Se connecter / S'enregistrer
Votre question

PC portable ralentit

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
13 Mars 2011 13:17:29

Bonjour,

Depuis quelques temps j'ai de gros soucis de ralentissement sur mon PC notamment lorsque je lis des vidéos ou mp3.
Mon PC est sous Windows 7 et mon antivirus est Antivir qui ne détécte aucun virus.

Merci de m'aider.

Voici le log Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:59, on 13/03/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\YOMYFRED 2.0\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\YOMYFRED 2.0\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspir...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.autocompletepro.com/?si=10203&bi=400
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.autocompletepro.com/?si=10203&bi=400
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.autocompletepro.com/?si=10203&bi=400
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mfiscalled.aceboard.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspir...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspir...
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.autocompletepro.com/?si=10203&bi=400
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.138.124.232:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TrayServer] C:\PROGRA~2\MAGIX\VIDEO_~1\TrayServer.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - Startup: Dropbox.lnk = YOMYFRED 2.0\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: JDownloader.lnk = C:\Program Files (x86)\JDownloader\JDownloader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_5_...
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/1511...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/1511...
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\ma-config.com\maconfservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16755 bytes

Autres pages sur : portable ralentit

13 Mars 2011 15:06:12

Bonjour

1


Ouvre Spybot , clique sur l'onglet Mode et choisis Mode Avancé
Ne tiens pas compte de l'avertissement
En bas à gauche , clique sur Outils
Toujours dans la colonne de gauche , clique sur Résident ( pas dans la fenêtre centrale )
Et décoche l'option Resident "TeaTimer".......

2

Lire: Les toolbars c'est pas obligatoire!

3

  • Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

    /!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\

  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
    (Sous Vista/Seven, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
  • Choisis la langue F pour français.
  • Au menu principal, choisis l'option Scanner.

    /!\ Laisse travailler l'outil /!\

  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
    /!\ Pense à réactiver ton antivirus /!\
    m
    0
    l
    13 Mars 2011 16:50:27

    Tout d'abord merci de ton aide Sham_Rock ! ;) 

    J'ai suivi tes instructions et supprimé les toolbars qui effectivement étaient présents dans mon navigateur.

    Voici le log d'Ad-Remover :
    ======= RAPPORT D'AD-REMOVER 2.0.0.2,F | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 01/03/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [2]) -> Lancé à 16:43:04 le 13/03/2011, Mode normal

    Microsoft Windows 7 Édition Familiale Premium (X64)
    YOMYFRED 2.0@YOMYFRED20-PC (Acer Aspire 5542)

    ============== RECHERCHE ==============


    Dossier trouvé: C:\Program Files (x86)\Conduit
    Dossier trouvé: C:\Program Files (x86)\AutocompletePro

    Clé trouvée: HKLM\Software\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Clé trouvée: HKLM\Software\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
    Clé trouvée: HKLM\Software\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
    Clé trouvée: HKLM\Software\Classes\SuggestMeYes.SuggestMeYesBHO
    Clé trouvée: HKLM\Software\Classes\SuggestMeYes.SuggestMeYesBHO.1
    Clé trouvée: HKLM\Software\Classes\AppID\AutocompletePro.DLL
    Clé trouvée: HKLM\Software\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
    Clé trouvée: HKCU\Software\AutocompletePro
    Clé trouvée: HKCU\Software\AppDataLow\Software\Conduit
    Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro3_is1
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}


    ============== SCAN ADDITIONNEL ==============

    **** Internet Explorer Version [8.0.7600.16385] ****

    HKCU_Main|Default_Page_URL - hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspire_5542&r=27360710v606l04h8z145t54m1y362
    HKCU_Main|Default_Search_URL - hxxp://search.autocompletepro.com/?si=10203&bi=400
    HKCU_Main|Search bar - hxxp://search.autocompletepro.com/?si=10203&bi=400
    HKCU_Main|Search Page - hxxp://search.autocompletepro.com/?si=10203&bi=400
    HKCU_Main|Start Page - hxxp://mfiscalled.aceboard.fr/
    HKLM_Main|Default_Page_URL - hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspire_5542&r=27360710v606l04h8z145t54m1y362
    HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Start Page - hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspire_5542&r=27360710v606l04h8z145t54m1y362
    HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "Web Search" (hxxp://search.autocompletepro.com/?si=10203&bi=400&q={searchTerms})
    HKLM_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "Radio Bar 1 Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
    HKCU_Toolbar\WebBrowser|{47833539-D0C5-4125-9FA8-0819E2EAAC93} (x)
    HKLM_ElevationPolicy\5c3011c6-c17e-4666-b232-7f0909d3d570 - C:\Program Files (x86)\Radio_Bar_1\Radio_Bar_1ToolbarHelper.exe (x)
    HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
    HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
    HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
    HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files (x86)\Common Files\Oberon Media\OberonBroker\1.0.0.63\OberonBroker.exe (?)
    HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
    HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
    BHO\{0FB6A909-6086-458F-BD92-1F8EE10042A0} - "AC-Pro" (C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll)

    ========================================

    C:\Program Files (x86)\Ad-Remover\Quarantine: 0 Fichier(s)
    C:\Program Files (x86)\Ad-Remover\Backup: 2 Fichier(s)

    C:\Ad-Report-SCAN[1].txt - 13/03/2011 16:32:40 (6532 Octet(s))
    C:\Ad-Report-SCAN[2].txt - 13/03/2011 16:43:12 (4386 Octet(s))

    Fin à: 16:44:39, 13/03/2011

    ============== E.O.F ==============
    m
    0
    l
    Contenus similaires
    13 Mars 2011 18:48:30

    re
    il y a des restes. ;) 

    on va les supprimer:


  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
    (Sous Vista/Seven, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
  • Choisis la langue F pour français.
  • Au menu principal, choisis l'option Nettoyer.

    /!\ Laisse travailler l'outil /!\

  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
    /!\ Pense à réactiver ton antivirus /!\

    +++++++++++++++++++++++++


    puis:


    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
    Une fois l'installation et la mise à jour effectuées :
  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    ~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    ~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
  • Poste ce rapport.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    Note : Si tu ne parviens à télécharger MBAM à partir de MajorGeeks, tu peux le télécharger ici!

    [#FF0000]Aide
    :
  • Comment utiliser MBAM.
    m
    0
    l
    13 Mars 2011 22:25:28

    Voilà le premier rapport du nettoyage d'AD-R :

    ======= RAPPORT D'AD-REMOVER 2.0.0.2,F | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 01/03/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 18:57:10 le 13/03/2011, Mode normal

    Microsoft Windows 7 Édition Familiale Premium (X64)
    YOMYFRED 2.0@YOMYFRED20-PC (Acer Aspire 5542)

    ============== ACTION(S) ==============


    Dossier supprimé: C:\Program Files (x86)\Conduit
    Dossier supprimé: C:\Program Files (x86)\AutocompletePro

    (!) -- Fichiers temporaires supprimés.


    Clé supprimée: HKLM\Software\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Clé supprimée: HKLM\Software\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
    Clé supprimée: HKLM\Software\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
    Clé supprimée: HKLM\Software\Classes\SuggestMeYes.SuggestMeYesBHO
    Clé supprimée: HKLM\Software\Classes\SuggestMeYes.SuggestMeYesBHO.1
    Clé supprimée: HKLM\Software\Classes\AppID\AutocompletePro.DLL
    Clé supprimée: HKLM\Software\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
    Clé supprimée: HKCU\Software\AutocompletePro
    Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro3_is1
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}


    ============== SCAN ADDITIONNEL ==============

    **** Internet Explorer Version [8.0.7600.16385] ****

    HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
    HKCU_Main|Start Page - hxxp://fr.msn.com/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
    HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Start Page - hxxp://fr.msn.com/
    HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "Web Search" (hxxp://search.autocompletepro.com/?si=10203&bi=400&q={searchTerms})
    HKCU_Toolbar\WebBrowser|{47833539-D0C5-4125-9FA8-0819E2EAAC93} (x)
    HKLM_ElevationPolicy\5c3011c6-c17e-4666-b232-7f0909d3d570 - C:\Program Files (x86)\Radio_Bar_1\Radio_Bar_1ToolbarHelper.exe (x)
    HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
    HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
    HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
    HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files (x86)\Common Files\Oberon Media\OberonBroker\1.0.0.63\OberonBroker.exe (?)
    HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
    HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)

    ========================================

    C:\Program Files (x86)\Ad-Remover\Quarantine: 16 Fichier(s)
    C:\Program Files (x86)\Ad-Remover\Backup: 16 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 13/03/2011 18:57:19 (3954 Octet(s))
    C:\Ad-Report-SCAN[1].txt - 13/03/2011 16:32:40 (6532 Octet(s))
    C:\Ad-Report-SCAN[2].txt - 13/03/2011 16:43:12 (4524 Octet(s))

    Fin à: 18:59:16, 13/03/2011

    ============== E.O.F ==============

    ***********************************************************************************************

    Et ci-dessous le rapport de MalwareByte's Anti-Malware qui n'a d'ailleurs rien trouvé...

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Version de la base de données: 6044

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    13/03/2011 21:23:06
    mbam-log-2011-03-13 (21-23-06).txt

    Type d'examen: Examen complet (C:\|)
    Elément(s) analysé(s): 414853
    Temps écoulé: 2 heure(s), 2 minute(s), 35 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    ***********************************************************************************************

    Malgrés tout ça mon PC rame toujours autant. Je ne sais pas quoi faire d'autre... :( 
    m
    0
    l
    14 Mars 2011 21:13:31

    Bonsoir
    j'ai pas dis que c'était fini... :D 

    c'est toi qui a rajouté ce proxy?
    Citation :
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.138.124.232:80

    je tombe sur des forums de hackers quand je fais une recherche dessus... :o 

    ton pc, il est ralentit que sur internet ou tout le temps?



    Télécharge DDS et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tels qu'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
    m
    0
    l
    14 Mars 2011 23:12:56

    Bonsoir,

    Pour ce qui est du proxy, je voulais mettre internet explorer sous proxy mais j'avoue que je ne savais pas trop ce que je faisais et j'ai pris cette adresse je ne sais où...
    Je l'ai très vite désactivé mais j'ai effectivement omis d'éffacer l'adresse. :ange: 

    Pour ce qui est des ralentissements, il y en a aussi quand je ne suis pas connecté à internet mais j'ai quand même l'impression que c'est pire quand il est mis...

    Ci-dessous tu pourras trouver le scan DDS.txt :
    .
    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by YOMYFRED 2.0 at 22:39:34,24 on 14/03/2011
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.4094.2685 [GMT 1:00]
    .
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
    C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Apoint2K\HidFind.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Users\YOMYFRED 2.0\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\explorer.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\YOMYFRED 2.0\Bureau\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://mfiscalled.aceboard.fr/
    uWindow Title =
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    uRun: [AdobeBridge]
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [TrayServer] C:\PROGRA~2\MAGIX\VIDEO_~1\TrayServer.exe
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\YOMYFR~1.0\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\YOMYFRED 2.0\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\YOMYFR~1.0\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\JDOWNL~1.LNK - C:\Program Files (x86)\JDownloader\JDownloader.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Ajouter à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/maconfig/MaConfig_5_1_0_5.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    {0FB6A909-6086-458F-BD92-1F8EE10042A0}
    {9030D464-4C02-4ABF-8ECC-5164760863C6}
    TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    mRun-x64: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    mRun-x64: [PLFSetI] C:\Windows\PLFSetI.exe
    mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    mRun-x64: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
    R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
    R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 27136]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-7-7 203264]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-1-4 354304]
    R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-10-9 135336]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-10-9 267944]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-10-9 83120]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-1-25 844320]
    R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]
    R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
    R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-11 305448]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-18 144640]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-2-28 1153368]
    R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-8-24 92008]
    R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-10-28 240160]
    R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-2-10 46136]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-7-7 7195648]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-7-7 265728]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2010-1-26 292864]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-20 317480]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-1-25 34872]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 27136]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-9-24 62720]
    S3 clfiltv;clfiltv;C:\Windows\System32\drivers\clfiltv.sys [2011-2-10 24064]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-1 79360]
    S3 driverhardwarev2x64;driverhardwarev2x64;C:\Program Files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys [2010-8-30 15872]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-4 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 maconfservice;Ma-Config Service;C:\Program Files (x86)\ma-config.com\maconfservice.exe [2011-1-24 310640]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-18 50432]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-28 225280]
    S3 skfiltv;skfiltv;C:\Windows\System32\drivers\skfiltv.sys [2010-11-1 28160]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-2 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2011-03-14 19:08:44 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Roaming\Rovio
    2011-03-14 09:29:27 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{72BF4845-2481-4BEC-BC6E-8AC94735FDE4}
    2011-03-13 21:25:09 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{357AC903-AD4E-4059-BF1C-D273F91D79CF}
    2011-03-13 18:19:57 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Roaming\Malwarebytes
    2011-03-13 18:18:02 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-13 18:17:59 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-03-13 18:17:56 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-03-13 18:17:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-03-13 15:32:18 -------- d-----w- C:\Program Files (x86)\Ad-Remover
    2011-03-13 12:24:55 401720 ----a-w- C:\Users\YOMYFR~1.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis.exe
    2011-03-13 09:24:26 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{FE614182-7FC4-457B-80C5-15CAB40C1953}
    2011-03-12 21:13:15 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{8BD0DD3C-7CC6-4BE3-BCA8-99D98104C2C0}
    2011-03-12 09:12:31 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{FF029336-B0F5-4B8B-ACB1-4C3B0E98A97C}
    2011-03-11 17:58:47 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{8D3A113C-4E0C-4886-8E1A-152FC7812CE0}
    2011-03-11 15:47:37 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{69AA9A39-7D0D-4C18-BFB2-10AD4B98D165}\mpengine.dll
    2011-03-11 05:58:05 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{C9C78822-7E19-4C4C-A309-FC673ED349C1}
    2011-03-10 09:16:07 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{76A05250-FC9E-47B0-8DFC-558DCE2D4F96}
    2011-03-09 16:34:31 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{013BD88A-76B8-4D88-9711-B57AEAF43573}
    2011-03-08 20:28:28 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{1EFE0911-6CFA-40F6-9F95-E8B3878C6A85}
    2011-03-08 19:03:25 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{66F90444-E4E1-413B-A736-5AE886933FA3}
    2011-03-08 06:53:32 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{765C27BF-1C89-4269-8556-CD8BB2CC4E18}
    2011-03-07 11:15:29 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{8842CAE2-B518-4453-B4A1-9BD80424756E}
    2011-03-06 22:06:06 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{614A1B76-3D1F-4117-BE09-1877DD663AA9}
    2011-03-06 09:48:44 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{5AAF371B-AD08-4D43-B631-680D67D1C2DE}
    2011-03-06 09:43:31 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{09B6F6B6-D009-491C-963B-8314071B945D}
    2011-03-05 20:04:49 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{8BF5D1A5-A6C7-4935-9406-899E899403FE}
    2011-03-05 07:57:36 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{75A8CF76-D930-4991-AB69-22BCDAA010B8}
    2011-03-04 15:41:54 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{B26300DB-EFE6-4091-B7EB-5CAA96F3700A}
    2011-03-03 18:06:08 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{288D6D90-0A94-4FCD-83DB-6060C106D367}
    2011-03-03 05:48:43 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{3D870271-81D3-4263-A1C3-D94FF734E667}
    2011-03-02 17:47:58 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{B81F9331-B1FA-42AC-BF2C-D01F78545574}
    2011-03-01 18:44:17 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{EE73840E-B037-4D6A-8EE2-933708CBD68D}
    2011-02-28 19:19:50 -------- d-----r- C:\Users\YOMYFRED 2.0\Téléchargements
    2011-02-28 10:18:23 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Roaming\RegistryKeys
    2011-02-28 08:12:20 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{8887AFD4-072F-4333-9D41-3581BB69240A}
    2011-02-28 07:25:54 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2011-02-28 07:25:54 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
    2011-02-28 07:00:11 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{28F2C5D1-6F42-4C3E-B7F2-8FA9F558F03F}
    2011-02-27 09:08:08 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{9219F357-5901-4C40-90E2-FFAE5C3DEF17}
    2011-02-27 01:10:37 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{C1E876F0-DF3E-4B5F-8BB1-D447EC3C0251}
    2011-02-26 08:44:44 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{435A6123-88EC-4D95-9A8A-729343E9D132}
    2011-02-25 15:51:58 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{E7EFBBF4-3B6F-412E-8755-07D7B9C8BE6C}
    2011-02-24 17:46:52 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{37F020EB-FFC3-4243-9824-F2114A56A1CF}
    2011-02-24 05:46:10 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{96D0AD69-D6B9-4C48-8253-87883B3FD2A4}
    2011-02-24 00:13:24 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
    2011-02-24 00:13:24 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
    2011-02-23 16:36:29 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{19ECD506-CE57-4A7F-87B0-734E775E73D2}
    2011-02-23 16:33:41 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-02-23 16:33:40 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-02-23 16:33:40 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-02-23 16:33:40 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2011-02-22 19:10:01 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{270A7B05-739E-47E5-8E41-D3AA4B22C8EB}
    2011-02-22 06:55:11 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{15BAECA7-8C4B-467F-8A54-689F1C4B32C6}
    2011-02-21 17:56:13 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{5115C150-2758-44DF-B03E-4DF0E157D7D6}
    2011-02-21 17:47:14 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{BDE648C6-4F38-4D1C-927A-FC6F05A7B228}
    2011-02-21 05:45:31 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{97CD9653-A6E0-46A0-A50C-4D33D7E7C76A}
    2011-02-20 10:22:55 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{EC614E84-2927-4F54-BADF-75BC0332207F}
    2011-02-19 11:24:47 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{12120004-49BE-4AC0-A64D-03719E0FFFAC}
    2011-02-18 23:24:06 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{4CFC7E56-DB69-47E8-9A6F-76DE938B94F9}
    2011-02-18 11:23:30 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{2309BEB5-D413-4024-AA89-31FD5BC3B9B4}
    2011-02-17 17:17:48 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{FE2BCCDF-A8AB-454E-B4F1-31AB60964AD6}
    2011-02-17 16:15:50 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{4A590BB1-8C0B-4ED0-8510-F342F03C006A}
    2011-02-16 17:15:35 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{E8D0062A-4239-46EE-9C27-E51FBAB2CC95}
    2011-02-15 21:35:43 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{392AC8C5-A1C0-4698-9532-E3A8423D1FC4}
    2011-02-15 07:16:04 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{A3C67494-4BD7-4355-97AA-5A11C7A61C1D}
    2011-02-14 18:03:36 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{2538EE9B-C35C-4D4A-BC51-6D1BC89B6105}
    2011-02-13 22:21:47 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{FB1CC597-1F40-45DB-AEEA-12BFA72A8191}
    2011-02-13 18:37:19 -------- d-----w- C:\PROGRA~3\tmp
    2011-02-13 09:49:00 -------- d-----w- C:\Users\YOMYFR~1.0\AppData\Local\{A821B465-E34C-44EB-8012-C7C8497410F9}
    .
    ==================== Find3M ====================
    .
    2011-03-10 16:00:29 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
    2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll
    2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2011-02-09 23:21:24 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
    2011-02-09 23:21:24 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2011-02-09 23:21:24 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
    2011-02-09 23:21:24 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2011-02-02 16:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
    2011-01-15 17:46:45 1409 ----a-w- C:\Windows\QTFont.for
    2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
    2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
    2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
    2010-12-23 06:07:50 1118720 ----a-w- C:\Windows\System32\sbe.dll
    2010-12-23 06:07:49 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2010-12-23 06:07:49 723968 ----a-w- C:\Windows\System32\EncDec.dll
    2010-12-23 06:02:33 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
    2010-12-23 05:28:29 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
    2010-12-23 05:28:28 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2010-12-23 05:28:28 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2010-12-23 05:24:02 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
    2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
    2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
    2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
    2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
    2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
    2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
    2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
    2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
    2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
    2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
    2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
    2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
    2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
    2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
    2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
    2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
    2010-12-18 06:12:28 3138048 ----a-w- C:\Windows\System32\mstscax.dll
    2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
    2010-12-18 06:08:15 1097216 ----a-w- C:\Windows\System32\mstsc.exe
    2010-12-18 05:30:20 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2010-12-18 05:26:55 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
    2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
    2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 22:39:53,15 ===============
    m
    0
    l
    16 Mars 2011 11:45:50

    bonjour

    va falloir se pencher de plus près sur tous ces dossiers:
    Citation :
    C:\Users\YOMYFR~1.0\AppData\Local\{A821B465-E34C-44EB-8012-C7C8497410F9}

    Il y en a des tonnes donc on va déjà en ouvrir un...

    1
    (je ne suis pas sûr que sytemlook marche sous seven64, donc n'insiste pas si ça marche pas)

    Télécharge SystemLook à partir d'un des liens ci dessous sur ton Bureau.
    http://jpshortstuff.247fixes.com/SystemLook.exe

    * Double-click SystemLook.exe pour le lancer.
    * Clic droit/copier le contenu du cadre ci dessous ,et clic droit/coller dans le cadre blanc de SystemLook:

    :dir
    C:\Users\YOMYFRED\AppData\Local\{A821B465-E34C-44EB-8012-C7C8497410F9} /sub


    * Click le bouton Look pour commencer le scan.
    * Laisse l'outil travailler, cela peut prendre quelques minutes.
    * Copie-colle dans ta prochaine réponse le rapport\contenu du fichier texte qui s'affiche

    Note: Le rapport peut aussi être trouvé sur ton Bureau nommé SystemLook.txt


    2

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs : Combofix
    Sauvegarde-le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    <@_@>

    +++++++++++++++++++++
    m
    0
    l
    16 Mars 2011 23:29:45

    1

    Ci-dessous le rapport de SystemLook :


    SystemLook 04.09.10 by jpshortstuff
    Log created at 20:25 on 16/03/2011 by YOMYFRED 2.0
    Administrator - Elevation successful
    WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

    ========== dir ==========

    C:\Users\YOMYFRED\AppData\Local\{A821B465-E34C-44EB-8012-C7C8497410F9} - Unable to find folder.

    - Unable to find folder.

    -= EOF =-

    2

    Ci-dessous le rapport de ComboFix :


    ComboFix 11-03-16.01 - YOMYFRED 2.0 16/03/2011 22:14:04.1.2 - x64
    Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.4094.2795 [GMT 1:00]
    Lancé depuis: c:\users\YOMYFRED 2.0\Bureau\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\audiograbber\audiograbber.exe
    C:\Install.exe
    c:\users\YOMYFRED 2.0\AppData\Roaming\.#
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-02-16 au 2011-03-16 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-03-16 21:32 . 2011-03-16 21:32 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-16 18:03 . 2011-03-16 18:03 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{7E661DB8-A30F-43B7-BF19-DB172AA8EFAE}
    2011-03-15 17:50 . 2011-03-15 17:50 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{37E52BF1-280A-4231-AAF8-A44CBB855A8F}
    2011-03-15 07:09 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65D2D5DE-38A4-4AB9-BBCE-E608A5CFACBD}\mpengine.dll
    2011-03-14 23:01 . 2011-03-14 23:01 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{2ABB91BB-43CC-447A-91A8-D773EBD7A371}
    2011-03-14 19:08 . 2011-03-14 19:08 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Roaming\Rovio
    2011-03-14 19:06 . 2011-01-07 00:13 -------- d-----w- c:\program files\Angry Birds
    2011-03-14 09:29 . 2011-03-14 09:29 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{72BF4845-2481-4BEC-BC6E-8AC94735FDE4}
    2011-03-13 21:25 . 2011-03-13 21:25 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{357AC903-AD4E-4059-BF1C-D273F91D79CF}
    2011-03-13 18:19 . 2011-03-13 18:19 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Roaming\Malwarebytes
    2011-03-13 18:18 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-13 18:17 . 2011-03-13 18:17 -------- d-----w- c:\programdata\Malwarebytes
    2011-03-13 18:17 . 2011-03-13 18:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-03-13 18:17 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-13 15:32 . 2011-03-13 15:32 -------- d-----w- c:\program files (x86)\Ad-Remover
    2011-03-13 12:24 . 2011-03-13 12:12 401720 ----a-w- c:\users\YOMYFRED 2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis.exe
    2011-03-13 09:24 . 2011-03-13 09:24 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{FE614182-7FC4-457B-80C5-15CAB40C1953}
    2011-03-12 21:13 . 2011-03-12 21:13 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{8BD0DD3C-7CC6-4BE3-BCA8-99D98104C2C0}
    2011-03-12 09:12 . 2011-03-12 09:12 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{FF029336-B0F5-4B8B-ACB1-4C3B0E98A97C}
    2011-03-11 17:58 . 2011-03-11 17:59 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{8D3A113C-4E0C-4886-8E1A-152FC7812CE0}
    2011-03-11 05:58 . 2011-03-11 05:58 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{C9C78822-7E19-4C4C-A309-FC673ED349C1}
    2011-03-10 16:01 . 2011-03-10 16:01 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-03-10 09:16 . 2011-03-10 09:16 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{76A05250-FC9E-47B0-8DFC-558DCE2D4F96}
    2011-03-09 16:34 . 2011-03-09 16:34 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{013BD88A-76B8-4D88-9711-B57AEAF43573}
    2011-03-08 20:28 . 2011-03-08 20:28 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{1EFE0911-6CFA-40F6-9F95-E8B3878C6A85}
    2011-03-08 19:03 . 2011-03-08 19:03 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{66F90444-E4E1-413B-A736-5AE886933FA3}
    2011-03-08 06:53 . 2011-03-08 06:53 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{765C27BF-1C89-4269-8556-CD8BB2CC4E18}
    2011-03-07 11:15 . 2011-03-07 11:16 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{8842CAE2-B518-4453-B4A1-9BD80424756E}
    2011-03-06 22:06 . 2011-03-06 22:06 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{614A1B76-3D1F-4117-BE09-1877DD663AA9}
    2011-03-06 09:48 . 2011-03-06 09:49 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{5AAF371B-AD08-4D43-B631-680D67D1C2DE}
    2011-03-06 09:43 . 2011-03-06 09:43 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{09B6F6B6-D009-491C-963B-8314071B945D}
    2011-03-05 20:04 . 2011-03-05 20:05 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{8BF5D1A5-A6C7-4935-9406-899E899403FE}
    2011-03-05 07:57 . 2011-03-05 07:58 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{75A8CF76-D930-4991-AB69-22BCDAA010B8}
    2011-03-04 15:41 . 2011-03-04 15:42 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{B26300DB-EFE6-4091-B7EB-5CAA96F3700A}
    2011-03-03 18:06 . 2011-03-03 18:06 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{288D6D90-0A94-4FCD-83DB-6060C106D367}
    2011-03-03 05:48 . 2011-03-03 05:49 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{3D870271-81D3-4263-A1C3-D94FF734E667}
    2011-03-02 17:47 . 2011-03-02 17:48 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{B81F9331-B1FA-42AC-BF2C-D01F78545574}
    2011-03-01 18:44 . 2011-03-01 18:44 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{EE73840E-B037-4D6A-8EE2-933708CBD68D}
    2011-02-28 19:19 . 2011-03-14 19:07 -------- d-----r- c:\users\YOMYFRED 2.0\Téléchargements
    2011-02-28 10:18 . 2011-02-28 10:18 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Roaming\RegistryKeys
    2011-02-28 08:12 . 2011-02-28 08:12 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{8887AFD4-072F-4333-9D41-3581BB69240A}
    2011-02-28 07:25 . 2011-02-28 09:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-02-28 07:25 . 2011-02-28 07:29 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2011-02-28 07:00 . 2011-02-28 07:00 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{28F2C5D1-6F42-4C3E-B7F2-8FA9F558F03F}
    2011-02-27 09:08 . 2011-02-27 09:08 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{9219F357-5901-4C40-90E2-FFAE5C3DEF17}
    2011-02-27 01:10 . 2011-02-27 01:11 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{C1E876F0-DF3E-4B5F-8BB1-D447EC3C0251}
    2011-02-26 08:44 . 2011-02-26 08:45 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{435A6123-88EC-4D95-9A8A-729343E9D132}
    2011-02-25 15:51 . 2011-02-25 15:52 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{E7EFBBF4-3B6F-412E-8755-07D7B9C8BE6C}
    2011-02-24 17:46 . 2011-02-24 17:47 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{37F020EB-FFC3-4243-9824-F2114A56A1CF}
    2011-02-24 05:46 . 2011-02-24 05:46 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{96D0AD69-D6B9-4C48-8253-87883B3FD2A4}
    2011-02-24 00:13 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
    2011-02-24 00:13 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
    2011-02-23 16:36 . 2011-02-23 16:36 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{19ECD506-CE57-4A7F-87B0-734E775E73D2}
    2011-02-23 16:33 . 2011-01-07 07:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2011-02-23 16:33 . 2011-01-07 08:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-02-23 16:33 . 2011-01-07 08:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-23 16:33 . 2011-01-07 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2011-02-22 19:10 . 2011-02-22 19:10 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{270A7B05-739E-47E5-8E41-D3AA4B22C8EB}
    2011-02-22 06:55 . 2011-02-22 06:55 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{15BAECA7-8C4B-467F-8A54-689F1C4B32C6}
    2011-02-21 17:56 . 2011-02-21 17:56 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{5115C150-2758-44DF-B03E-4DF0E157D7D6}
    2011-02-21 17:47 . 2011-02-21 17:47 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{BDE648C6-4F38-4D1C-927A-FC6F05A7B228}
    2011-02-21 05:45 . 2011-02-21 05:45 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{97CD9653-A6E0-46A0-A50C-4D33D7E7C76A}
    2011-02-20 10:22 . 2011-02-20 10:23 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{EC614E84-2927-4F54-BADF-75BC0332207F}
    2011-02-19 11:24 . 2011-02-19 11:25 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{12120004-49BE-4AC0-A64D-03719E0FFFAC}
    2011-02-18 23:24 . 2011-02-18 23:24 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{4CFC7E56-DB69-47E8-9A6F-76DE938B94F9}
    2011-02-18 11:23 . 2011-02-18 11:23 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{2309BEB5-D413-4024-AA89-31FD5BC3B9B4}
    2011-02-17 17:17 . 2011-02-17 17:18 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{FE2BCCDF-A8AB-454E-B4F1-31AB60964AD6}
    2011-02-17 16:15 . 2011-02-17 16:15 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{4A590BB1-8C0B-4ED0-8510-F342F03C006A}
    2011-02-16 17:15 . 2011-02-16 17:16 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{E8D0062A-4239-46EE-9C27-E51FBAB2CC95}
    2011-02-15 21:35 . 2011-02-15 21:36 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{392AC8C5-A1C0-4698-9532-E3A8423D1FC4}
    2011-02-15 07:16 . 2011-02-15 07:16 -------- d-----w- c:\users\YOMYFRED 2.0\AppData\Local\{A3C67494-4BD7-4355-97AA-5A11C7A61C1D}
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-14 06:39 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-10 16:00 . 2010-07-03 17:15 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-02-09 23:21 . 2011-02-09 23:21 419840 ----a-w- c:\windows\system32\wrap_oal.dll
    2011-02-09 23:21 . 2011-02-09 23:21 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2011-02-09 23:21 . 2011-02-09 23:21 133632 ----a-w- c:\windows\system32\OpenAL32.dll
    2011-02-09 23:21 . 2011-02-09 23:21 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2011-02-05 07:36 . 2011-02-05 07:36 181608 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10137.bin
    2011-02-02 16:11 . 2010-07-02 05:02 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-26 06:53 . 2011-02-09 21:17 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-01-26 06:53 . 2011-02-09 21:17 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-01-26 06:31 . 2011-02-09 21:17 144384 ----a-w- c:\windows\system32\cdd.dll
    2011-01-15 17:46 . 2011-01-15 17:46 1409 ----a-w- c:\windows\QTFont.for
    2011-01-07 08:06 . 2011-02-09 21:17 46080 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-07 07:27 . 2011-02-09 21:17 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2011-01-07 05:49 . 2011-02-09 21:17 366080 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-07 05:33 . 2011-02-09 21:17 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
    2011-01-05 06:20 . 2011-02-09 21:17 612352 ----a-w- c:\windows\system32\vbscript.dll
    2011-01-05 05:37 . 2011-02-09 21:17 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-01-05 04:00 . 2011-02-09 21:17 3127808 ----a-w- c:\windows\system32\win32k.sys
    2010-12-21 06:16 . 2011-02-09 21:17 62976 ----a-w- c:\windows\system32\wscapi.dll
    2010-12-21 06:16 . 2011-02-09 21:17 97280 ----a-w- c:\windows\system32\wscsvc.dll
    2010-12-21 06:16 . 2011-02-09 21:17 214016 ----a-w- c:\windows\system32\winsrv.dll
    2010-12-21 06:16 . 2011-02-09 21:17 1197056 ----a-w- c:\windows\system32\wininet.dll
    2010-12-21 06:16 . 2011-02-09 21:17 442880 ----a-w- c:\windows\system32\winhttp.dll
    2010-12-21 06:16 . 2011-02-09 21:17 258048 ----a-w- c:\windows\system32\WebClnt.dll
    2010-12-21 06:15 . 2011-02-09 21:17 264192 ----a-w- c:\windows\system32\upnp.dll
    2010-12-21 06:15 . 2011-02-09 21:17 15360 ----a-w- c:\windows\system32\slwga.dll
    2010-12-21 06:13 . 2011-02-09 21:17 2003968 ----a-w- c:\windows\system32\msxml6.dll
    2010-12-21 06:13 . 2011-02-09 21:17 1880576 ----a-w- c:\windows\system32\msxml3.dll
    2010-12-21 06:10 . 2011-02-09 21:17 100864 ----a-w- c:\windows\system32\davclnt.dll
    2010-12-21 05:38 . 2011-02-09 21:17 51200 ----a-w- c:\windows\SysWow64\wscapi.dll
    2010-12-21 05:38 . 2011-02-09 21:17 981504 ----a-w- c:\windows\SysWow64\wininet.dll
    2010-12-21 05:38 . 2011-02-09 21:17 350720 ----a-w- c:\windows\SysWow64\winhttp.dll
    2010-12-21 05:38 . 2011-02-09 21:17 204800 ----a-w- c:\windows\SysWow64\WebClnt.dll
    2010-12-21 05:38 . 2011-02-09 21:17 204288 ----a-w- c:\windows\SysWow64\upnp.dll
    2010-12-21 05:38 . 2011-02-09 21:17 14336 ----a-w- c:\windows\SysWow64\slwga.dll
    2010-12-21 05:36 . 2011-02-09 21:17 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
    2010-12-21 05:36 . 2011-02-09 21:17 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2010-12-21 05:34 . 2011-02-09 21:17 80384 ----a-w- c:\windows\SysWow64\davclnt.dll
    2010-12-18 06:11 . 2011-02-09 21:18 57856 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-18 06:11 . 2011-02-09 21:17 714752 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-18 05:29 . 2011-02-09 21:18 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2010-12-18 05:29 . 2011-02-09 21:17 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
    2010-12-18 04:55 . 2011-02-09 21:18 482816 ----a-w- c:\windows\system32\html.iec
    2010-12-18 04:20 . 2011-02-09 21:18 386048 ----a-w- c:\windows\SysWow64\html.iec
    2010-12-18 04:13 . 2011-02-09 21:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-12-18 03:47 . 2011-02-09 21:18 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\users\YOMYFRED 2.0\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\users\YOMYFRED 2.0\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\users\YOMYFRED 2.0\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
    "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "TrayServer"="c:\progra~2\MAGIX\VIDEO_~1\TrayServer.exe" [2008-09-01 90112]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 336384]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    .
    c:\users\YOMYFRED 2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\YOMYFRED 2.0\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
    JDownloader.lnk - c:\program files (x86)\JDownloader\JDownloader.exe [2010-1-22 214528]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 clfiltv;clfiltv;c:\windows\system32\drivers\clfiltv.sys [x]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-03 79360]
    R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys [2010-08-30 15872]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
    R3 maconfservice;Ma-Config Service;c:\program files (x86)\ma-config.com\maconfservice.exe [2011-01-24 310640]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
    R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-04 354304]
    S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
    S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-08-17 135336]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
    S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
    S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
    S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
    S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 97792 ----a-w- c:\users\YOMYFRED 2.0\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 97792 ----a-w- c:\users\YOMYFRED 2.0\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 97792 ----a-w- c:\users\YOMYFRED 2.0\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://mfiscalled.aceboard.fr/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Ajouter à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Toolbar-Locked - (no file)
    AddRemove-CodInstl - c:\windows\system32\CDUninst.isu
    AddRemove-HijackThis - c:\users\YOMYFRED 2.0\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\211DC2TZ\HijackThis.exe
    .
    .
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Heure de fin: 2011-03-16 23:01:28
    ComboFix-quarantined-files.txt 2011-03-16 22:01
    .
    Avant-CF: 127 773 417 472 octets libres
    Après-CF: 130 688 294 912 octets libres
    .
    - - End Of File - - 17BAA37818A128B6D09910D5C531D262

    Il m'a supprimé Audiograbber qui me servait à mettre en mp3 mes cd pour mon lecteur... :( 
    Va falloir que je m'en trouve un autre non infecté ;) 
    m
    0
    l
    17 Mars 2011 21:12:42

    Bonsoir,
    pour audiograbber, tu l'avais eu en p2p?

    fais bien cette manip avec ta session YOMYFRED 2.0 :D 

    vire ta version de systemlook puis prend celle ci: (pour ton Seven 64 bits)

    http://jpshortstuff.247fixes.com/SystemLook_x64.exe

    après tu déroules:
    * Double-click SystemLook.exe pour le lancer.
    * Clic droit/copier le contenu du cadre ci dessous ,et clic droit/coller dans le cadre blanc de SystemLook:

    :dir
    c:\users\YOMYFRED 2.0\AppData\Local\{7E661DB8-A30F-43B7-BF19-DB172AA8EFAE} /sub


    * Click le bouton Look pour commencer le scan.
    * Laisse l'outil travailler, cela peut prendre quelques minutes.
    * Copie-colle dans ta prochaine réponse le rapport\contenu du fichier texte qui s'affiche

    Note: Le rapport peut aussi être trouvé sur ton Bureau nommé SystemLook.txt
    m
    0
    l
    17 Mars 2011 21:34:02

    Voilà !

    SystemLook 04.09.10 by jpshortstuff
    Log created at 21:31 on 17/03/2011 by YOMYFRED 2.0
    Administrator - Elevation successful

    ========== dir ==========

    c:\users\YOMYFRED 2.0\AppData\Local\{7E661DB8-A30F-43B7-BF19-DB172AA8EFAE} - Parameters: "/sub"

    ---Files---
    None found.

    No folders found.

    - Unable to find folder.

    -= EOF =-

    Du coup j'ai installé Free CD Ripper de Koyotesoft. Il me semble pas mal !
    m
    0
    l
    18 Mars 2011 20:41:18

    Bonsoir :) 

    ça me plait pas, on va le faire à la mano...

    tu affiches tes fichiers cachés en suivant ce tuto:
    http://www.chantal11.com/2009/04/afficher-les-fichiers-...


    tu vas jusqu'à:
    c:\users\YOMYFRED 2.0\AppData\Local\{7E661DB8-A30F-43B7-BF19-DB172AA8EFAE}

    tu ouvres:
    {7E661DB8-A30F-43B7-BF19-DB172AA8EFAE}


    tu regardes ce qu'il y a dedans et tu me dis.
    m
    0
    l
    18 Mars 2011 20:53:26

    Bonsoir Sham_Rock,

    Ben je sais pas si c'est normal mais le dossier {7E661DB8-A30F-43B7-BF19-DB172AA8EFAE} en question est vide.... :??: 

    Qu'est-ce que c'est et à quoi ça sert ?
    Ca m'inquiète un peu tout ça !
    m
    0
    l
    19 Mars 2011 09:22:47

    Bonjour
    à mon avis, c'est un logiciel qui crée ces clés... vu qu'elles sont vides...
    peut-être dropbox...
    de toute façon, JDownloader, dropbox et cie... tu connais les risques... :D 

    suis ce tuto et poste le rapport:
    http://forum.pcastuces.com/eset_online_scanner___nouvel...

    surtout, tu ne supprimes rien de ce qu'il détecte ;O)
    m
    0
    l
    20 Mars 2011 01:29:21

    Bonsoir,

    ESET a trouvé quelquechose ! :ouch: 
    Je te laisse voir :

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
    # OnlineScanner.ocx=1.0.0.6425
    # api_version=3.0.2
    # EOSSerial=227c036b14ea064aab3997f800ca02ee
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-03-19 05:15:16
    # local_time=2011-03-19 06:15:16 (+0100, Paris, Madrid)
    # country="France"
    # lang=1036
    # osver=6.1.7600 NT
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=768 16777215 100 0 22527668 22527668 0 0
    # compatibility_mode=1797 16775165 100 94 32497 34716858 54015 0
    # compatibility_mode=5893 16776573 100 94 87444 52176772 0 0
    # compatibility_mode=8192 67108863 100 0 4358 4358 0 0
    # compatibility_mode=9217 16777214 0 13 22201378 22201380 0 0
    # scanned=270920
    # found=1
    # cleaned=0
    # scan_time=7994
    C:\Users\YOMYFRED 2.0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\5ee4767d-33caa2c9 Java/TrojanDownloader.OpenStream.NBL cheval de troie (impossible de nettoyer) 00000000000000000000000000000000 I
    m
    0
    l
    20 Mars 2011 18:23:21

    Bonjour
    tu relances un scan et tu peux supprimer.


    après je ne vois rien d'autres à faire, à part que tu fasses le ménage dans tes trucs qui tournent en arrière plan... (dropbox et cie)
    m
    0
    l
    20 Mars 2011 18:31:05

    Ok,

    En tout cas merci beaucoup pour m'avoir donné de ton temps ! :hello: 
    m
    0
    l
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS