description = Impossible d'ouvrir le Service redirecteur. Les données de performance
du redirecteur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
0.

[ Canal+ Events ]
Error - 28/05/2010 10:10:05 | Computer Name = HYACINTHE | Source = VideoOnDemand | ID = 0
Description = ServicesAdapter::p rocessRequest : Collection was modified; enumeration
operation may not execute.

Error - 07/06/2010 03:24:00 | Computer Name = HYACINTHE | Source = VideoOnDemand | ID = 0
Description = ServicesAdapter::p rocessRequest : Collection was modified; enumeration
operation may not execute.

Error - 25/06/2010 04:17:49 | Computer Name = HYACINTHE | Source = VideoOnDemand | ID = 0
Description = ServicesAdapter::p rocessRequest : Un problème s'est produit au niveau
du composant de la gestion des droits numériques (DRM). Contactez le Support technique
pour cette application

Error - 25/06/2010 04:17:49 | Computer Name = HYACINTHE | Source = VideoOnDemand | ID = 0
Description = ContentsManager.Update : Un problème s'est produit au niveau du composant
de la gestion des droits numériques (DRM). Contactez le Support technique pour
cette application

Error - 27/06/2010 09:46:39 | Computer Name = HYACINTHE | Source = VideoOnDemand | ID = 0
Description = ServicesAdapter::p rocessRequest : Collection was modified; enumeration
operation may not execute.

Error - 04/07/2010 03:08:14 | Computer Name = HYACINTHE | Source = VideoOnDemand | ID = 0
Description = ServicesAdapter::p rocessRequest : Collection was modified; enumeration
operation may not execute.

Error - 13/09/2010 17:49:26 | Computer Name = HYACINTHE | Source = VideoOnDemand | ID = 0
Description = ContentsManager.FetchContent : 8

Error - 13/09/2010 17:49:27 | Computer Name = HYACINTHE | Source = VideoOnDemand | ID = 0
Description = ContentsManager.FetchContent : 8

Error - 31/01/2012 16:43:28 | Computer Name = HYACINTHE | Source = VideoOnDemand | ID = 0
Description = ServicesAdapter::p rocessRequest : Collection was modified; enumeration
operation may not execute.

Error - 31/01/2012 16:43:29 | Computer Name = HYACINTHE | Source = VideoOnDemand | ID = 0
Description = ServicesAdapter::p rocessRequest : Collection was modified; enumeration
operation may not execute.

[ System Events ]
Error - 06/02/2012 19:19:42 | Computer Name = HYACINTHE | Source = Service Control Manager | ID = 7023
Description = Le service Services IPSEC s'est arrêté avec l'erreur : %%1747

Error - 07/02/2012 04:58:25 | Computer Name = HYACINTHE | Source = Service Control Manager | ID = 7023
Description = Le service Services IPSEC s'est arrêté avec l'erreur : %%1747

Error - 07/02/2012 06:19:59 | Computer Name = HYACINTHE | Source = Service Control Manager | ID = 7023
Description = Le service Services IPSEC s'est arrêté avec l'erreur : %%1747

Error - 07/02/2012 12:29:08 | Computer Name = HYACINTHE | Source = Service Control Manager | ID = 7023
Description = Le service Services IPSEC s'est arrêté avec l'erreur : %%1747

Error - 08/02/2012 05:06:15 | Computer Name = HYACINTHE | Source = Service Control Manager | ID = 7023
Description = Le service Services IPSEC s'est arrêté avec l'erreur : %%1747

Error - 08/02/2012 05:37:27 | Computer Name = HYACINTHE | Source = Service Control Manager | ID = 7034
Description = Le service CanalPlus.VOD s'est terminé de façon inattendue pour la
1ème fois.

Error - 08/02/2012 11:50:38 | Computer Name = HYACINTHE | Source = Service Control Manager | ID = 7023
Description = Le service Services IPSEC s'est arrêté avec l'erreur : %%1747

Error - 08/02/2012 18:34:08 | Computer Name = HYACINTHE | Source = Service Control Manager | ID = 7023
Description = Le service Services IPSEC s'est arrêté avec l'erreur : %%1747

Error - 09/02/2012 05:30:40 | Computer Name = HYACINTHE | Source = Service Control Manager | ID = 7023
Description = Le service Services IPSEC s'est arrêté avec l'erreur : %%1747

Error - 09/02/2012 09:16:54 | Computer Name = HYACINTHE | Source = Service Control Manager | ID = 7023
Description = Le service Services IPSEC s'est arrêté avec l'erreur : %%1747


< End of report >


Autres pages sur : resolu supprimer virus www searchuq com

9 Février 2012 23:14:16

Je n'arrive pas à poster le second, il doit être trop long.
Je le mets en 2 parties :) 

Spoiler
OTL logfile created on: 09/02/2012 22:48:35 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Casanova\Mes documents\Téléchargements
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 45,00% Memory free
3,85 Gb Paging File | 2,60 Gb Available in Paging File | 67,58% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 171,42 Gb Free Space | 57,51% Space Free | Partition Type: NTFS
Drive D: | 252,99 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: HYACINTHE | User Name: Casanova | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/09 22:46:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Casanova\Mes documents\Téléchargements\OTL.exe
PRC - [2012/01/29 17:20:04 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/06 11:17:56 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2010/10/29 14:49:28 | 000,249,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2010/09/15 09:33:32 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2010/07/21 11:28:32 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
PRC - [2010/07/06 10:07:24 | 000,188,416 | ---- | M] (Canal+ Active) -- C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
PRC - [2009/11/24 14:01:36 | 000,172,032 | ---- | M] (ROCCAT) -- C:\Program Files\ROCCAT\Arvo Keyboard\ArvoHID.EXE
PRC - [2009/10/10 15:50:22 | 000,142,008 | ---- | M] () -- C:\Program Files\Mumble\dbus-daemon.exe
PRC - [2009/08/18 18:55:38 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/13 17:56:59 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/12/05 15:11:54 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/22 18:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2006/08/25 10:11:48 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/29 17:20:04 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/01/18 20:54:59 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2012/01/11 02:16:11 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
MOD - [2012/01/11 02:16:01 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3c272cad7afb127e2a2bdb8a5a808512\System.Runtime.Remoting.ni.dll
MOD - [2012/01/11 02:15:31 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/01/11 02:15:30 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/01/11 02:15:30 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/01/11 02:15:30 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
MOD - [2011/11/09 21:45:32 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/10/13 07:56:14 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/13 07:55:17 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/13 07:55:11 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/13 07:55:00 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/13 00:39:18 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 00:39:14 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/13 00:39:09 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 00:38:58 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/02/02 21:39:56 | 000,008,192 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2010/03/16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/12/10 19:34:10 | 000,133,816 | ---- | M] () -- C:\Program Files\Mumble\mumble_ol.dll
MOD - [2009/10/10 15:50:22 | 000,142,008 | ---- | M] () -- C:\Program Files\Mumble\dbus-daemon.exe
MOD - [2009/10/10 15:50:20 | 000,560,312 | ---- | M] () -- C:\Program Files\Mumble\dbus-1.dll
MOD - [2009/02/27 16:37:16 | 000,311,296 | ---- | M] () -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.FRA
MOD - [2009/01/28 15:03:49 | 000,326,401 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008/05/14 17:39:04 | 000,971,776 | ---- | M] () -- C:\Program Files\Mumble\libxml2.dll
MOD - [2008/01/22 18:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/25 16:36:00 | 000,311,928 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2010/09/15 09:33:32 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/07/21 11:28:32 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2010/07/06 10:07:24 | 000,188,416 | ---- | M] (Canal+ Active) [Auto | Running] -- C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe -- (CanalPlus.VOD)
SRV - [2009/09/24 10:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009/08/18 18:55:38 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/13 17:56:59 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/12/05 15:11:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/01/22 18:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2011/11/10 04:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/08/24 20:39:38 | 000,323,816 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2011/08/08 21:58:38 | 000,100,368 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/07/21 19:55:50 | 000,016,640 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2011/04/27 13:19:28 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010/10/26 10:42:02 | 000,159,024 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx)
DRV - [2010/09/15 09:33:32 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/07/20 11:38:24 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/07/20 11:38:24 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/07/20 11:38:24 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/07/20 11:38:24 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/04/27 03:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/04/27 03:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/04/27 03:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/02/17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/10 19:27:05 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/07/13 17:56:59 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/06 16:00:38 | 000,012,928 | ---- | M] (ROCCAT Development, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ArvoFltr.sys -- (ArvoFltr)
DRV - [2009/03/30 09:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/16 18:56:46 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/09/24 16:32:18 | 004,818,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 19:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2006/03/01 19:53:54 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)
DRV - [2005/05/12 16:56:00 | 000,028,182 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adipfusb.sys -- (adipfusb)
DRV - [2003/12/11 08:50:00 | 000,070,894 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/11 08:50:00 | 000,037,916 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/12/11 08:50:00 | 000,025,630 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/09/23 11:38:34 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1220945662-1364589140-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/
IE - HKU\S-1-5-21-1220945662-1364589140-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1220945662-1364589140-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1220945662-1364589140-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
IE - HKU\S-1-5-21-1220945662-1364589140-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1220945662-1364589140-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-1220945662-1364589140-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 5E 1F 02 E2 BB CA 01 [binary data]
IE - HKU\S-1-5-21-1220945662-1364589140-725345543-1004\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - No CLSID value found
IE - HKU\S-1-5-21-1220945662-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1220945662-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.23
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.4b4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {7E77F5DF-8022-40e3-9122-F03DEBEFC43B}:1.0.25
FF - prefs.js..extensions.enabledItems: {99999999-73df-4e76-b66c-87d3db104b03}:1.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=169&syst..."
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "174.142.24.201"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "174.142.24.201"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "174.142.24.201"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "174.142.24.201"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "174.142.24.201"
FF - prefs.js..network.proxy.ssl_port: 3128


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canalplus.fr/Assistants VOD,version=1.0.0.0: C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\npcpvod.dll (Canal+ Active)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/07 00:19:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/18 19:59:43 | 000,000,000 | ---D | M]

[2012/01/14 14:20:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Casanova\Application Data\Mozilla\Extensions
[2010/07/19 22:28:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Casanova\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/01/14 14:20:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Casanova\Application Data\Mozilla\Firefox\Profiles\alrkuvwp.default\extensions
[2010/09/09 15:08:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Casanova\Application Data\Mozilla\Firefox\Profiles\alrkuvwp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/08 16:30:32 | 000,000,000 | ---D | M] (PsicoTSI) -- C:\Documents and Settings\Casanova\Application Data\Mozilla\Firefox\Profiles\alrkuvwp.default\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}
[2012/01/14 14:20:01 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Casanova\Application Data\Mozilla\Firefox\Profiles\alrkuvwp.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2010/12/10 10:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Casanova\Application Data\Mozilla\Firefox\Profiles\alrkuvwp.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}
[2011/01/01 13:06:58 | 000,000,000 | ---D | M] (FoxTrick) -- C:\Documents and Settings\Casanova\Application Data\Mozilla\Firefox\Profiles\alrkuvwp.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
[2010/11/23 16:29:52 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Casanova\Application Data\Mozilla\Firefox\Profiles\alrkuvwp.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/11/23 16:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Casanova\Application Data\Mozilla\Firefox\Profiles\alrkuvwp.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2011/12/25 19:47:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Casanova\Application Data\Mozilla\Firefox\Profiles\alrkuvwp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/01/14 14:19:57 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Casanova\Application Data\Mozilla\Firefox\Profiles\alrkuvwp.default\searchplugins\Search_Results.xml
[2012/02/07 00:16:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/29 17:20:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/08/24 10:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/29 15:07:26 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/01/29 14:55:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/29 15:07:26 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/01/29 15:07:26 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012/01/14 14:19:57 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/01/29 15:07:26 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/01/29 15:07:26 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/02/21 11:47:01 | 000,000,794 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.11.9.dll (BitComet)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1220945662-1364589140-725345543-1004\..\Toolbar\WebBrowser: (no name) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Arvo] C:\Program Files\ROCCAT\Arvo Keyboard\ArvoHID.EXE (ROCCAT)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKU\S-1-5-21-1220945662-1364589140-725345543-1004..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1220945662-1364589140-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O8 - Extra context menu item: Télécharger avec BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Tout télécharger avec BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.11.9.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1220945662-1364589140-725345543-1004\..Trusted Domains: orange.fr ([www] http in Trusted sites)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca... (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-wind... (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPACl... (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-wind... (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-wind... (Java Plug-in 1.6.0_24)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE935F5A-F959-4C5D-9835-F966BEC07606}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Casanova\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Casanova\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/21 11:54:52 | 000,000,004 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/27 13:29:20 | 000,000,059 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanWorkstation - File not found
NetSvcs: Messenger - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
9 Février 2012 23:27:01

Spoiler
MsConfig - StartUpFolder: C:^Documents and Settings^Casanova^Menu Démarrer^Programmes^Démarrage^LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe - (Lime Wire, LLC)
MsConfig - StartUpReg: CANAL+ CANALSAT A LA DEMANDE - hkey= - key= - C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe (Canal+)
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig - StartUpReg: IntelliPoint - hkey= - key= - c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
MsConfig - StartUpReg: itype - hkey= - key= - c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig - StartUpReg: KiesPDLR - hkey= - key= - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: Logitech Utility - hkey= - key= - C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: ORAHSSSessionManager - hkey= - key= - File not found
MsConfig - StartUpReg: RoxWatchTray - hkey= - key= - File not found
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: SystrayORAHSS - hkey= - key= - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivXNetworks)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/31 18:56:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Canal+
[2012/01/31 18:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\Canal+
[2012/01/15 21:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casanova\AppData
[2012/01/15 21:39:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casanova\Application Data\searchquband
[2012/01/14 19:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/01/14 14:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casanova\Local Settings\Application Data\Ilivid Player
[2012/01/14 14:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casanova\Application Data\searchqutoolbar
[2012/01/14 14:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar
[2012/01/14 14:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casanova\Local Settings\Application Data\PackageAware
[2009/04/11 12:02:20 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Casanova\Application Data\pcouffin.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/09 21:11:36 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\World of Warcraft.lnk
[2012/02/09 14:16:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/07 00:17:09 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Casanova\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/05 10:09:27 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/03 11:58:30 | 000,186,239 | ---- | M] () -- C:\Documents and Settings\Casanova\Mes documents\pole emploi 2.pdf
[2012/01/31 18:56:48 | 000,001,931 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CANAL+ CANALSAT A LA DEMANDE.lnk
[2012/01/26 15:52:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/26 15:33:04 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2012/01/18 20:54:59 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/01/18 19:59:43 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2012/01/11 15:44:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/11 02:15:37 | 000,576,112 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012/01/11 02:15:37 | 000,502,476 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/11 02:15:37 | 000,105,420 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012/01/11 02:15:37 | 000,088,382 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/03 11:58:27 | 000,186,239 | ---- | C] () -- C:\Documents and Settings\Casanova\Mes documents\pole emploi 2.pdf
[2012/01/31 18:56:48 | 000,001,931 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CANAL+ CANALSAT A LA DEMANDE.lnk
[2012/01/18 19:59:43 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 9.lnk
[2012/01/18 19:59:43 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2011/12/26 10:13:55 | 000,000,021 | ---- | C] () -- C:\WINDOWS\kit.ini
[2011/12/26 10:11:12 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2011/12/24 12:17:09 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll
[2011/12/18 16:11:09 | 000,000,045 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2011/11/09 22:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/11/09 22:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/04/27 13:19:32 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/04/27 13:19:30 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/04/27 13:19:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/04/27 13:19:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/04/27 13:19:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/02/24 13:30:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/02/21 16:34:19 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\labvisionrc
[2011/02/03 13:52:06 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/10/25 13:23:38 | 000,753,566 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1220945662-1364589140-725345543-1004-0.dat
[2010/10/25 13:23:36 | 000,139,998 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/10/21 23:33:04 | 000,547,808 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/21 19:36:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/10/21 19:36:00 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/09/25 10:38:24 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Casanova\Local Settings\Application Data\fusioncache.dat
[2010/07/30 11:12:25 | 000,520,368 | ---- | C] () -- C:\Documents and Settings\Casanova\Local Settings\Application Data\rx_image.Cache
[2010/07/23 11:34:05 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS50.DLL
[2009/11/04 13:13:47 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/06/23 18:09:21 | 000,000,237 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/21 23:26:28 | 000,000,201 | ---- | C] () -- C:\Documents and Settings\Casanova\Application Data\default.rss
[2009/04/21 23:26:10 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/21 09:29:43 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/04/21 08:24:20 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\Casanova\Application Data\Printer.ini
[2009/04/11 12:02:20 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Casanova\Application Data\pcouffin.cat
[2009/03/20 11:04:52 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/12/20 19:18:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/11/18 00:12:29 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Casanova\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/08 23:00:42 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/08 22:59:00 | 000,165,120 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/08 22:32:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/10/08 22:30:42 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/10/08 21:08:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/08 21:05:41 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/21 02:37:54 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/08/21 02:37:54 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/08/21 02:37:54 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/07/17 13:23:36 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/03/09 15:27:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2005/07/15 19:36:35 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/07/15 19:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 19:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/15 19:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2004/08/05 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/05 13:00:00 | 000,576,112 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2004/08/05 13:00:00 | 000,502,476 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/05 13:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2004/08/05 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/05 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/05 13:00:00 | 000,105,420 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2004/08/05 13:00:00 | 000,088,382 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/05 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/05 13:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2004/08/05 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/05 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/05 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/05 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/05/28 18:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 18:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2012/01/14 19:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/07/23 11:33:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/09/22 10:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2010/06/08 22:58:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/09/22 10:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2010/06/08 17:18:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/06/08 17:20:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2009/01/16 18:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/11/22 14:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/07/28 09:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/12/18 10:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2009/01/27 00:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/03/30 15:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009/09/18 09:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/11/02 11:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/06/27 16:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/12/19 17:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/06/15 15:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vso
[2011/12/18 10:31:48 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2010/09/21 23:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\BitComet
[2010/06/08 17:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Canon
[2008/11/18 00:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\COWON
[2009/01/16 18:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\DAEMON Tools
[2010/09/13 23:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\DAEMON Tools Lite
[2009/01/16 18:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\DAEMON Tools Pro
[2009/05/12 14:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\DeepBurner
[2010/04/11 16:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\GrabIt
[2008/11/04 00:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\gtk-2.0
[2010/11/24 12:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Leadertech
[2011/12/18 01:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\LimeWire
[2012/02/09 21:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Mumble
[2009/09/17 16:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Nokia
[2009/09/17 16:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\PC Suite
[2011/06/27 16:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Samsung
[2012/01/15 21:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\searchquband
[2012/01/15 21:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\searchqutoolbar
[2010/03/29 19:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\StreamTorrent
[2011/12/19 01:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\SystemRequirementsLab
[2010/09/19 18:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Tropico 3
[2011/09/17 19:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\TS3Client
[2011/12/18 10:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\TuneUp Software
[2010/09/25 10:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Turbine
[2009/04/21 15:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Vso
[2011/03/14 12:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\XnView

========== Purity Check ==========



========== Custom Scans ==========


< %APPDATA%\*. >
[2010/04/08 14:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Adobe
[2009/04/21 14:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\ATI
[2010/09/21 23:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\BitComet
[2010/06/08 17:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Canon
[2008/11/18 00:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\COWON
[2009/01/16 18:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\DAEMON Tools
[2010/09/13 23:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\DAEMON Tools Lite
[2009/01/16 18:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\DAEMON Tools Pro
[2009/05/12 14:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\DeepBurner
[2009/03/18 00:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\DivX
[2009/01/02 20:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Google
[2010/04/11 16:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\GrabIt
[2008/11/04 00:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\gtk-2.0
[2008/11/13 22:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Help
[2008/10/08 21:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Identities
[2008/10/08 23:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\InstallShield
[2010/11/24 12:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Leadertech
[2011/12/18 01:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\LimeWire
[2008/10/08 21:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Macromedia
[2010/02/21 10:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Malwarebytes
[2009/10/19 18:25:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Casanova\Application Data\Microsoft
[2010/09/26 11:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Mozilla
[2012/02/09 21:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Mumble
[2009/04/21 10:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Nero
[2009/09/17 16:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Nokia
[2009/09/17 16:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\PC Suite
[2010/07/30 11:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Roxio
[2011/06/27 16:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Samsung
[2012/01/15 21:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\searchquband
[2012/01/15 21:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\searchqutoolbar
[2009/01/16 19:09:49 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Casanova\Application Data\SecuROM
[2011/02/25 01:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Skype
[2011/02/25 00:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\skypePM
[2010/03/29 19:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\StreamTorrent
[2008/11/02 21:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Sun
[2010/02/21 20:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\SUPERAntiSpyware.com
[2011/12/19 01:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\SystemRequirementsLab
[2010/12/29 21:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\teamspeak2
[2010/09/19 18:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Tropico 3
[2011/09/17 19:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\TS3Client
[2011/12/18 10:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\TuneUp Software
[2010/09/25 10:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Turbine
[2009/04/21 15:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\Vso
[2008/10/21 19:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\WinRAR
[2011/03/14 12:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casanova\Application Data\XnView

< %APPDATA%\*.exe /s >
[2010/07/19 22:28:52 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Casanova\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
[2010/07/19 22:28:54 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Casanova\Application Data\LimeWire\browser\xulrunner\updater.exe
[2010/07/19 22:28:54 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Casanova\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
[2010/07/19 22:28:54 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Casanova\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
[2010/07/19 22:28:54 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Casanova\Application Data\LimeWire\browser\xulrunner\xpidl.exe
[2010/07/19 22:28:54 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Casanova\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
[2010/07/19 22:28:54 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Casanova\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
[2010/07/19 22:28:54 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Casanova\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
[2010/07/19 22:28:55 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Casanova\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
[2010/06/15 14:09:58 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Casanova\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2009/07/10 09:27:15 | 001,878,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Casanova\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2011/06/28 21:24:15 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Casanova\Application Data\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x86.exe
[2011/06/24 07:54:30 | 000,941,968 | ---- | M] (Samsung) -- C:\Documents and Settings\Casanova\Application Data\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2011/06/24 07:54:38 | 000,278,928 | ---- | M] () -- C:\Documents and Settings\Casanova\Application Data\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2011/04/27 15:14:54 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Casanova\Application Data\Samsung\Kies\UpdateTemp\backup\KiesMobileDeviceService.exe
[2011/06/24 07:54:36 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Documents and Settings\Casanova\Application Data\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2011/06/07 03:14:06 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Documents and Settings\Casanova\Application Data\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe
[2011/06/07 03:14:04 | 000,284,160 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Documents and Settings\Casanova\Application Data\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2011/06/09 10:45:38 | 000,660,992 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Documents and Settings\Casanova\Application Data\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2011/04/27 13:19:58 | 000,107,008 | ---- | M] () -- C:\Documents and Settings\Casanova\Application Data\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\HSPConnection.exe
[2011/06/24 07:54:40 | 000,067,472 | ---- | M] (Samsung) -- C:\Documents and Settings\Casanova\Application Data\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2011/06/07 03:13:54 | 000,100,352 | ---- | M] () -- C:\Documents and Settings\Casanova\Application Data\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe
[2011/06/07 03:13:54 | 000,095,232 | ---- | M] () -- C:\Documents and Settings\Casanova\Application Data\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe
[2011/06/24 07:54:44 | 000,131,984 | ---- | M] () -- C:\Documents and Settings\Casanova\Application Data\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2011/06/24 07:54:46 | 000,020,880 | ---- | M] () -- C:\Documents and Settings\Casanova\Application Data\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2011/06/24 07:54:48 | 004,661,464 | ---- | M] () -- C:\Documents and Settings\Casanova\Application Data\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2011/06/20 02:33:24 | 020,677,600 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Documents and Settings\Casanova\Application Data\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2011/06/24 07:54:50 | 000,358,800 | ---- | M] (ml) -- C:\Documents and Settings\Casanova\Application Data\Samsung\Kies\UpdateTemp\temp\Kies.Update.exe
[2011/08/01 04:32:24 | 000,362,384 | ---- | M] (ml) -- C:\Documents and Settings\Casanova\Application Data\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
[2008/12/09 13:52:32 | 000,071,736 | ---- | M] () -- C:\Documents and Settings\Casanova\Application Data\SystemRequirementsLab\SystemRequirementsLab.exe

< %SYSTEMDRIVE%\*.* >
[2010/02/21 11:54:52 | 000,000,004 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/10/08 21:03:54 | 000,000,216 | -HS- | M] () -- C:\boot.ini
[2004/08/05 13:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2008/10/08 21:07:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/10/08 21:07:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/10/08 21:07:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/05 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/06/26 08:11:06 | 000,252,240 | RHS- | M] () -- C:\ntldr
[2012/02/09 14:16:28 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/12/26 10:11:16 | 000,000,090 | ---- | M] () -- C:\Setup.log
[2008/10/13 13:19:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/10/13 13:19:42 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/10/13 13:19:48 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/10/27 23:38:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/06/12 19:51:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/08/21 13:09:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/10/13 13:19:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/10/13 13:19:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/10/13 13:19:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/10/27 23:38:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/06/12 19:51:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/08/21 13:09:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/10/08 22:58:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/10/08 22:58:14 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/10/08 22:58:13 | 000,446,464 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/01/16 18:56:46 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]


< MD5 for: EXPLORER.EXE >
[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: IEXPLORE.EXE >
[2009/06/29 08:25:31 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=02E2754D3E566C11A4934825920C47DD -- C:\WINDOWS\$hf_mig$\KB972260-IE7\SP3QFE\iexplore.exe
[2008/12/19 06:25:25 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=030D78FE84A086ED376EFCBD2D72C522 -- C:\WINDOWS\ie7updates\KB963027-IE7\iexplore.exe
[2008/10/15 07:34:58 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=056C927CF7207857E8B34F7A8FFD9B9E -- C:\WINDOWS\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[2008/10/15 07:34:58 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=056C927CF7207857E8B34F7A8FFD9B9E -- C:\WINDOWS\SoftwareDistribution\Download\9be74ccf2e967ebc45085789ed7bfc38\SP2QFE\iexplore.exe
[2009/04/25 06:27:50 | 000,636,088 | ---- | M] (Microsoft Corporation) MD5=092A7F2B49A19ECCE5369D3CB2276148 -- C:\WINDOWS\ie7updates\KB972260-IE7\iexplore.exe
[2008/12/19 06:25:30 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=15E8A89499741D5CF59A9CF6463A4339 -- C:\WINDOWS\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[2008/08/23 06:56:15 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=1F03216084447F990AE797317D0A6E70 -- C:\WINDOWS\ie7updates\KB958215-IE7\iexplore.exe
[2008/08/23 06:56:15 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=1F03216084447F990AE797317D0A6E70 -- C:\WINDOWS\SoftwareDistribution\Download\a37a907ce729d9b027006f974e62dcad\SP2GDR\iexplore.exe
[2009/06/29 09:35:10 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=3CFC56F73D494FC1AA2B6E981DF15ACD -- C:\WINDOWS\ie8\iexplore.exe
[2008/04/14 03:34:06 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=3D3C316BD1E112F3B9C532D8B9939BDC -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2004/08/05 13:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=833E2B3F0E2484C0F2B804AE871B4381 -- C:\WINDOWS\ie7\iexplore.exe
[2008/10/15 08:06:26 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=9D3DB9ADFABD2F0BC778EC03250A3ABB -- C:\WINDOWS\ie7updates\KB961260-IE7\iexplore.exe
[2008/10/15 08:06:26 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=9D3DB9ADFABD2F0BC778EC03250A3ABB -- C:\WINDOWS\SoftwareDistribution\Download\9be74ccf2e967ebc45085789ed7bfc38\SP2GDR\iexplore.exe
[2009/02/28 05:54:41 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=A251068640DDB69FD7805B57D89D7FF7 -- C:\WINDOWS\ie7updates\KB969897-IE7\iexplore.exe
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
[2009/02/28 05:54:44 | 000,636,088 | ---- | M] (Microsoft Corporation) MD5=BCD8E48709BE4A79606F0B6E8E9A6162 -- C:\WINDOWS\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[2009/04/25 06:27:39 | 000,636,088 | ---- | M] (Microsoft Corporation) MD5=C0503FD8D163652735C1EE900672A75C -- C:\WINDOWS\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe
[2007/08/13 18:43:56 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=DE49B348A18369B4626FBA1D49B07FB4 -- C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
[2008/08/23 06:56:16 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=E8305C30D35E85D6657ED3E9934CB302 -- C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[2008/08/23 06:56:16 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=E8305C30D35E85D6657ED3E9934CB302 -- C:\WINDOWS\SoftwareDistribution\Download\a37a907ce729d9b027006f974e62dcad\SP2QFE\iexplore.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 03:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 03:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Casanova\Mes documents\u2.mp4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Casanova\Mes documents\Star Wars - The Old Republic:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Casanova\Mes documents\Samsung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Casanova\Mes documents\Grid:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Casanova\Mes documents\Data:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Casanova\Mes documents\09102010024.mp4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Casanova\Bureau\U2_Rome_2010-10-08_I_Still_Haven_39_t_Found_What_I_39_m_Looking_For_w_fan_choreography-_u2gigs.com.mp4:Roxio EMC Stream

< End of report >
Contenus similaires
a c 627 8 Sécurité
10 Février 2012 12:25:06

Bonjour,

Tu as installé un sponsor publicitaire volontairement en ne lisant pas les conditions d'utilisation !

c'est toi qui a mis un proxy sur ta connexion ?

On y va :

1) Supprime les programmes suivant (si présent) :

- List_Kill'em 1.2.5.3 (outil inutile ici)
- Spybot - Search & Destroy (obsolète et inutile, la preuve, tu es là ...)
- Windows iLivid Toolbar (adware : logiciel publicitaire)

2) Télécharge AdwCleaner (de Xplode) sur ton Bureau.

/!\ Désactive tes protections résidentes : antivirus, antispyware ... Déconnecte-toi et ferme toutes les applications en cours (notamment ton navigateur)/!\

  • Double-clique sur adwcleaner0.exe pour lancer le programme.
    (Utilisateur de Vista/Windows 7, clique-droit sur le fichier adwcleaner0.exe -> Exécuter en tant qu'administrateur)

  • Dans la fenêtre principal, choisis l'option Suppression.
  • Valide l'avertissement.
  • Si le pc demande à redémarrer, accepte.
  • Un rapport apparaitra (sinon, il est situé ici C:\AdwCleaner[Sx].txt). Poste-le dans ta prochaine réponse.

  • Pour les rapports, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu dans ta réponse.
    Une aide à l'utilisation ici



    3) Relance OTL.exe

  • Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

  • Copie-colle l'ensemble du texte ci-dessous dans le cadre Personnalisation d'OTL en bas à gauche.



    :OTL
    IE - HKU\S-1-5-21-1220945662-1364589140-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
    FF - prefs.js..browser.search.defaultenginename: "Search Results"
    FF - prefs.js..browser.search.order.1: "Search Results"
    FF - prefs.js..browser.search.selectedEngine: "Search Results"
    FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=169&syst..."
    [2012/01/14 14:20:01 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Casanova\Application Data\Mozilla\Firefox\Profiles\alrkuvwp.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
    [2012/01/14 14:19:57 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Casanova\Application Data\Mozilla\Firefox\Profiles\alrkuvwp.default\searchplugins\Search_Results.xml
    [2012/01/14 14:19:57 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-1220945662-1364589140-725345543-1004\..\Toolbar\WebBrowser: (no name) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - No CLSID value found.
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
    O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
    [2012/01/15 21:39:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casanova\Application Data\searchquband
    [2012/01/14 14:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casanova\Local Settings\Application Data\Ilivid Player
    [2012/01/14 14:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casanova\Application Data\searchqutoolbar
    [2012/01/14 14:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar
    [2012/01/14 14:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casanova\Local Settings\Application Data\PackageAware
    [2008/10/13 13:19:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2008/10/13 13:19:42 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
    [2008/10/13 13:19:48 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
    [2008/10/27 23:38:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
    [2009/06/12 19:51:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
    [2009/08/21 13:09:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
    [2008/10/13 13:19:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2008/10/13 13:19:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2008/10/13 13:19:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2008/10/27 23:38:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2009/06/12 19:51:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2009/08/21 13:09:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm

    :Commands
    [emptytemp]


  • Puis clique sur le bouton Correction en haut à gauche
  • Le pc va redémarrer. (si ce n'est pas le cas, fais-le manuellement)
  • Poste le rapport de suppression s'il apparait.

    Note : le rapport est enregistré sous format ".log", il convient de changer cette extension en ".txt" si tu veux le déposer sur des sites en ligne. S'il n'apparait pas, il se trouve ici : C:\_OTL, sous la forme xxxxxxxx_xxxx.log où x sont la date et l'heure

    /!\ Ce script est exclusivement réservé à l'utilisateur actuel du sujet, vous ne devez en aucun cas l'utiliser de votre propre chef sur un autre pc, sous risque d'endommager le système /!\
    a c 627 8 Sécurité
    10 Février 2012 14:03:50

    Re,

    As-tu encore des problèmes sur le pc ?

    Les proxy, ce sont des connexion via des ports/routeur spécifiques.
    Cela peut être le cas si tu te connectes sur un réseau de lycée/école/université ou grande entreprise, ou si tu utilise des logiciels spéciaux de connexion ou de partage.

    Est-ce le cas ?
    10 Février 2012 15:32:26

    Oui à priori ça a l'air bon, ça ne revient plus. Merci pour le coup de main.

    Pour le proxy, non je ne me connecte pas sur un réseau de lycée ou autre. J'ai ma livebox, est ce que c'est génant ?

    a c 627 8 Sécurité
    10 Février 2012 15:47:02

    Re,

    La connexion est lié avec un serveur au Canada ...

    Si cela ne te dit rien, suis ce tuto pour suppirmer le proxy :
    http://forum.security-x.fr/tutoriels-317/(tutoriel)-desactiver-un-proxy/

    On nettoie les outils utilisé :

    1) Relance OTL.exe
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

  • Clique sur "Purge d'outils"
  • Valide l'avertissement par "ok" et laisse le pc redémarrer.

    2) Désinstalle AdwCleaner :

  • Relance-le le programme adwcleaner0.exe situé sur ton Bureau.
    (Utilisateur de Vista/Windows 7, clique-droit sur le fichier -> Exécuter en tant qu'administrateur)
  • Dans la fenêtre principal, choisis l'option Désinstallation, et valide avec "Oui"

  • Supprime ensuite le fichier adwcleaner0.exe sur ton bureau.

    3) Télécharge SX Check&Update (de Igor51 ) sur ton bureau.

  • Lance SXCU.exe en double-cliquant dessus.

  • Clique sur Update Java à droite. Le chargement et l'exécution de la mise à jour vont se faire, suis les instructions.

  • Clique sur Update Flash à droite. Selon le cas, soit Internet Explorer, soit ton ou tes autres navigateurs vont s'ouvrir, suis pour chacun d'eux les instructions à l'écran pour la mise à jour.


    Ferme le programme via "Quit"
    Tu peux supprimer SXCU.exe.


    Pour aller plus loin dans ta protection et éviter de te faire réinfecter voici quelques conseils supplémentaires :

  • Installer un parefeu en remplacement de celui de Windows XP :
    Le parefeu intégré de Windows XP n'est pas assez performant, il est intéressant de le remplacer par un parefeu plus complet, tel Zone Alarm ou Kerio par exemple ... /!\ comme les antivirus, un seul parefeu sur ton pc, pense donc à désactiver celui de Windows si tu en installes un autre !!!

  • Attention lors de l'installation de logiciel :
    Veiller à toujours lire les conditions d'utilisation (CLUF), afin de déceler la gestion des données personnelles, l'installation de sponsors publicitaires ou tout autre atteintes à la vie privée. Refuser les toolbars et autres addons proposés.

    Firefox et/ou Chrome offrent une meilleure sécurité par rapport à Internet Explorer, surtout si on les complète de quelques plugins très intéressant : Noscript et WOT par exemple. (pour Chrome : NoScript ; WOT )

  • Surfer sans les droits d'administration : En session limitée ou avec DropMyRight
    Cela diminue considérablement les risques d'infections, car certaines infection ne peuvent alors plus s'installer.

  • Maintenir ses logiciels et son système à jour :
    De nombreuses infections sont dû à des failles de windows, mais aussi de logiciel tiers, comme Sun Java, Adobe Acrobat Reader, etc
    Tu peux faire un scan de vulnérabilité pour connaitre tes logiciels présentant des failles non corrigées ou à mettre à jour.

    Enfin, le plus important reste ton comportement sur ton PC, tu restes la plus importante protection : Évites les comportement à risque : P2P, cracks, téléchargements et installations douteux via des pubs, les messageries instantanées, ou des sites inconnu, sites pornographiques.
    A lire !

    A bientôt sur les forums Tom's Guide
    :jap: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS