Aide Enlever SearchQu

Royounette -  
 Utilisateur anonyme -
Bonjour,

Quand j'ouvre un nouvel onglet sous Firefox, j'ai une page qui s'ouvre avec un page de recherche SearchQu (http://www.searchqu.com/406) et je ne sais pas comment l'enlever...

J'ai vu que pleins de personnes avait déjà posé ce problème, mais visiblement a un moment faut mettre un rapport ou je ne sais pas quoi et je ne comprend pas tout ^^'

Alors si quelqu'un veut bien m'aider, c'est volontiers ^^

Merci beaucoup!

22 réponses

  • 1
  • 2
  1. Utilisateur anonyme
     
    Salut

    * inscris toi sur le forum afin de rendre tes liens lisibles

    * ICI >> CCM

    1)* Désactive l'UAC Vista >>UAC Vista

    on réactivera l 'UAC plus tard !!

    2) Cliques sur >> Démarrer >> panneau de configuration>> Désinstaller un programme Désinstalles >> Searchqu

    ensuite

    3) * Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX)

    ICI >>AD-Remover

    /!\ Déconnecte-toi d'internet et ferme toutes applications en cours /!\

    * Utilisateurs Windows XP => double clique >>sur AD-R.exe situé sur ton Bureau.
    * Utilisateurs Windows Vista / windows 7 => clic droit "executer en tant que en tant qu'administrateur "sur AD-R.exe pour le lancer.

    * Sur la page, clique sur le bouton « Scanner »
    * ne fais qu'une fois le scan
    * Confirme l'opération
    * Poste le rapport qui apparaît à la fin.
    * (Le rapport est sauvegardé aussi sous C:\Ad-report.)
    * (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    @+ VIRUS/C/C
    2
  2. Utilisateur anonyme
     
    Salut

    Comme expliqué en MP pour pouvoir posté tes rapports et répondre dans ton sujet

    En attendant ton rapport d Ad-Remover :

    =====================================

    ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 12/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 20:04:32 le 23/07/2011, Mode normal

    Microsoft® Windows Vista(TM) Édition Familiale Premium Service Pack 2 (X86)
    Marion@EINSTEIN (Acer, inc. Aspire 7730G)

    ============== RECHERCHE ==============

    Fichier trouvé: C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar
    Dossier trouvé: C:\Users\Marion\AppData\Roaming\Mozilla\FireFox\Profiles\ia8yl79j.default\extensions\toolbar@ask.com
    Dossier trouvé: C:\Users\Marion\AppData\Roaming\Mozilla\FireFox\Profiles\ia8yl79j.default\conduit
    Dossier trouvé: C:\Users\Marion\AppData\Roaming\Mozilla\FireFox\Profiles\ia8yl79j.default\ConduitEngine
    Dossier trouvé: C:\Users\Marion\AppData\Roaming\Mozilla\FireFox\Profiles\ia8yl79j.default\extensions\engine@conduit.com
    Dossier trouvé: C:\Users\Charlotte\AppData\Roaming\Mozilla\FireFox\Profiles\q7031uhx.default\extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Dossier trouvé: C:\Program Files\Ask.com
    Dossier trouvé: C:\Users\Marion\AppData\Local\AskToolbar
    Dossier trouvé: C:\Users\Marion\AppData\LocalLow\AskToolbar
    Dossier trouvé: C:\Users\Marion\AppData\LocalLow\Conduit
    Dossier trouvé: C:\Program Files\Conduit
    Dossier trouvé: C:\Users\Marion\AppData\LocalLow\ConduitEngine
    Dossier trouvé: C:\Program Files\ConduitEngine
    Dossier trouvé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato
    Dossier trouvé: C:\Users\Marion\AppData\Roaming\ClickPotatoLite
    Dossier trouvé: C:\Program Files\ClickPotatoLite
    Dossier trouvé: C:\ProgramData\ClickPotatoLiteSA
    Dossier trouvé: C:\Users\Marion\AppData\LocalLow\PriceGong
    Fichier trouvé: C:\Program Files\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll

    -- Fichier ouvert: C:\Users\Marion\AppData\Roaming\Mozilla\FireFox\Profiles\ia8yl79j.default\Prefs.js --
    Ligne trouvée: user_pref("CT2851639.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285...
    Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1243674/1239347/CH", "\"0\"...
    Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/CH", "\"0\"")...
    Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851639", ...
    Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...
    Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...
    Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...
    Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...
    Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
    Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63427934310393...
    Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
    Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2851639/CT2851639...
    Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=fr", "\"634...
    Ligne trouvée: user_pref("CommunityToolbar.EngineOwner", "CT2851639");
    Ligne trouvée: user_pref("CommunityToolbar.EngineOwnerGuid", "{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}");
    Ligne trouvée: user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar_fr");
    Ligne trouvée: user_pref("CommunityToolbar.IsEngineShown", true);
    Ligne trouvée: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
    Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2851639");
    Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}");
    Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar_fr");
    Ligne trouvée: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://ecosia.org/lucky.php?q=");
    Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList", "CT2851639,ConduitEngine");
    Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList2", "CT2851639,ConduitEngine");
    Ligne trouvée: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Apr 27 2011 08:38:44 GMT+02...
    Ligne trouvée: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
    Ligne trouvée: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Jul 23 2011 19:12:42 GMT+0200");
    Ligne trouvée: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Ligne trouvée: user_pref("CommunityToolbar.alert.locale", "en");
    Ligne trouvée: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
    Ligne trouvée: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jul 23 2011 19:12:33 GMT+0200");
    Ligne trouvée: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
    Ligne trouvée: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
    Ligne trouvée: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Ligne trouvée: user_pref("CommunityToolbar.alert.showTrayIcon", false);
    Ligne trouvée: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
    Ligne trouvée: user_pref("CommunityToolbar.alert.userId", "a9dbe89d-6155-4412-ba92-28fb2ac64b62");
    Ligne trouvée: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Dec 19 2010 11:01:52 GMT+0100");
    Ligne trouvée: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Ligne trouvée: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Ligne trouvée: user_pref("ConduitEngine.CTID", "ConduitEngine");
    Ligne trouvée: user_pref("ConduitEngine.FirstTime", true);
    Ligne trouvée: user_pref("ConduitEngine.FirstTimeFF3", true);
    Ligne trouvée: user_pref("ConduitEngine.FixPageNotFoundErrors", false);
    Ligne trouvée: user_pref("ConduitEngine.HasUserGlobalKeys", true);
    Ligne trouvée: user_pref("ConduitEngine.Initialize", true);
    Ligne trouvée: user_pref("ConduitEngine.InitializeCommonPrefs", true);
    Ligne trouvée: user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
    Ligne trouvée: user_pref("ConduitEngine.InstalledDate", "Sun Dec 19 2010 11:01:47 GMT+0100");
    Ligne trouvée: user_pref("ConduitEngine.IsMulticommunity", false);
    Ligne trouvée: user_pref("ConduitEngine.IsOpenThankYouPage", false);
    Ligne trouvée: user_pref("ConduitEngine.IsOpenUninstallPage", false);
    Ligne trouvée: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun Dec 19 2010 11:01:48 GMT+0100");
    Ligne trouvée: user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sun Dec 19 2010 11:01:48 GMT+0100");
    Ligne trouvée: user_pref("ConduitEngine.PublisherContainerWidth", 0);
    Ligne trouvée: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
    Ligne trouvée: user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C...
    Ligne trouvée: user_pref("ConduitEngine.SettingsLastCheckTime", "Sun Dec 19 2010 11:01:46 GMT+0100");
    Ligne trouvée: user_pref("ConduitEngine.UserID", "UN59236150761113565");
    Ligne trouvée: user_pref("ConduitEngine.engineLocale", "fr");
    Ligne trouvée: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun Dec 19 2010 11:01:48 GMT+0100");
    Ligne trouvée: user_pref("ConduitEngine.initDone", true);
    Ligne trouvée: user_pref("extensions.asktb.cbid", "OF");
    Ligne trouvée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://eu.ask.com/web?q={query}&o={o}&l={l}&...
    Ligne trouvée: user_pref("extensions.asktb.fresh-install", false);
    Ligne trouvée: user_pref("extensions.asktb.l", "dis");
    Ligne trouvée: user_pref("extensions.asktb.last-config-req", "1311441150408");
    Ligne trouvée: user_pref("extensions.asktb.locale", "fr_EU");
    Ligne trouvée: user_pref("extensions.asktb.o", "16050");
    Ligne trouvée: user_pref("extensions.asktb.options-lang", "fr");
    Ligne trouvée: user_pref("extensions.asktb.options-locale", "UK");
    Ligne trouvée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
    Ligne trouvée: user_pref("extensions.asktb.qsrc", "2871");
    Ligne trouvée: user_pref("extensions.asktb.r", "8");
    Ligne trouvée: user_pref("extensions.asktb.to", "16105");
    Ligne trouvée: user_pref("extensions.asktb.v", "3.6.9.100005");
    Ligne trouvée: user_pref("extensions.enabledItems", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8,{ef4e370e-d9f0-4e...
    -- Fichier Fermé --

    -- Fichier ouvert: C:\Users\Charlotte\AppData\Roaming\Mozilla\FireFox\Profiles\q7031uhx.default\Prefs.js --
    Ligne trouvée: user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/406");
    -- Fichier Fermé --

    Clé trouvée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Clé trouvée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé trouvée: HKLM\Software\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}
    Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079a25-328f-4bd4-be04-00955acaa0a7}
    Clé trouvée: HKLM\Software\Classes\CLSID\{9E6B6F06-7F72-43EB-B6FA-C96C398EC689}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9E6B6F06-7F72-43EB-B6FA-C96C398EC689}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E6B6F06-7F72-43EB-B6FA-C96C398EC689}
    Clé trouvée: HKLM\Software\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}
    Clé trouvée: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé trouvée: HKLM\Software\Classes\CLSID\{F6F1B006-2D1C-43D6-87C1-51E5C86088AE}
    Clé trouvée: HKLM\Software\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
    Clé trouvée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Clé trouvée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Clé trouvée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Clé trouvée: HKLM\Software\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
    Clé trouvée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Clé trouvée: HKLM\Software\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
    Clé trouvée: HKLM\Software\Classes\BandooCore.BandooCore
    Clé trouvée: HKLM\Software\Classes\BandooCore.BandooCore.1
    Clé trouvée: HKLM\Software\Classes\BandooCore.ResourcesMngr
    Clé trouvée: HKLM\Software\Classes\BandooCore.ResourcesMngr.1
    Clé trouvée: HKLM\Software\Classes\BandooCore.SettingsMngr
    Clé trouvée: HKLM\Software\Classes\BandooCore.SettingsMngr.1
    Clé trouvée: HKLM\Software\Classes\BandooCore.StatisticMngr
    Clé trouvée: HKLM\Software\Classes\BandooCore.StatisticMngr.1
    Clé trouvée: HKLM\Software\Classes\ClickPotatoLiteAx.Info
    Clé trouvée: HKLM\Software\Classes\ClickPotatoLiteAx.Info.1
    Clé trouvée: HKLM\Software\Classes\ClickPotatoLiteAX.UserProfiles
    Clé trouvée: HKLM\Software\Classes\ClickPotatoLiteAX.UserProfiles.1
    Clé trouvée: HKLM\Software\Classes\Conduit.Engine
    Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
    Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
    Clé trouvée: HKLM\Software\Classes\MenuButtonIE.ButtonIE
    Clé trouvée: HKLM\Software\Classes\MenuButtonIE.ButtonIE.1
    Clé trouvée: HKLM\Software\Classes\Toolbar.CT2851639
    Clé trouvée: HKLM\Software\Classes\AppID\BandooCore.EXE
    Clé trouvée: HKLM\Software\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
    Clé trouvée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
    Clé trouvée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Clé trouvée: HKLM\Software\Classes\AppID\MenuButtonIE.DLL
    Clé trouvée: HKLM\Software\Classes\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C}
    Clé trouvée: HKLM\Software\bandoo
    Clé trouvée: HKLM\Software\ClickPotatoLite
    Clé trouvée: HKLM\Software\Conduit
    Clé trouvée: HKLM\Software\conduitEngine
    Clé trouvée: HKLM\Software\DataMngr
    Clé trouvée: HKLM\Software\SearchquMediabarTb
    Clé trouvée: HKCU\Software\Ask.com
    Clé trouvée: HKCU\Software\AskToolbar
    Clé trouvée: HKCU\Software\ClickPotatoLiteSA
    Clé trouvée: HKCU\Software\DataMngr
    Clé trouvée: HKCU\Software\AppDataLow\AskToolbarInfo
    Clé trouvée: HKCU\Software\AppDataLow\Toolbar
    Clé trouvée: HKCU\Software\AppDataLow\Software\AskToolbar
    Clé trouvée: HKCU\Software\AppDataLow\Software\Conduit
    Clé trouvée: HKCU\Software\AppDataLow\Software\conduitEngine
    Clé trouvée: HKCU\Software\AppDataLow\Software\PriceGong
    Clé trouvée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}
    Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}
    Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
    Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
    Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C9957A3A-3040-449A-8F92-34C6562B93D0}
    Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ClickpotatoliteSA
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}
    Clé trouvée: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}

    Valeur trouvée: HKLM\Software\Mozilla\Firefox\Extensions|ClickPotatoLite@ClickPotatoLite.com
    Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DataMngr
    Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
    Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
    Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

    ============== SCAN ADDITIONNEL ==============

    **** Mozilla Firefox Version [3.6.18 (fr)] ****

    Plugins\npclntax_ClickPotatoLiteSA.dll (Pinball Corporation.)
    Plugins\npdivx32.dll (DivX,Inc.)
    Plugins\npDivxPlayerPlugin.dll (DivX, Inc)
    HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)
    HKLM_MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn (x)
    HKLM_MozillaPlugins\@zylom.com/ZylomGamesPlayer (x)
    HKCU_MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0 (x)
    HKCU_MozillaPlugins\@yahoo.com/BrowserPlus,version=2.6.0 (x)
    HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x)
    Searchplugins\babylon.xml (hxxp://search.babylon.com/web/{searchTerms})
    Searchplugins\SearchResults.xml ( hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q={searchTerms}/)
    HKLM_Extensions|smartwebprinting@hp.com - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
    HKLM_Extensions|ClickPotatoLite@ClickPotatoLite.com - C:\Program Files\ClickPotatoLite\bin\10.0.529.0\firefox\extensions
    HKCU_Extensions|smartwebprinting@hp.com - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2

    -- C:\Users\Marion\AppData\Roaming\Mozilla\FireFox\Profiles\ia8yl79j.default --
    Extensions\Allo@ci.ne (Recherche Allocine)
    Extensions\engine@conduit.com (Conduit Engine )
    Extensions\ffxtlbr@babylon.com (Babylon)
    Extensions\illimitux@illimitux.net (Illimitux)
    Extensions\toolbar@ask.com (LimeWire Toolbar)
    Extensions\youtube2mp3@mondayx.de (YouTube to MP3)
    Extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} (uTorrentBar_FR Community Toolbar)
    Extensions\{33A8946C-B859-4f7d-8382-ADAB29623DEE} (Scribblies Kids)
    Extensions\{37fa1426-b82d-11db-8314-0800200c9a66} (WebMail Notifier)
    Extensions\{af5514fc-7603-4cec-9894-f07f3d8672a5} (Currency Converter)
    Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0} (Ecosia - The Green Search)
    Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} (FoxTab)
    Searchplugins\dailymotion.xml (?)
    Searchplugins\ecosia.xml (?)
    Searchplugins\manga-news.xml (?)
    Searchplugins\recherche-de-vidos-youtube.xml (?)
    Searchplugins\SearchResults.xml ( hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q={searchTerms}/)
    Prefs.js - browser.download.dir, C:\\Users\\Marion\\Downloads
    Prefs.js - browser.download.lastDir, C:\\Users\\Marion\\Desktop
    Prefs.js - browser.search.defaultenginename, Search the web (Babylon)
    Prefs.js - browser.search.selectedEngine, Google
    Prefs.js - browser.startup.homepage, hxxp://forum.anime-story.com/
    Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.18
    Prefs.js - keyword.URL, hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q=

    -- C:\Users\Charlotte\AppData\Roaming\Mozilla\FireFox\Profiles\q7031uhx.default --
    Extensions\{37fa1426-b82d-11db-8314-0800200c9a66} (WebMail Notifier)
    Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} (Searchqu Toolbar)
    Prefs.js - browser.download.dir, C:\\Users\\Charlotte\\Downloads
    Prefs.js - browser.download.lastDir, C:\\Users\\Charlotte\\Documents\\charlotte\\photos, textes
    Prefs.js - browser.startup.homepage, hxxp://www.searchqu.com/406
    Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.18
    Prefs.js - keyword.URL, hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q=

    ========================================

    **** Internet Explorer Version [7.0.6002.18005] ****

    HKCU_Main|Default_Page_URL - hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=100c&s=2&o=vp32&d=0109&m=aspire_7730g
    HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKCU_Main|Start Page - hxxp://forum.anime-story.com/
    HKLM_Main|Default_Page_URL - hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=100c&s=2&o=vp32&d=0109&m=aspire_7730g
    HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Start Page - hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=100c&s=2&o=vp32&d=0109&m=aspire_7730g
    HKCU_URLSearchHooks|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - "uTorrentBar_FR Toolbar" (C:\Program Files\uTorrentBar_FR\tbuTo1.dll)
    HKLM_URLSearchHooks|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - "uTorrentBar_FR Toolbar" (C:\Program Files\uTorrentBar_FR\tbuTo1.dll)
    HKCU_SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - "Search the web (Babylon)" (hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch)
    HKCU_SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - "Search Results" (hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms})
    HKLM_SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - "Search Results" (hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms})
    HKCU_Toolbar\ShellBrowser|{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} (C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll)
    HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (x)
    HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (C:\Program Files\Ask.com\GenericAskToolbar.dll)
    HKCU_Toolbar\WebBrowser|{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} (C:\Program Files\uTorrentBar_FR\tbuTo1.dll)
    HKLM_Toolbar|{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} (C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll)
    HKLM_Toolbar|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} (C:\Program Files\uTorrentBar_FR\tbuTo1.dll)
    HKLM_Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files\ConduitEngine\ConduitEngin0.dll)
    HKLM_Toolbar|{99079a25-328f-4bd4-be04-00955acaa0a7} (C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll)
    HKLM_Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440} (C:\Program Files\Ask.com\GenericAskToolbar.dll)
    HKCU_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (?)
    HKCU_ElevationPolicy\{D09C464F-07DE-4C04-ABB4-88C30329C02D} - C:\Users\Marion\AppData\Local\Yahoo!\BrowserPlus\2.5.1\BrowserPlusCore.exe (x)
    HKCU_ElevationPolicy\{F6406B2D-39A7-4566-A174-E19DDD818A95} - C:\Users\Marion\AppData\Local\Yahoo!\BrowserPlus\2.4.21\BrowserPlusCore.exe (x)
    HKLM_ElevationPolicy\{3C137FA4-F8F1-4DE4-91B4-5B5188AA4966} - C:\Program Files\uTorrentBar_FR\uTorrentBar_FRToolbarHelper.exe (?)
    HKLM_ElevationPolicy\{4198D414-038F-49EA-AD6A-6D324404780C} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\dtUser.exe (Visicom Media Inc.)
    HKLM_ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC} - C:\Program Files\Bandoo\BndCore.exe (x)
    HKLM_ElevationPolicy\{74351F14-5437-4d87-805B-04D409B09976} - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    HKLM_ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12} - C:\Program Files\Bandoo\ExtensionsManager.exe (x)
    HKLM_ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\uninstall.exe (?)
    HKLM_ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} - C:\Program Files\Bandoo\Bandoo.exe (x)
    HKLM_ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} - C:\Program Files\ClickPotatoLite\bin\10.0.529.0\Weather.exe (x)
    HKLM_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (?)
    HKLM_ElevationPolicy\{C9957A3A-3040-449A-8F92-34C6562B93D0} - C:\Program Files\ConduitEngine\ConduitEngineHelper.exe (?)
    HKLM_ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080} - C:\Program Files\Bandoo\BandooUI.exe (x)
    HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
    BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?)
    BHO\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - "uTorrentBar_FR Toolbar" (C:\Program Files\uTorrentBar_FR\tbuTo1.dll)
    BHO\{30F9B915-B755-4826-820B-08FBA6BD249D} - "Conduit Engine" (C:\Program Files\ConduitEngine\ConduitEngin0.dll)
    BHO\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - "ShowBarObj Class" (C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll)
    BHO\{99079a25-328f-4bd4-be04-00955acaa0a7} - "Searchqu Toolbar" (C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll)
    BHO\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - "UrlHelper Class" (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll)
    BHO\{D4027C7F-154A-4066-A1AD-4243D8127440} - "?" (C:\Program Files\Ask.com\GenericAskToolbar.dll)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

    C:\Ad-Report-SCAN[1].txt - 23/07/2011 20:05:08 (25208 Octet(s))

    Fin à: 20:07:00, 23/07/2011

    ============== E.O.F ==============

    =====================================

    fais dans l ordre

    1) /!\ Déconnecte-toi d'internet et ferme toutes applications en cours /!\

    * Utilisateurs Windows XP => double clique >>sur AD-R.exe situé sur ton Bureau.
    * Utilisateurs Windows Vista / windows 7 => clic droit "executer en tant que en tant qu'administrateur "sur AD-R.exe pour le lancer.

    * Sur la page, clique sur le bouton « Nettoyer »
    * Confirme l'opération
    * ne fais qu'une fois le Nettoyage
    * Poste le rapport qui apparaît à la fin.
    * (Le rapport est sauvegardé aussi sous C:\Ad-report.)
    * (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    aprés

    2) * Télécharge ZHPDiag (de Nicolas coolman)

    ICI >> ZHPDiag (de Nicolas coolman)

    * Une fois le téléchargement achevé,
    * double clique sur ZHPDiag.exe et suis les instructions.
    * /!\Utilisateurs de Windows Vista et Windows 7
    * >> Clique droit sur le logo de ZHPDiag.exe, « exécuter en tant qu'Administrateur »
    * Laisse toi guider lors de l'installation,
    * coche >> créer une icône sur le bureau
    * il se lancera automatiquement à la fin.
    * Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
    * Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
    * Héberge le rapport sur ce site,
    >> Cijoint.fr
    * puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.

    * Pour t aider ,pour heberger le rapport
    * rends toi sur Cijoint.fr
    * clic sur Parcourir
    * trouve >> le rapport que tu viens d'enregistrer qui doit par exemple être sur ton bureau
    * et valide en cliquant sur >> Cliquez ici pour déposer le Fichier
    * un lien de ce genre http://www.cijoint.fr/cjlink.php?file=cj201004/cijecaEGX.txt te sera généré,
    * il te suffit de le poster ici pour que je puisse voir le rapport

    ou

    ICI >> pjjoint.malekal
    * Cliques sur >> Parcourir
    * Trouve >> le rapport que tu viens d'enregistrer par exemple sur ton bureau
    * Cliques sur >> envoyer le fichier
    * Un lien te sera généré,
    * il te suffit de le poster ici

    @+ VIRUS/C/C
    0
  3. royounette Messages postés 14 Statut Membre
     
    Alors:

    Rapport Ad-Remover:

    ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 12/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 12:14:12 le 25/07/2011, Mode normal

    Microsoft® Windows Vista(TM) Édition Familiale Premium Service Pack 2 (X86)
    Marion@EINSTEIN (Acer, inc. Aspire 7730G)

    ============== ACTION(S) ==============

    Fichier supprimé: C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar
    Dossier supprimé: C:\Users\Marion\AppData\Roaming\Mozilla\FireFox\Profiles\ia8yl79j.default\extensions\toolbar@ask.com
    Dossier supprimé: C:\Users\Marion\AppData\Roaming\Mozilla\FireFox\Profiles\ia8yl79j.default\conduit
    Dossier supprimé: C:\Users\Marion\AppData\Roaming\Mozilla\FireFox\Profiles\ia8yl79j.default\ConduitEngine
    Dossier supprimé: C:\Users\Marion\AppData\Roaming\Mozilla\FireFox\Profiles\ia8yl79j.default\extensions\engine@conduit.com
    Dossier supprimé: C:\Users\Charlotte\AppData\Roaming\Mozilla\FireFox\Profiles\q7031uhx.default\extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Dossier supprimé: C:\Program Files\Ask.com
    Dossier supprimé: C:\Users\Marion\AppData\Local\AskToolbar
    Dossier supprimé: C:\Users\Marion\AppData\LocalLow\AskToolbar
    Dossier supprimé: C:\Users\Marion\AppData\LocalLow\Conduit
    Dossier supprimé: C:\Program Files\Conduit
    Dossier supprimé: C:\Users\Marion\AppData\LocalLow\ConduitEngine
    Dossier supprimé: C:\Program Files\ConduitEngine
    Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato
    Dossier supprimé: C:\Users\Marion\AppData\Roaming\ClickPotatoLite
    Dossier supprimé: C:\Program Files\ClickPotatoLite
    Dossier supprimé: C:\ProgramData\ClickPotatoLiteSA
    Dossier supprimé: C:\Users\Marion\AppData\LocalLow\PriceGong
    Fichier supprimé: C:\Program Files\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll

    (!) -- Fichiers temporaires supprimés.

    -- Fichier ouvert: C:\Users\Marion\AppData\Roaming\Mozilla\FireFox\Profiles\ia8yl79j.default\Prefs.js --
    Ligne supprimée: user_pref("CT2851639.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1243674/1239347/CH", "\"0\"...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/CH", "\"0\"")...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851639", ...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63427934310393...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2851639/CT2851639...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=fr", "\"634...
    Ligne supprimée: user_pref("CommunityToolbar.EngineOwner", "CT2851639");
    Ligne supprimée: user_pref("CommunityToolbar.EngineOwnerGuid", "{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}");
    Ligne supprimée: user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar_fr");
    Ligne supprimée: user_pref("CommunityToolbar.IsEngineShown", true);
    Ligne supprimée: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
    Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2851639");
    Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}");
    Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar_fr");
    Ligne supprimée: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://ecosia.org/lucky.php?q=");
    Ligne supprimée: user_pref("CommunityToolbar.ToolbarsList", "CT2851639,ConduitEngine");
    Ligne supprimée: user_pref("CommunityToolbar.ToolbarsList2", "CT2851639,ConduitEngine");
    Ligne supprimée: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Apr 27 2011 08:38:44 GMT+02...
    Ligne supprimée: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
    Ligne supprimée: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jul 25 2011 12:11:09 GMT+0200");
    Ligne supprimée: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Ligne supprimée: user_pref("CommunityToolbar.alert.locale", "en");
    Ligne supprimée: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
    Ligne supprimée: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Jul 25 2011 12:10:55 GMT+0200");
    Ligne supprimée: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
    Ligne supprimée: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
    Ligne supprimée: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Ligne supprimée: user_pref("CommunityToolbar.alert.showTrayIcon", false);
    Ligne supprimée: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
    Ligne supprimée: user_pref("CommunityToolbar.alert.userId", "a9dbe89d-6155-4412-ba92-28fb2ac64b62");
    Ligne supprimée: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Dec 19 2010 11:01:52 GMT+0100");
    Ligne supprimée: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Ligne supprimée: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Ligne supprimée: user_pref("ConduitEngine.CTID", "ConduitEngine");
    Ligne supprimée: user_pref("ConduitEngine.FirstTime", true);
    Ligne supprimée: user_pref("ConduitEngine.FirstTimeFF3", true);
    Ligne supprimée: user_pref("ConduitEngine.FixPageNotFoundErrors", false);
    Ligne supprimée: user_pref("ConduitEngine.HasUserGlobalKeys", true);
    Ligne supprimée: user_pref("ConduitEngine.Initialize", true);
    Ligne supprimée: user_pref("ConduitEngine.InitializeCommonPrefs", true);
    Ligne supprimée: user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
    Ligne supprimée: user_pref("ConduitEngine.InstalledDate", "Sun Dec 19 2010 11:01:47 GMT+0100");
    Ligne supprimée: user_pref("ConduitEngine.IsMulticommunity", false);
    Ligne supprimée: user_pref("ConduitEngine.IsOpenThankYouPage", false);
    Ligne supprimée: user_pref("ConduitEngine.IsOpenUninstallPage", false);
    Ligne supprimée: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun Dec 19 2010 11:01:48 GMT+0100");
    Ligne supprimée: user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sun Dec 19 2010 11:01:48 GMT+0100");
    Ligne supprimée: user_pref("ConduitEngine.PublisherContainerWidth", 0);
    Ligne supprimée: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
    Ligne supprimée: user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C...
    Ligne supprimée: user_pref("ConduitEngine.SettingsLastCheckTime", "Sun Dec 19 2010 11:01:46 GMT+0100");
    Ligne supprimée: user_pref("ConduitEngine.UserID", "UN59236150761113565");
    Ligne supprimée: user_pref("ConduitEngine.engineLocale", "fr");
    Ligne supprimée: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun Dec 19 2010 11:01:48 GMT+0100");
    Ligne supprimée: user_pref("ConduitEngine.initDone", true);
    Ligne supprimée: user_pref("extensions.asktb.cbid", "OF");
    Ligne supprimée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://eu.ask.com/web?q={query}&o={o}&l={l}&...
    Ligne supprimée: user_pref("extensions.asktb.fresh-install", false);
    Ligne supprimée: user_pref("extensions.asktb.l", "dis");
    Ligne supprimée: user_pref("extensions.asktb.last-config-req", "1311588652874");
    Ligne supprimée: user_pref("extensions.asktb.locale", "fr_EU");
    Ligne supprimée: user_pref("extensions.asktb.o", "16050");
    Ligne supprimée: user_pref("extensions.asktb.options-lang", "fr");
    Ligne supprimée: user_pref("extensions.asktb.options-locale", "UK");
    Ligne supprimée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
    Ligne supprimée: user_pref("extensions.asktb.qsrc", "2871");
    Ligne supprimée: user_pref("extensions.asktb.r", "8");
    Ligne supprimée: user_pref("extensions.asktb.to", "16105");
    Ligne supprimée: user_pref("extensions.asktb.v", "3.6.9.100005");
    Ligne supprimée: user_pref("extensions.enabledItems", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8,{ef4e370e-d9f0-4e...
    -- Fichier Fermé --

    -- Fichier ouvert: C:\Users\Charlotte\AppData\Roaming\Mozilla\FireFox\Profiles\q7031uhx.default\Prefs.js --
    Ligne supprimée: user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/406");
    -- Fichier Fermé --

    Clé supprimée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Clé supprimée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKLM\Software\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079a25-328f-4bd4-be04-00955acaa0a7}
    Clé supprimée: HKLM\Software\Classes\CLSID\{9E6B6F06-7F72-43EB-B6FA-C96C398EC689}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9E6B6F06-7F72-43EB-B6FA-C96C398EC689}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E6B6F06-7F72-43EB-B6FA-C96C398EC689}
    Clé supprimée: HKLM\Software\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}
    Clé supprimée: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé supprimée: HKLM\Software\Classes\CLSID\{F6F1B006-2D1C-43D6-87C1-51E5C86088AE}
    Clé supprimée: HKLM\Software\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
    Clé supprimée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Clé supprimée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Clé supprimée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Clé supprimée: HKLM\Software\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
    Clé supprimée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Clé supprimée: HKLM\Software\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
    Clé supprimée: HKLM\Software\Classes\BandooCore.BandooCore
    Clé supprimée: HKLM\Software\Classes\BandooCore.BandooCore.1
    Clé supprimée: HKLM\Software\Classes\BandooCore.ResourcesMngr
    Clé supprimée: HKLM\Software\Classes\BandooCore.ResourcesMngr.1
    Clé supprimée: HKLM\Software\Classes\BandooCore.SettingsMngr
    Clé supprimée: HKLM\Software\Classes\BandooCore.SettingsMngr.1
    Clé supprimée: HKLM\Software\Classes\BandooCore.StatisticMngr
    Clé supprimée: HKLM\Software\Classes\BandooCore.StatisticMngr.1
    Clé supprimée: HKLM\Software\Classes\ClickPotatoLiteAx.Info
    Clé supprimée: HKLM\Software\Classes\ClickPotatoLiteAx.Info.1
    Clé supprimée: HKLM\Software\Classes\ClickPotatoLiteAX.UserProfiles
    Clé supprimée: HKLM\Software\Classes\ClickPotatoLiteAX.UserProfiles.1
    Clé supprimée: HKLM\Software\Classes\Conduit.Engine
    Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
    Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
    Clé supprimée: HKLM\Software\Classes\MenuButtonIE.ButtonIE
    Clé supprimée: HKLM\Software\Classes\MenuButtonIE.ButtonIE.1
    Clé supprimée: HKLM\Software\Classes\Toolbar.CT2851639
    Clé supprimée: HKLM\Software\Classes\AppID\BandooCore.EXE
    Clé supprimée: HKLM\Software\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
    Clé supprimée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
    Clé supprimée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Clé supprimée: HKLM\Software\Classes\AppID\MenuButtonIE.DLL
    Clé supprimée: HKLM\Software\Classes\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C}
    Clé supprimée: HKLM\Software\bandoo
    Clé supprimée: HKLM\Software\ClickPotatoLite
    Clé supprimée: HKLM\Software\Conduit
    Clé supprimée: HKLM\Software\conduitEngine
    Clé supprimée: HKLM\Software\DataMngr
    Clé supprimée: HKLM\Software\SearchquMediabarTb
    Clé supprimée: HKCU\Software\Ask.com
    Clé supprimée: HKCU\Software\AskToolbar
    Clé supprimée: HKCU\Software\ClickPotatoLiteSA
    Clé supprimée: HKCU\Software\DataMngr
    Clé supprimée: HKCU\Software\AppDataLow\AskToolbarInfo
    Clé supprimée: HKCU\Software\AppDataLow\Toolbar
    Clé supprimée: HKCU\Software\AppDataLow\Software\AskToolbar
    Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
    Clé supprimée: HKCU\Software\AppDataLow\Software\conduitEngine
    Clé supprimée: HKCU\Software\AppDataLow\Software\PriceGong
    Clé supprimée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C9957A3A-3040-449A-8F92-34C6562B93D0}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ClickpotatoliteSA
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}
    Erreur suppression clé: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}

    Valeur supprimée: HKLM\Software\Mozilla\Firefox\Extensions|ClickPotatoLite@ClickPotatoLite.com
    Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DataMngr
    Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
    Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
    Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

    ============== SCAN ADDITIONNEL ==============

    **** Mozilla Firefox Version [3.6.18 (fr)] ****

    Plugins\npdivx32.dll (DivX,Inc.)
    Plugins\npDivxPlayerPlugin.dll (DivX, Inc)
    HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)
    HKLM_MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn (x)
    HKLM_MozillaPlugins\@zylom.com/ZylomGamesPlayer (x)
    HKCU_MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0 (x)
    HKCU_MozillaPlugins\@yahoo.com/BrowserPlus,version=2.6.0 (x)
    HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x)
    Searchplugins\babylon.xml (hxxp://search.babylon.com/web/{searchTerms})
    Searchplugins\SearchResults.xml ( hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q={searchTerms}/)
    HKLM_Extensions|smartwebprinting@hp.com - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
    HKCU_Extensions|smartwebprinting@hp.com - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2

    -- C:\Users\Marion\AppData\Roaming\Mozilla\FireFox\Profiles\ia8yl79j.default --
    Extensions\Allo@ci.ne (Recherche Allocine)
    Extensions\ffxtlbr@babylon.com (Babylon)
    Extensions\illimitux@illimitux.net (Illimitux)
    Extensions\youtube2mp3@mondayx.de (YouTube to MP3)
    Extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} (uTorrentBar_FR Community Toolbar)
    Extensions\{33A8946C-B859-4f7d-8382-ADAB29623DEE} (Scribblies Kids)
    Extensions\{37fa1426-b82d-11db-8314-0800200c9a66} (WebMail Notifier)
    Extensions\{af5514fc-7603-4cec-9894-f07f3d8672a5} (Currency Converter)
    Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0} (Ecosia - The Green Search)
    Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} (FoxTab)
    Searchplugins\dailymotion.xml (?)
    Searchplugins\ecosia.xml (?)
    Searchplugins\manga-news.xml (?)
    Searchplugins\recherche-de-vidos-youtube.xml (?)
    Searchplugins\SearchResults.xml ( hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q={searchTerms}/)
    Prefs.js - browser.download.dir, C:\\Users\\Marion\\Downloads
    Prefs.js - browser.download.lastDir, C:\\Users\\Marion\\Desktop
    Prefs.js - browser.search.defaultenginename, Search the web (Babylon)
    Prefs.js - browser.search.selectedEngine, Google
    Prefs.js - browser.startup.homepage, hxxp://forum.anime-story.com/
    Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.18
    Prefs.js - keyword.URL, hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q=

    -- C:\Users\Charlotte\AppData\Roaming\Mozilla\FireFox\Profiles\q7031uhx.default --
    Extensions\{37fa1426-b82d-11db-8314-0800200c9a66} (WebMail Notifier)
    Prefs.js - browser.download.dir, C:\\Users\\Charlotte\\Downloads
    Prefs.js - browser.download.lastDir, C:\\Users\\Charlotte\\Documents\\charlotte\\photos, textes
    Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.18
    Prefs.js - keyword.URL, hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q=

    ========================================

    **** Internet Explorer Version [7.0.6002.18005] ****

    HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
    HKCU_Main|Start Page - hxxp://fr.msn.com/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
    HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Start Page - hxxp://fr.msn.com/
    HKCU_URLSearchHooks|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - "uTorrentBar_FR Toolbar" (C:\Program Files\uTorrentBar_FR\tbuTo1.dll)
    HKLM_URLSearchHooks|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - "uTorrentBar_FR Toolbar" (C:\Program Files\uTorrentBar_FR\tbuTo1.dll)
    HKCU_SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - "Search Results" (hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms})
    HKLM_SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - "Search Results" (hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms})
    HKCU_Toolbar\ShellBrowser|{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} (C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll)
    HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (x)
    HKCU_Toolbar\WebBrowser|{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} (C:\Program Files\uTorrentBar_FR\tbuTo1.dll)
    HKLM_Toolbar|{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} (C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll)
    HKLM_Toolbar|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} (C:\Program Files\uTorrentBar_FR\tbuTo1.dll)
    HKLM_Toolbar|{99079a25-328f-4bd4-be04-00955acaa0a7} (x)
    HKCU_ElevationPolicy\{D09C464F-07DE-4C04-ABB4-88C30329C02D} - C:\Users\Marion\AppData\Local\Yahoo!\BrowserPlus\2.5.1\BrowserPlusCore.exe (x)
    HKCU_ElevationPolicy\{F6406B2D-39A7-4566-A174-E19DDD818A95} - C:\Users\Marion\AppData\Local\Yahoo!\BrowserPlus\2.4.21\BrowserPlusCore.exe (x)
    HKLM_ElevationPolicy\{3C137FA4-F8F1-4DE4-91B4-5B5188AA4966} - C:\Program Files\uTorrentBar_FR\uTorrentBar_FRToolbarHelper.exe (?)
    HKLM_ElevationPolicy\{4198D414-038F-49EA-AD6A-6D324404780C} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\dtUser.exe (Visicom Media Inc.)
    HKLM_ElevationPolicy\{74351F14-5437-4d87-805B-04D409B09976} - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
    BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?)
    BHO\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - "uTorrentBar_FR Toolbar" (C:\Program Files\uTorrentBar_FR\tbuTo1.dll)
    BHO\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - "ShowBarObj Class" (C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 980 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 18 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 25/07/2011 12:14:17 (23314 Octet(s))
    C:\Ad-Report-SCAN[1].txt - 23/07/2011 20:05:08 (25347 Octet(s))

    Fin à: 12:19:46, 25/07/2011

    ============== E.O.F ==============

    Rapport ZHPDiag:

    http://www.cijoint.fr/cjlink.php?file=cj201107/cijz3eTpZP.txt

    (et est ce que ces opérations peuvent faire planter Firefox? Car après le redémarrage de mon ordi après le nettoyage de Ad Remover, Firefox ne s'ouvre plus et m'envoie des messages de plantage...)
    0
  4. Utilisateur anonyme
     
    Salut

    Pour Firefox on verra plus tard ,peut être que ton Profil est Corrompu ?,

    Fais ce qui suit :

    1) Cliques sur >< démarrer >> Panneau de Configuration >> Désinstaller un programme

    Désinstalles >> Windows iLivid Toolbar et iLivid

    ensuite

    2) /!\ ZHPFix /!\

    * ferme toutes les applications ouvertes.
    * Copies tout le texte présent en gras ci-dessous
    *( tu le selectionnes avec ta souris >> Clique droit dessus et choisis "copier" ou fait Ctrl+C )


    M2 - MFEP: prefs.js [Marion - ia8yl79j.default\ffxtlbr@babylon.com] [] Babylon v1.1.8 (.Babylon.)
    G0 - GCSP: Preference [User Data\Default][HomePage] http://www.searchnu.com/
    O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} . (...) -- (.not file.)
    O43 - CFD: 11.07.2011 - 17:46:14 - [8489081] ----D- C:\Program Files\Windows iLivid Toolbar
    O87 - FAEL: "{9FFD80F2-6F5F-4CE1-A478-FA27B924E590}" | In - Private - P6 - TRUE | .(.Visicom Media Inc. - DTX broker.) -- C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe
    O87 - FAEL: "{05F25502-7937-43A1-8F4E-CE5EDA041D37}" | In - Private - P17 - TRUE | .(.Visicom Media Inc. - DTX broker.) -- C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe
    [HKLM\Software\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}]
    [HKLM\Software\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}]
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}]
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    [HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
    C:\Program Files\Windows iLivid Toolbar
    C:\Users\Marion\AppData\Roaming\Mozilla\Firefox\Profiles\ia8yl79j.default\Extensions\ffxtlbr@babylon.com

    EmptyFlash
    Emptytemp



    * Double Clique sur l'icone ZhpFix du bureau pour le lancer ( l icone en forme de seringue) .
    * >> ZHPFix >IMAGE ZHPFix sur ton Bureau
    * Utilisateurs de Windows7/Vista >> Fais un clic-droit sur le raccourci de ZHPFix et choisis "Exécuter en temps qu'administrateur"
    * Une fois l'outil ZHPFix ouvert ,

    * clique sur le bouton [ H ] ==> Image .

    * Dans l'encadré principal
    * tu verras donc les lignes que tu as copié précédemment apparaitre .
    * Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.
    * cliques >> sur le Bouton " GO "
    * colle le rapport obtenu .

    @+ VIRUS/C/C
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. royounette Messages postés 14 Statut Membre
     
    Mon profil ?

    Voila le rapport:

    Rapport de ZHPFix 1.12.3344 par Nicolas Coolman, Update du 21/07/2011
    Fichier d'export Registre :
    Run by Marion at 25.07.2011 16:10:03
    Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
    Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

    ========== Clé(s) du Registre ==========
    SUPPRIME Key: HKLM\Software\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
    SUPPRIME Key: HKLM\Software\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}
    SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}
    SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    SUPPRIME Key: HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iLivid
    ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar

    ========== Valeur(s) du Registre ==========
    SUPPRIME Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7}
    SUPPRIME {9FFD80F2-6F5F-4CE1-A478-FA27B924E590}
    SUPPRIME {05F25502-7937-43A1-8F4E-CE5EDA041D37}

    ========== Préférences navigateur ==========
    PRESENT Chrome File: C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Preferences
    SUPPRIME Chrome Site: http://www.searchnu.com/
    SUPPRIME Chrome Site: http://www.searchnu.com/

    ========== Dossier(s) ==========
    SUPPRIME Folder: C:\Users\Marion\AppData\Roaming\Mozilla\Firefox\Profiles\ia8yl79j.default\extensions\ffxtlbr@babylon.com
    SUPPRIME Folder*: C:\Program Files\Windows iLivid Toolbar
    SUPPRIME Flash Cookies: 16
    SUPPRIME Temporaires Windows: : 106

    ========== Fichier(s) ==========
    ABSENT Folder/File: c:\program files\windows ilivid toolbar
    ABSENT Folder/File: c:\users\marion\appdata\roaming\mozilla\firefox\profiles\ia8yl79j.default\extensions\ffxtlbr@babylon.com
    SUPPRIME Flash Cookies: 18
    SUPPRIME Temporaires Windows: : 652

    ========== Récapitulatif ==========
    7 : Clé(s) du Registre
    3 : Valeur(s) du Registre
    4 : Dossier(s)
    4 : Fichier(s)
    3 : Préférences navigateur

    ========== Chemin du fichier rapport ==========
    C:\Program Files\ZHPDiag\ZHPFixReport.txt

    End of the scan in 05mn 17s
    0
  7. Utilisateur anonyme
     
    Re

    1) As-tu désinstallé les logiciels marqués ??

    2) * Télécharges Malwarebytes' (mbam)

    ICI >> Malwarebytes' (mbam)

    * installes + mise a jour <== A faire !!
    * Lances--> Malwarebytes (MBAM)
    * Puis vas dans l'onglet "Recherche", coche >>Exécuter un examen complet
    * puis "Rechercher"
    * Sélectionnes tes disques durs" puis clique sur "Lancer l'examen"
    * A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
    * Si MalwareBytes' détecte des infections, clique sur ==>Afficher les résultats, puis sur ==>Supprimer la sélection
    * S'il t' es demandé de redémarrer, clique sur "oui "
    * aprés la suppression(s) de ou des infections trouvées --> poste le rapport ici
    !!! Ne pas vider la quarantaine de MBAM sans avis !!!

    @+ VIRUS/C/C
    0
  8. royounette Messages postés 14 Statut Membre
     
    J'avais supprimé les 2 logiciels que tu m'avais dit ^^

    Voila le rapport:

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Version de la base de données: 7275

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 7.0.6002.18005

    25.07.2011 20:30:13
    mbam-log-2011-07-25 (20-30-13).txt

    Type d'examen: Examen complet (C:\|D:\|E:\|)
    Elément(s) analysé(s): 411410
    Temps écoulé: 1 heure(s), 46 minute(s), 6 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 5

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\program files\ad-remover\quarantine\C\program files\clickpotatolite\bin\10.0.529.0\clickpotatolitesahook.dll.vir (Adware.HotBar.Gen) -> Quarantined and deleted successfully.
    c:\program files\ad-remover\quarantine\C\program files\clickpotatolite\bin\10.0.529.0\launchhelp.dll.vir (Adware.Seekmo) -> Quarantined and deleted successfully.
    c:\program files\ad-remover\quarantine\C\program files\clickpotatolite\bin\10.0.529.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\ad-remover\quarantine\C\program files\mozilla firefox\plugins\npclntax_clickpotatolitesa.dll.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\Users\Marion\downloads\adobe illustrator cs5 esd\adobe_il_cs5_keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
    0
  9. Utilisateur anonyme
     
    Salut

    1) * Lances Malwarebytes
    * cliques sur >> quarantaine>> selectionnes tout et supprimes tout ok !!
    * si il te demande de redémarrer >> redémarre ton PC
    et
    * Fais la mise a jour

    * tu refais avec Malwarebytes une analyse rapide + Suppression(s) de ce que tu trouveras éventuellement

    * Poste le rapport

    ensuite

    2) * Fais une Sauvegarde du Registre

    * cliques sur Démarrer
    * Dans la barre de recherche Tape -->

    regedit

    * cliques sur >> regedit

    * Valide par Oui a la demande d Autorisation

    * Dans le Registre > Clique sur Fichier > Exporter.
    * Dans la nouvelle fenêtre
    * Donne un nom de fichier : SauvReg .
    * Choisis un emplacement >> " Documents "
    * Garde l'extension .reg et cocher Tout. Valide.

    * Rends toi dans " Documents " et vérifie la présence de SauvReg, et tu me le confirme !

    une fois ceci de fait reviens !!

    @+ VIRUS/C/C
    0
  10. royounette Messages postés 14 Statut Membre
     
    Le rapport:

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Version de la base de données: 7279

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 7.0.6002.18005

    26.07.2011 12:05:08
    mbam-log-2011-07-26 (12-05-08).txt

    Type d'examen: Examen rapide
    Elément(s) analysé(s): 218627
    Temps écoulé: 8 minute(s), 35 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Et SauvReg est dans les documents ^^
    0
  11. Utilisateur anonyme
     
    Salut

    * 1) Télécharge OTL (de OldTimer) sur ton Bureau.

    >> OTL (de OldTimer)

    * Utilisateurs Windows XP => double clique >>sur OTL.exe
    * Utilisateurs Windows Vista / windows 7 => clic droit "executer en tant que en tant qu'administrateur "sur OTL.exe pour le lancer.

    coches les cases lop & purity check ainsi que en haut Tous les Utilisateurs et minimal output

    * Copies et colles le Texte en gras çi dessous dans la partie inférieure d'OTL sous >> Personalisation :


    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    SAVEMBR:0
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Cliques sur l'icône "Analyse" (en haut à gauche) .
    * Laisse le scan aller à son terme sans te servir du PC
    * A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
    * Copie et colle le contenu de OTL.Txt dans ta prochaine réponse

    * Héberge le rapport >> OTL.Txt sur ce site,
    >> Cijoint.fr
    * puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.

    * Pour t aider ,pour heberger le rapport
    * rends toi sur Cijoint.fr
    * clic sur Parcourir
    * trouve >> le rapport que tu viens d'enregistrer qui doit par exemple être sur ton bureau
    * et valide en cliquant sur >> Cliquez ici pour déposer le Fichier
    * un lien de ce genre http://www.cijoint.fr/cjlink.php?file=cj201004/cijecaEGX.txt te sera généré,
    * il te suffit de le poster ici pour que je puisse voir le rapport

    2) fais aprés de même avec le rapport >> Extras.Txt

    Ensuite

    3) Un fichier c:\PhysicalMBR.bin est crée à la racine du disque système (en général "c:\PhysicalMBR.bin")
    Analyse le sur Virustotal :

    >> Virus Total

    * * Clique sur Parcourir en haut, cherche ce fichier :c:\PhysicalMBR.bin

    * Clique maintenant sur Envoyer le fichier.
    laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
    * Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
    * Lorsque l'analyse est terminée ("Situation actuelle: terminé"),
    * clique sur>> Formaté en haut à gauche (au dessus du mot "Antivirus" )
    * Une nouvelle fenêtre de ton navigateur va apparaître
    * Clique alors sur les deux fleches
    * Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
    * Enfin colle le résultat

    @+ VIRUS/C/C
    0
  12. royounette Messages postés 14 Statut Membre
     
    Le rapport OTL:

    OTL logfile created on: 26.07.2011 12:41:27 - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Marion\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 0000100C | Country: Suisse | Language: FRS | Date Format: dd.MM.yyyy

    2.99 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 54.10% Memory free
    6.18 Gb Paging File | 4.92 Gb Available in Paging File | 79.55% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.44 Gb Total Space | 18.77 Gb Free Space | 16.84% Space Free | Partition Type: NTFS
    Drive D: | 232.88 Gb Total Space | 105.07 Gb Free Space | 45.12% Space Free | Partition Type: NTFS
    Drive E: | 111.44 Gb Total Space | 111.20 Gb Free Space | 99.78% Space Free | Partition Type: NTFS
    Drive F: | 298.90 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: EINSTEIN | User Name: Marion | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    [color=#E56717]========== Processes (SafeList) ==========[/color]

    PRC - C:\Users\Marion\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    PRC - C:\Users\Marion\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    PRC - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
    PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
    PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
    PRC - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
    PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    PRC - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
    PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
    PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
    PRC - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
    PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
    PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
    PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
    PRC - C:\ACER\Mobility Center\MobilityService.exe ()
    PRC - C:\Windows\PLFSetI.exe ()
    PRC - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (Logitech Inc.)
    PRC - C:\Program Files\Palm\HOTSYNC.EXE (Palm, Inc.)

    [color=#E56717]========== Modules (SafeList) ==========[/color]

    MOD - C:\Users\Marion\Downloads\OTL.exe (OldTimer Tools)
    MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\SysHook.dll ()
    MOD - C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Inc.)

    [color=#E56717]========== Win32 Services (SafeList) ==========[/color]

    SRV - (Nero BackItUp Scheduler 4.0) -- File not found
    SRV - (LVSrvLauncher) -- File not found
    SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
    SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
    SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
    SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
    SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
    SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
    SRV - (LVPrcSrv) -- c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (Logitech Inc.)

    [color=#E56717]========== Driver Services (SafeList) ==========[/color]

    DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
    DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
    DRV - (NETw5v32) Pilote de carte Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
    DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
    DRV - (A310) -- C:\Windows\System32\drivers\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.)
    DRV - (BDASwCap) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.)
    DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
    DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
    DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
    DRV - (NTIPPKernel) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
    DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
    DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
    DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)
    DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys (Logitech Inc.)

    [color=#E56717]========== Standard Registry (SafeList) ==========[/color]

    [color=#E56717]========== Internet Explorer ==========[/color]

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://www.bing.com/spresults.aspx
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    IE - HKLM\..\URLSearchHook: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files\uTorrentBar_FR\tbuTo1.dll (Conduit Ltd.)

    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-21-2151653560-3182608252-2240940037-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-2151653560-3182608252-2240940037-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    IE - HKU\S-1-5-21-2151653560-3182608252-2240940037-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2151653560-3182608252-2240940037-1000\..\URLSearchHook: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files\uTorrentBar_FR\tbuTo1.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-2151653560-3182608252-2240940037-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2151653560-3182608252-2240940037-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    [color=#E56717]========== FireFox ==========[/color]

    FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
    FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
    FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Marion\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.6.0: C:\Users\Marion\AppData\Local\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll (Yahoo! Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.09.07 20:03:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.26 11:04:31 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.25 12:18:47 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.09.07 20:03:23 | 000,000,000 | ---D | M]

    [2011.07.20 02:27:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marion\AppData\Roaming\mozilla\Extensions
    [2009.04.15 19:31:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marion\AppData\Roaming\mozilla\Extensions\celtx@celtx.com
    [2009.02.01 13:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marion\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
    [2011.07.25 20:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marion\AppData\Roaming\mozilla\Firefox\Profiles\ia8yl79j.default\extensions
    [2011.01.31 20:46:02 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Marion\AppData\Roaming\mozilla\Firefox\Profiles\ia8yl79j.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
    [2011.04.27 08:38:18 | 000,000,000 | ---D | M] (uTorrentBar_FR Community Toolbar) -- C:\Users\Marion\AppData\Roaming\mozilla\Firefox\Profiles\ia8yl79j.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}
    [2010.04.28 17:53:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marion\AppData\Roaming\mozilla\Firefox\Profiles\ia8yl79j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010.01.26 12:45:47 | 000,000,000 | ---D | M] (Scribblies Kids) -- C:\Users\Marion\AppData\Roaming\mozilla\Firefox\Profiles\ia8yl79j.default\extensions\{33A8946C-B859-4f7d-8382-ADAB29623DEE}
    [2011.06.21 13:43:14 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Marion\AppData\Roaming\mozilla\Firefox\Profiles\ia8yl79j.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
    [2011.06.06 20:37:31 | 000,000,000 | ---D | M] (Currency Converter) -- C:\Users\Marion\AppData\Roaming\mozilla\Firefox\Profiles\ia8yl79j.default\extensions\{af5514fc-7603-4cec-9894-f07f3d8672a5}
    [2011.06.21 13:42:59 | 000,000,000 | ---D | M] (Ecosia - The Green Search) -- C:\Users\Marion\AppData\Roaming\mozilla\Firefox\Profiles\ia8yl79j.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}
    [2011.06.21 13:42:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Marion\AppData\Roaming\mozilla\Firefox\Profiles\ia8yl79j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2011.04.27 08:38:14 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Marion\AppData\Roaming\mozilla\Firefox\Profiles\ia8yl79j.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
    [2009.12.27 17:44:54 | 000,000,000 | ---D | M] (Recherche Allocine) -- C:\Users\Marion\AppData\Roaming\mozilla\Firefox\Profiles\ia8yl79j.default\extensions\Allo@ci.ne
    [2011.07.25 20:46:56 | 000,000,000 | ---D | M] ("pearltrees") -- C:\Users\Marion\AppData\Roaming\mozilla\Firefox\Profiles\ia8yl79j.default\extensions\collector@broceliand.fr
    [2009.09.26 17:10:55 | 000,000,000 | ---D | M] ("Illimitux") -- C:\Users\Marion\AppData\Roaming\mozilla\Firefox\Profiles\ia8yl79j.default\extensions\illimitux@illimitux.net
    [2011.03.21 20:12:27 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Marion\AppData\Roaming\mozilla\Firefox\Profiles\ia8yl79j.default\extensions\personas@christopher.beard
    [2010.11.21 19:15:55 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\Marion\AppData\Roaming\mozilla\Firefox\Profiles\ia8yl79j.default\extensions\youtube2mp3@mondayx.de
    [2011.07.25 20:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
    [2010.04.26 20:30:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010.10.15 10:32:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011.02.19 11:51:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011.07.20 13:21:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2009.04.15 19:30:20 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
    [2009.04.15 19:30:23 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
    [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2006.07.31 17:07:16 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
    [2011.03.25 21:02:43 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
    [2011.07.22 15:16:00 | 000,002,191 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2011.03.25 21:02:43 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2011.03.25 21:02:43 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
    [2011.07.11 17:45:38 | 000,002,501 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
    [2011.03.25 21:02:43 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
    [2011.03.25 21:02:43 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2010.08.30 20:05:45 | 000,416,917 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 14391 more lines...
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (uTorrentBar_FR Toolbar) - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files\uTorrentBar_FR\tbuTo1.dll (Conduit Ltd.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
    O3 - HKLM\..\Toolbar: (uTorrentBar_FR Toolbar) - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files\uTorrentBar_FR\tbuTo1.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-2151653560-3182608252-2240940037-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKU\S-1-5-21-2151653560-3182608252-2240940037-1000\..\Toolbar\WebBrowser: (uTorrentBar_FR Toolbar) - {05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} - C:\Program Files\uTorrentBar_FR\tbuTo1.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)
    O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
    O4 - HKLM..\Run: [eRecoveryService] File not found
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE (Dritek System Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
    O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
    O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2151653560-3182608252-2240940037-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-2151653560-3182608252-2240940037-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O4 - Startup: C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
    O4 - Startup: C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk = File not found
    O4 - Startup: C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sommaire de OneNote.onetoc2 ()
    O4 - Startup: C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (Palm, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-2151653560-3182608252-2240940037-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL (Google)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Marion\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Marion\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2008.12.21 22:17:22 | 000,470,903 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{a90e4155-ef84-11dd-ad71-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{a90e4155-ef84-11dd-ad71-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2008.10.20 08:13:51 | 000,574,800 | R--- | M] (Hewlett-Packard)
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    SafeBootMin: AppMgmt - Service
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: NTDS - File not found
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    SafeBootNet: AppMgmt - Service
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: HelpSvc - Service
    SafeBootNet: Messenger - Service
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: NTDS - File not found
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: rdsessmgr - Service
    SafeBootNet: sacsvr - Service
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vsmon - Service
    SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
    SafeBootNet: WudfPf - Driver
    SafeBootNet: WudfUsbccidDriver - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.ffds - C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll ()
    Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
    PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

    [2011.07.26 00:09:59 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\{15FE45EA-99C4-4EDE-B0AB-AA231D665CD7}
    [2011.07.25 18:41:46 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Malwarebytes
    [2011.07.25 18:41:34 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011.07.25 18:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011.07.25 18:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011.07.25 18:41:24 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011.07.25 18:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011.07.25 13:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2011.07.25 12:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
    [2011.07.25 12:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
    [2011.07.25 12:09:18 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\{E37CF2A1-8FAB-432F-8270-1ABB553D2A6F}
    [2011.07.24 12:34:34 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\{B3FE0592-1552-4901-A3E8-F35270299D77}
    [2011.07.23 20:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
    [2011.07.23 19:01:03 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\{6B9F548A-D536-4DFD-8FF4-0CDF87DF630D}
    [2011.07.22 12:24:42 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\{3D646EF8-DBCB-4F96-B7B3-13BC431B1D7E}
    [2011.07.21 12:47:27 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\{113EE13B-DC25-4D68-91EF-6496A20DC312}
    [2011.07.20 13:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011.07.20 13:20:58 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
    [2011.07.20 13:20:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
    [2011.07.20 13:20:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
    [2011.07.20 13:11:39 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\{F6F82718-3C3C-4980-96A1-AA0DC3965C93}
    [2011.07.20 13:10:38 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2011.07.20 01:09:56 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
    [2011.07.20 01:09:56 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
    [2011.07.20 01:03:36 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2011.07.20 00:20:07 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\{B884B7E1-B4AD-4C00-8C45-12F021557D61}
    [2011.07.12 11:59:28 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\{7959FA7B-849A-4E94-8325-2F760E20A67C}
    [2011.07.11 17:47:09 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\Ilivid Player
    [2011.07.11 17:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
    [2011.07.11 17:45:13 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\PackageAware
    [2011.07.11 13:41:54 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\{92E868B4-96F2-496C-86A1-B3D800EBCFB5}
    [2011.07.10 22:20:51 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\{05250F00-8EF8-44A4-AA06-D26689633E03}
    [2011.07.01 11:39:35 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\{CBECDA15-9629-4AF8-8A6A-39001E687E1D}
    [2011.06.30 15:42:55 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\{7FE58ABC-325A-4A29-838C-8D4CD3472B2F}
    [2011.06.29 13:40:44 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2011.06.29 13:38:30 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\{4E571B86-79FA-41EA-BB8E-54F1E90779C9}
    [2011.06.28 13:38:58 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\{5346D3D9-5383-45E2-B6C0-F80F279B2DE6}
    [2011.06.27 13:36:50 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\{AC5D6AEA-D8E2-4498-BB59-C5E97F7A14EA}
    [2011.06.26 22:14:47 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\{D4C89D8F-2752-43D3-8986-524BB2F11B81}
    [2009.06.17 17:41:41 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Marion\AppData\Roaming\pcouffin.sys
    [2008.07.22 10:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

    [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

    [2011.07.26 12:46:24 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
    [2011.07.26 12:45:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011.07.26 12:08:45 | 445,409,818 | ---- | M] () -- C:\Users\Marion\Documents\SauvReg.reg
    [2011.07.26 11:59:10 | 000,001,000 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2011.07.26 11:50:02 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
    [2011.07.26 11:50:02 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011.07.26 11:50:02 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
    [2011.07.26 11:50:02 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011.07.26 11:45:04 | 000,042,398 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2011.07.26 11:45:04 | 000,042,398 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2011.07.26 11:44:41 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011.07.26 11:42:31 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
    [2011.07.26 11:42:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011.07.26 11:42:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011.07.26 11:41:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011.07.25 21:33:59 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2011.07.25 12:42:16 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
    [2011.07.25 12:06:08 | 000,000,942 | ---- | M] () -- C:\Users\Marion\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011.07.25 12:05:41 | 001,679,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011.07.23 20:29:24 | 000,002,401 | ---- | M] () -- C:\Users\Marion\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
    [2011.07.21 18:06:57 | 000,000,245 | ---- | M] () -- C:\Windows\wininit.ini
    [2011.07.20 13:10:38 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2011.07.12 13:47:34 | 000,010,752 | ---- | M] () -- C:\Users\Marion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011.07.11 16:03:05 | 000,166,892 | ---- | M] () -- C:\Windows\hpoins30.dat
    [2011.07.11 15:30:53 | 000,166,837 | ---- | M] () -- C:\Windows\hpoins30.dat.temp
    [2011.07.10 15:27:59 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011.07.04 13:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011.07.04 13:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2011.07.04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2011.07.04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2011.07.04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2011.07.04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2011.07.04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2011.07.04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

    [color=#E56717]========== Files Created - No Company Name ==========[/color]

    [2011.07.26 12:46:24 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
    [2011.07.26 12:06:59 | 445,409,818 | ---- | C] () -- C:\Users\Marion\Documents\SauvReg.reg
    [2011.07.25 12:42:16 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin
    [2011.07.24 12:31:31 | 000,000,942 | ---- | C] () -- C:\Users\Marion\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011.07.20 02:27:38 | 000,000,245 | ---- | C] () -- C:\Windows\wininit.ini
    [2011.06.26 10:37:56 | 000,166,837 | ---- | C] () -- C:\Windows\hpoins30.dat.temp
    [2010.08.04 12:55:00 | 000,000,008 | ---- | C] () -- C:\Users\Marion\AppData\Roaming\DofusAppId0_1
    [2010.08.04 12:13:33 | 000,000,173 | ---- | C] () -- C:\Users\Marion\AppData\Roaming\D2Info0
    [2010.08.04 12:13:33 | 000,000,008 | ---- | C] () -- C:\Users\Marion\AppData\Roaming\DofusAppId0_2
    [2010.07.28 14:53:46 | 000,001,682 | ---- | C] () -- C:\Program Files\VaudTax2009.lnk
    [2010.04.18 21:47:52 | 000,078,337 | ---- | C] () -- C:\Windows\hpqins05.dat
    [2009.09.28 20:02:33 | 000,000,600 | ---- | C] () -- C:\Users\Marion\AppData\Roaming\winscp.rnd
    [2009.09.24 17:16:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009.09.24 17:16:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009.09.19 19:42:54 | 000,000,547 | ---- | C] () -- C:\Windows\hpomdl30.dat.temp
    [2009.09.07 19:49:30 | 000,166,892 | ---- | C] () -- C:\Windows\hpoins30.dat
    [2009.06.17 17:43:03 | 000,001,041 | ---- | C] () -- C:\Users\Marion\AppData\Roaming\vso_ts_preview.xml
    [2009.06.17 17:41:41 | 000,087,608 | ---- | C] () -- C:\Users\Marion\AppData\Roaming\inst.exe
    [2009.06.17 17:41:41 | 000,007,887 | ---- | C] () -- C:\Users\Marion\AppData\Roaming\pcouffin.cat
    [2009.06.17 17:41:41 | 000,001,144 | ---- | C] () -- C:\Users\Marion\AppData\Roaming\pcouffin.inf
    [2009.06.17 17:29:14 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2009.06.17 16:45:24 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
    [2009.05.19 19:35:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009.04.16 11:44:04 | 000,000,241 | ---- | C] () -- C:\Windows\SIERRA.INI
    [2009.03.07 02:27:54 | 000,096,840 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2009.02.11 19:35:33 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009.02.07 10:40:30 | 000,042,398 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009.02.07 10:40:26 | 000,042,398 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2009.01.31 15:14:53 | 000,010,752 | ---- | C] () -- C:\Users\Marion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009.01.31 14:30:20 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2009.01.31 11:58:14 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
    [2009.01.31 11:58:14 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
    [2009.01.31 11:58:14 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
    [2009.01.31 11:38:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2009.01.31 11:19:43 | 000,008,268 | ---- | C] () -- C:\Users\Marion\AppData\Local\d3d9caps.dat
    [2008.12.05 04:52:59 | 000,000,547 | ---- | C] () -- C:\Windows\hpomdl30.dat
    [2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
    [2008.04.18 12:48:24 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2008.04.18 04:13:05 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
    [2008.04.18 04:13:05 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
    [2008.04.18 03:19:13 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
    [2008.04.18 03:15:45 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
    [2008.04.18 03:06:09 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
    [2008.04.18 03:06:09 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
    [2008.04.18 03:06:09 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
    [2008.04.18 03:06:09 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
    [2008.01.21 10:40:50 | 000,679,042 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
    [2008.01.21 10:40:50 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
    [2008.01.21 10:40:50 | 000,126,626 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
    [2008.01.21 10:40:50 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
    [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006.11.02 14:47:37 | 001,679,192 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006.06.26 11:33:40 | 000,023,472 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
    [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
    [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
    [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
    [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
    [1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

    [color=#E56717]========== LOP Check ==========[/color]

    [2008.04.18 03:34:46 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Acer GameZone Console
    [2009.04.18 09:31:45 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\DAEMON Tools
    [2009.04.18 09:31:45 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\DAEMON Tools Lite
    [2009.04.18 09:31:45 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\DAEMON Tools Pro
    [2010.11.03 22:48:45 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\LimeWire
    [2008.04.18 03:34:46 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
    [2008.04.18 03:34:46 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
    [2008.04.18 03:34:46 | 000,000,000 | ---D | M] -- C:\Users\Invité\AppData\Roaming\Acer GameZone Console
    [2008.04.18 03:34:46 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Acer GameZone Console
    [2010.08.04 12:55:07 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\app
    [2010.10.21 23:19:02 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Audacity
    [2010.03.19 15:17:11 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\CheckPoint
    [2009.03.31 00:43:42 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\DAEMON Tools
    [2009.03.31 00:47:41 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\DAEMON Tools Lite
    [2009.03.31 00:43:42 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\DAEMON Tools Pro
    [2010.09.12 18:43:00 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\dofus 2
    [2010.08.04 12:13:33 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
    [2010.08.04 12:55:00 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
    [2009.02.04 22:36:14 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\FileZilla
    [2011.06.18 16:09:37 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\go
    [2009.04.15 19:31:34 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Greyfirst
    [2011.01.12 16:59:19 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\LolClient
    [2011.05.14 22:32:10 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Octoshape
    [2009.03.10 20:56:10 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\PlayFirst
    [2010.08.04 12:55:07 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
    [2010.03.17 20:27:18 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\ScummVM
    [2010.09.30 22:15:16 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Total Immersion
    [2011.07.26 11:54:46 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\uTorrent
    [2010.09.25 22:05:00 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Vso
    [2008.04.18 03:34:46 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\Acer GameZone Console
    [2011.07.25 21:33:59 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    [2011.07.26 00:23:52 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    [color=#E56717]========== Purity Check ==========[/color]

    [color=#E56717]========== Custom Scans ==========[/color]

    [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]

    [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]

    [color=#A23BEC]< %APPDATA%\*. >[/color]
    [2008.04.18 03:34:46 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Acer GameZone Console
    [2011.06.19 17:36:50 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Adobe
    [2010.08.04 12:55:07 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\app
    [2009.02.01 21:01:03 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Apple Computer
    [2010.10.21 23:19:02 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Audacity
    [2010.03.19 15:17:11 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\CheckPoint
    [2009.02.05 19:38:06 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\CyberLink
    [2009.03.31 00:43:42 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\DAEMON Tools
    [2009.03.31 00:47:41 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\DAEMON Tools Lite
    [2009.03.31 00:43:42 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\DAEMON Tools Pro
    [2009.03.09 01:55:24 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\DivX
    [2010.09.12 18:43:00 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\dofus 2
    [2010.08.04 12:13:33 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
    [2010.08.04 12:55:00 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
    [2011.07.12 15:46:35 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\dvdcss
    [2009.02.04 22:36:14 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\FileZilla
    [2011.06.18 16:09:37 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\go
    [2009.07.23 17:55:39 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Google
    [2009.02.11 23:04:27 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\GRETECH
    [2009.04.15 19:31:34 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Greyfirst
    [2009.10.01 20:39:12 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\HP
    [2009.01.31 11:22:54 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Identities
    [2009.01.31 11:50:47 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\InstallShield
    [2011.01.12 16:59:19 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\LolClient
    [2009.01.31 12:15:14 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Macromedia
    [2011.07.25 18:41:46 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Malwarebytes
    [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Media Center Programs
    [2010.08.31 14:02:21 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Media Player Classic
    [2009.10.05 20:12:17 | 000,000,000 | --SD | M] -- C:\Users\Marion\AppData\Roaming\Microsoft
    [2009.02.11 19:31:50 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Microsoft Web Folders
    [2009.04.23 18:03:21 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\mIRC
    [2011.05.14 22:32:14 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Mozilla
    [2009.06.17 17:26:36 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Nero
    [2011.05.14 22:32:10 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Octoshape
    [2009.03.10 20:56:10 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\PlayFirst
    [2010.08.04 20:58:48 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\PSpad
    [2010.08.04 12:55:07 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
    [2010.03.17 20:27:18 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\ScummVM
    [2009.06.01 21:18:34 | 000,000,000 | RH-D | M] -- C:\Users\Marion\AppData\Roaming\SecuROM
    [2011.07.26 11:54:40 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Skype
    [2011.05.29 09:37:35 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\skypePM
    [2010.09.30 22:15:16 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Total Immersion
    [2011.07.26 11:54:46 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\uTorrent
    [2011.07.12 16:39:27 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\vlc
    [2010.09.25 22:05:00 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Vso
    [2010.01.02 13:25:19 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\WinRAR

    [color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
    [2009.06.17 17:41:41 | 000,087,608 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\inst.exe
    [2007.11.21 04:12:27 | 003,297,280 | ---- | M] (Google) -- C:\Users\Marion\AppData\Roaming\Google\Google Talk\googletalk.exe
    [2009.07.23 18:00:00 | 000,057,729 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Google\Google Talk\uninstall.exe
    [2007.03.22 12:46:40 | 000,126,976 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
    [2010.05.23 15:30:23 | 000,010,240 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\GRETECH\GomPlayer\GrLauncherTempSetup.exe
    [2010.08.04 12:12:34 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Marion\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    [2010.11.09 16:39:36 | 000,010,134 | R--- | M] () -- C:\Users\Marion\AppData\Roaming\Microsoft\Installer\{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}\ARPPRODUCTICON.exe
    [2009.04.17 16:49:25 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Marion\AppData\Roaming\Microsoft\Installer\{99529516-4696-483A-A235-5D340A2B35EF}\ARPPRODUCTICON.exe
    [2009.04.17 16:49:25 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Marion\AppData\Roaming\Microsoft\Installer\{99529516-4696-483A-A235-5D340A2B35EF}\BluetoothShortcut.exe
    [2009.04.17 16:49:25 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Marion\AppData\Roaming\Microsoft\Installer\{99529516-4696-483A-A235-5D340A2B35EF}\BluetoothShortcut_DEU.exe
    [2009.04.17 16:49:25 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Marion\AppData\Roaming\Microsoft\Installer\{99529516-4696-483A-A235-5D340A2B35EF}\BluetoothShortcut_ITA.exe
    [2009.04.17 16:49:25 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Marion\AppData\Roaming\Microsoft\Installer\{99529516-4696-483A-A235-5D340A2B35EF}\NewShortcut5.exe
    [2009.04.17 16:49:25 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Marion\AppData\Roaming\Microsoft\Installer\{99529516-4696-483A-A235-5D340A2B35EF}\NewShortcut5_2.exe
    [2009.04.17 16:49:25 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Marion\AppData\Roaming\Microsoft\Installer\{99529516-4696-483A-A235-5D340A2B35EF}\PalmDesktopShortcut.exe
    [2010.11.09 16:41:00 | 000,010,134 | R--- | M] () -- C:\Users\Marion\AppData\Roaming\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
    [2009.06.04 18:58:50 | 000,010,134 | R--- | M] () -- C:\Users\Marion\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
    [2010.11.09 16:37:54 | 000,010,134 | R--- | M] () -- C:\Users\Marion\AppData\Roaming\Microsoft\Installer\{EA516024-D84D-4
    0
  13. royounette Messages postés 14 Statut Membre
     
    Je n'ai pas pu tout mettre sur un sujet visiblement ^^'

    Bon la suite du Extras il est sur le lien, donc ça devrait suffire ^^

    Et pour Virus Total, je n'ai pas trouvé les 2 fleches, mais je copies quand meme ce que je peux :

    * Table
    * Tabulated
    * CSV
    * HTML
    * BBCode
    * Show positives only

    Antivirus Version Last update Result
    AhnLab-V3 2011.07.26.01 2011.07.26 -
    AntiVir 7.11.12.110 2011.07.26 -
    Antiy-AVL 2.0.3.7 2011.07.26 -
    Avast 4.8.1351.0 2011.07.26 -
    Avast5 5.0.677.0 2011.07.26 -
    AVG 10.0.0.1190 2011.07.26 -
    BitDefender 7.2 2011.07.26 -
    CAT-QuickHeal 11.00 2011.07.26 -
    ClamAV 0.97.0.0 2011.07.26 -
    Commtouch 5.3.2.6 2011.07.26 -
    Comodo 9517 2011.07.26 -
    DrWeb 5.0.2.03300 2011.07.26 -
    Emsisoft 5.1.0.8 2011.07.26 -
    eSafe 7.0.17.0 2011.07.25 -
    eTrust-Vet 36.1.8465 2011.07.26 -
    F-Prot 4.6.2.117 2011.07.25 -
    F-Secure 9.0.16440.0 2011.07.26 -
    Fortinet 4.2.257.0 2011.07.26 -
    GData 22 2011.07.26 -
    Ikarus T3.1.1.104.0 2011.07.26 -
    Jiangmin 13.0.900 2011.07.25 -
    K7AntiVirus 9.108.4945 2011.07.25 -
    Kaspersky 9.0.0.837 2011.07.26 -
    McAfee 5.400.0.1158 2011.07.26 -
    McAfee-GW-Edition 2010.1D 2011.07.26 -
    Microsoft 1.7104 2011.07.26 -
    NOD32 6325 2011.07.26 -
    Norman 6.07.10 2011.07.26 -
    nProtect 2011-07-26.02 2011.07.26 -
    Panda 10.0.3.5 2011.07.25 -
    PCTools 8.0.0.5 2011.07.26 -
    Prevx 3.0 2011.07.26 -
    Rising 23.68.00.05 2011.07.25 -
    Sophos 4.67.0 2011.07.26 -
    SUPERAntiSpyware 4.40.0.1006 2011.07.26 -
    Symantec 20111.1.0.186 2011.07.26 -
    TheHacker 6.7.0.1.262 2011.07.24 -
    TrendMicro 9.200.0.1012 2011.07.26 -
    TrendMicro-HouseCall 9.200.0.1012 2011.07.26 -
    VBA32 3.12.16.4 2011.07.26 suspected of Unknown.BootVirus
    VIPRE 9969 2011.07.26 -
    ViRobot 2011.7.26.4589 2011.07.26 -
    VirusBuster 14.0.138.0 2011.07.25 -
    MD5: 59438762a81861edc88193e7bc0c0fb8
    SHA1: df6f998fac7968aedd581c5c0590debe08350503
    SHA256: 192ceb60af761db3f95dcd4268f998858f08d016e134192c7bafd309119a8fa1
    File size: 512 bytes
    Scan date: 2011-07-26 11:07:58 (UTC)

    Antivirus Version Last update Result

    AhnLab-V3 2011.07.26.01 2011.07.26 -

    AntiVir 7.11.12.110 2011.07.26 -

    Antiy-AVL 2.0.3.7 2011.07.26 -

    Avast 4.8.1351.0 2011.07.26 -

    Avast5 5.0.677.0 2011.07.26 -

    AVG 10.0.0.1190 2011.07.26 -

    BitDefender 7.2 2011.07.26 -

    CAT-QuickHeal 11.00 2011.07.26 -

    ClamAV 0.97.0.0 2011.07.26 -

    Commtouch 5.3.2.6 2011.07.26 -

    Comodo 9517 2011.07.26 -

    DrWeb 5.0.2.03300 2011.07.26 -

    Emsisoft 5.1.0.8 2011.07.26 -

    eSafe 7.0.17.0 2011.07.25 -

    eTrust-Vet 36.1.8465 2011.07.26 -

    F-Prot 4.6.2.117 2011.07.25 -

    F-Secure 9.0.16440.0 2011.07.26 -

    Fortinet 4.2.257.0 2011.07.26 -

    GData 22 2011.07.26 -

    Ikarus T3.1.1.104.0 2011.07.26 -

    Jiangmin 13.0.900 2011.07.25 -

    K7AntiVirus 9.108.4945 2011.07.25 -

    Kaspersky 9.0.0.837 2011.07.26 -

    McAfee 5.400.0.1158 2011.07.26 -

    McAfee-GW-Edition 2010.1D 2011.07.26 -

    Microsoft 1.7104 2011.07.26 -

    NOD32 6325 2011.07.26 -

    Norman 6.07.10 2011.07.26 -

    nProtect 2011-07-26.02 2011.07.26 -

    Panda 10.0.3.5 2011.07.25 -

    PCTools 8.0.0.5 2011.07.26 -

    Prevx 3.0 2011.07.26 -

    Rising 23.68.00.05 2011.07.25 -

    Sophos 4.67.0 2011.07.26 -

    SUPERAntiSpyware 4.40.0.1006 2011.07.26 -

    Symantec 20111.1.0.186 2011.07.26 -

    TheHacker 6.7.0.1.262 2011.07.24 -

    TrendMicro 9.200.0.1012 2011.07.26 -

    TrendMicro-HouseCall 9.200.0.1012 2011.07.26 -

    VBA32 3.12.16.4 2011.07.26 suspected of Unknown.BootVirus

    VIPRE 9969 2011.07.26 -

    ViRobot 2011.7.26.4589 2011.07.26 -

    VirusBuster 14.0.138.0 2011.07.25 -

    MD5: 59438762a81861edc88193e7bc0c0fb8

    SHA1: df6f998fac7968aedd581c5c0590debe08350503

    SHA256: 192ceb60af761db3f95dcd4268f998858f08d016e134192c7bafd309119a8fa1

    File size: 512 bytes

    Scan date: 2011-07-26 11:07:58 (UTC)

    "Antivirus", "Version", "Last update", "Result"
    "AhnLab-V3", "2011.07.26.01", "2011.07.26", "-"
    "AntiVir", "7.11.12.110", "2011.07.26", "-"
    "Antiy-AVL", "2.0.3.7", "2011.07.26", "-"
    "Avast", "4.8.1351.0", "2011.07.26", "-"
    "Avast5", "5.0.677.0", "2011.07.26", "-"
    "AVG", "10.0.0.1190", "2011.07.26", "-"
    "BitDefender", "7.2", "2011.07.26", "-"
    "CAT-QuickHeal", "11.00", "2011.07.26", "-"
    "ClamAV", "0.97.0.0", "2011.07.26", "-"
    "Commtouch", "5.3.2.6", "2011.07.26", "-"
    "Comodo", "9517", "2011.07.26", "-"
    "DrWeb", "5.0.2.03300", "2011.07.26", "-"
    "Emsisoft", "5.1.0.8", "2011.07.26", "-"
    "eSafe", "7.0.17.0", "2011.07.25", "-"
    "eTrust-Vet", "36.1.8465", "2011.07.26", "-"
    "F-Prot", "4.6.2.117", "2011.07.25", "-"
    "F-Secure", "9.0.16440.0", "2011.07.26", "-"
    "Fortinet", "4.2.257.0", "2011.07.26", "-"
    "GData", "22", "2011.07.26", "-"
    "Ikarus", "T3.1.1.104.0", "2011.07.26", "-"
    "Jiangmin", "13.0.900", "2011.07.25", "-"
    "K7AntiVirus", "9.108.4945", "2011.07.25", "-"
    "Kaspersky", "9.0.0.837", "2011.07.26", "-"
    "McAfee", "5.400.0.1158", "2011.07.26", "-"
    "McAfee-GW-Edition", "2010.1D", "2011.07.26", "-"
    "Microsoft", "1.7104", "2011.07.26", "-"
    "NOD32", "6325", "2011.07.26", "-"
    "Norman", "6.07.10", "2011.07.26", "-"
    "nProtect", "2011-07-26.02", "2011.07.26", "-"
    "Panda", "10.0.3.5", "2011.07.25", "-"
    "PCTools", "8.0.0.5", "2011.07.26", "-"
    "Prevx", "3.0", "2011.07.26", "-"
    "Rising", "23.68.00.05", "2011.07.25", "-"
    "Sophos", "4.67.0", "2011.07.26", "-"
    "SUPERAntiSpyware", "4.40.0.1006", "2011.07.26", "-"
    "Symantec", "20111.1.0.186", "2011.07.26", "-"
    "TheHacker", "6.7.0.1.262", "2011.07.24", "-"
    "TrendMicro", "9.200.0.1012", "2011.07.26", "-"
    "TrendMicro-HouseCall", "9.200.0.1012", "2011.07.26", "-"
    "VBA32", "3.12.16.4", "2011.07.26", "suspected of Unknown.BootVirus"
    "VIPRE", "9969", "2011.07.26", "-"
    "ViRobot", "2011.7.26.4589", "2011.07.26", "-"
    "VirusBuster", "14.0.138.0", "2011.07.25", "-"
    "MD5", "59438762a81861edc88193e7bc0c0fb8"
    "SHA1", "df6f998fac7968aedd581c5c0590debe08350503"
    "SHA256", "192ceb60af761db3f95dcd4268f998858f08d016e134192c7bafd309119a8fa1"
    "File size", "512 bytes"
    "Scan date", "2011-07-26 11:07:58 (UTC)"
    <table id="filescan">
    <tr>
    <th>Antivirus</th>
    <th>Version</th>
    <th>Last update</th>
    <th>Result</th>
    </tr>
    <tr>
    <td>AhnLab-V3</td>
    <td>2011.07.26.01</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>AntiVir</td>
    <td>7.11.12.110</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>Antiy-AVL</td>
    <td>2.0.3.7</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>Avast</td>
    <td>4.8.1351.0</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>Avast5</td>
    <td>5.0.677.0</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>AVG</td>
    <td>10.0.0.1190</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>BitDefender</td>
    <td>7.2</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>CAT-QuickHeal</td>
    <td>11.00</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>ClamAV</td>
    <td>0.97.0.0</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>Commtouch</td>
    <td>5.3.2.6</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>Comodo</td>
    <td>9517</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>DrWeb</td>
    <td>5.0.2.03300</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>Emsisoft</td>
    <td>5.1.0.8</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>eSafe</td>
    <td>7.0.17.0</td>
    <td>2011.07.25</td>
    <td>-</td>
    </tr>
    <tr>
    <td>eTrust-Vet</td>
    <td>36.1.8465</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>F-Prot</td>
    <td>4.6.2.117</td>
    <td>2011.07.25</td>
    <td>-</td>
    </tr>
    <tr>
    <td>F-Secure</td>
    <td>9.0.16440.0</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>Fortinet</td>
    <td>4.2.257.0</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>GData</td>
    <td>22</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>Ikarus</td>
    <td>T3.1.1.104.0</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>Jiangmin</td>
    <td>13.0.900</td>
    <td>2011.07.25</td>
    <td>-</td>
    </tr>
    <tr>
    <td>K7AntiVirus</td>
    <td>9.108.4945</td>
    <td>2011.07.25</td>
    <td>-</td>
    </tr>
    <tr>
    <td>Kaspersky</td>
    <td>9.0.0.837</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>McAfee</td>
    <td>5.400.0.1158</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>McAfee-GW-Edition</td>
    <td>2010.1D</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>Microsoft</td>
    <td>1.7104</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>NOD32</td>
    <td>6325</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>Norman</td>
    <td>6.07.10</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>nProtect</td>
    <td>2011-07-26.02</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>Panda</td>
    <td>10.0.3.5</td>
    <td>2011.07.25</td>
    <td>-</td>
    </tr>
    <tr>
    <td>PCTools</td>
    <td>8.0.0.5</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>Prevx</td>
    <td>3.0</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>Rising</td>
    <td>23.68.00.05</td>
    <td>2011.07.25</td>
    <td>-</td>
    </tr>
    <tr>
    <td>Sophos</td>
    <td>4.67.0</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>SUPERAntiSpyware</td>
    <td>4.40.0.1006</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>Symantec</td>
    <td>20111.1.0.186</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>TheHacker</td>
    <td>6.7.0.1.262</td>
    <td>2011.07.24</td>
    <td>-</td>
    </tr>
    <tr>
    <td>TrendMicro</td>
    <td>9.200.0.1012</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>TrendMicro-HouseCall</td>
    <td>9.200.0.1012</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>VBA32</td>
    <td>3.12.16.4</td>
    <td>2011.07.26</td>
    <td class="positive">suspected of Unknown.BootVirus</td>
    </tr>
    <tr>
    <td>VIPRE</td>
    <td>9969</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>ViRobot</td>
    <td>2011.7.26.4589</td>
    <td>2011.07.26</td>
    <td>-</td>
    </tr>
    <tr>
    <td>VirusBuster</td>
    <td>14.0.138.0</td>
    <td>2011.07.25</td>
    <td>-</td>
    </tr>
    <table>

    <table id="fileinfo">
    <tr>
    <th>Additional information</th>
    </tr>
    <tr>
    <td><strong>MD5:</strong> 59438762a81861edc88193e7bc0c0fb8</td>
    </tr>
    <tr>
    <td><strong>SHA1:</strong> df6f998fac7968aedd581c5c0590debe08350503</td>
    </tr>
    <tr>
    <td><strong>SHA256:</strong> 192ceb60af761db3f95dcd4268f998858f08d016e134192c7bafd309119a8fa1</td>
    </tr>
    <tr>
    <td><strong>File size:</strong> 512 bytes</td>
    </tr>
    <tr>
    <td><strong>Scan date:</strong> 2011-07-26 11:07:58 (UTC)</td>
    </tr>
    </table>
    [i]Antivirus results/i
    AhnLab-V3 - 2011.07.26.01 - 2011.07.26 - -
    AntiVir - 7.11.12.110 - 2011.07.26 - -
    Antiy-AVL - 2.0.3.7 - 2011.07.26 - -
    Avast - 4.8.1351.0 - 2011.07.26 - -
    Avast5 - 5.0.677.0 - 2011.07.26 - -
    AVG - 10.0.0.1190 - 2011.07.26 - -
    BitDefender - 7.2 - 2011.07.26 - -
    CAT-QuickHeal - 11.00 - 2011.07.26 - -
    ClamAV - 0.97.0.0 - 2011.07.26 - -
    Commtouch - 5.3.2.6 - 2011.07.26 - -
    Comodo - 9517 - 2011.07.26 - -
    DrWeb - 5.0.2.03300 - 2011.07.26 - -
    Emsisoft - 5.1.0.8 - 2011.07.26 - -
    eSafe - 7.0.17.0 - 2011.07.25 - -
    eTrust-Vet - 36.1.8465 - 2011.07.26 - -
    F-Prot - 4.6.2.117 - 2011.07.25 - -
    F-Secure - 9.0.16440.0 - 2011.07.26 - -
    Fortinet - 4.2.257.0 - 2011.07.26 - -
    GData - 22 - 2011.07.26 - -
    Ikarus - T3.1.1.104.0 - 2011.07.26 - -
    Jiangmin - 13.0.900 - 2011.07.25 - -
    K7AntiVirus - 9.108.4945 - 2011.07.25 - -
    Kaspersky - 9.0.0.837 - 2011.07.26 - -
    McAfee - 5.400.0.1158 - 2011.07.26 - -
    McAfee-GW-Edition - 2010.1D - 2011.07.26 - -
    Microsoft - 1.7104 - 2011.07.26 - -
    NOD32 - 6325 - 2011.07.26 - -
    Norman - 6.07.10 - 2011.07.26 - -
    nProtect - 2011-07-26.02 - 2011.07.26 - -
    Panda - 10.0.3.5 - 2011.07.25 - -
    PCTools - 8.0.0.5 - 2011.07.26 - -
    Prevx - 3.0 - 2011.07.26 - -
    Rising - 23.68.00.05 - 2011.07.25 - -
    Sophos - 4.67.0 - 2011.07.26 - -
    SUPERAntiSpyware - 4.40.0.1006 - 2011.07.26 - -
    Symantec - 20111.1.0.186 - 2011.07.26 - -
    TheHacker - 6.7.0.1.262 - 2011.07.24 - -
    TrendMicro - 9.200.0.1012 - 2011.07.26 - -
    TrendMicro-HouseCall - 9.200.0.1012 - 2011.07.26 - -
    VBA32 - 3.12.16.4 - 2011.07.26 - [color=red]suspected of Unknown.BootVirus /color
    VIPRE - 9969 - 2011.07.26 - -
    ViRobot - 2011.7.26.4589 - 2011.07.26 - -
    VirusBuster - 14.0.138.0 - 2011.07.25 - -
    [i]File info:/i
    MD5: 59438762a81861edc88193e7bc0c0fb8
    SHA1: df6f998fac7968aedd581c5c0590debe08350503
    SHA256: 192ceb60af761db3f95dcd4268f998858f08d016e134192c7bafd309119a8fa1
    File size: 512 bytes
    Scan date: 2011-07-26 11:07:58 (UTC)
    0
  14. Utilisateur anonyme
     
    Salut

    OTL >> tu dis >> Je n'ai pas pu tout mettre sur un sujet visiblement ^^'



    Il est Incomplet !!

    * C 'est pour cette raison que j avais marqué :

    ======

    * Héberge le rapport >> OTL.Txt sur ce site,
    >> Cijoint.fr
    * puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.

    * Pour t aider ,pour heberger le rapport
    * rends toi sur Cijoint.fr
    * clic sur Parcourir
    * trouve >> le rapport que tu viens d'enregistrer qui doit par exemple être sur ton bureau
    * et valide en cliquant sur >> Cliquez ici pour déposer le Fichier
    * un lien de ce genre http://www.cijoint.fr/cjlink.php?file=cj201004/cijecaEGX.txt te sera généré,
    * il te suffit de le poster ici pour que je puisse voir le rapport

    fais aprés de même avec le rapport >> Extras.Txt

    tu dis >>
    Bon la suite du Extras il est sur le lien, donc ça devrait suffire ^^


    Pour le rapport Extras pas de lien ?? Il est ou !!

    @+ VIRUS/C/C
    0
  15. royounette Messages postés 14 Statut Membre
     
    OTL: http://www.cijoint.fr/cjlink.php?file=cj201107/cijygKxMli.txt

    Extras: http://www.cijoint.fr/cjlink.php?file=cj201107/cijgA3JWAW.txt
    0
  16. Utilisateur anonyme
     
    Re

    fais dans l ordre

    1)* Relance OTL ,
    * Utilisateurs Windows XP => double clique >>sur OTL.exe
    * Utilisateurs Windows Vista / windows 7 => clic droit "executer en tant que en tant qu'administrateur "sur OTL.exe pour le lancer.

    * Copie et colle du texte en gras çi-dessous

    * Tu commençes bien à : OTL , les : inclus devant OTL jusqu'à >>[Reboot] inclus dans la partie inférieure d'OTL sous "Personalisation"
    * Cliques sur >> CORRECTION:


    :OTL
    SRV - (Nero BackItUp Scheduler 4.0) -- File not found
    SRV - (LVSrvLauncher) -- File not found
    IE - HKLM\..\URLSearchHook: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files\uTorrentBar_FR\tbuTo1.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-2151653560-3182608252-2240940037-1000\..\URLSearchHook: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files\uTorrentBar_FR\tbuTo1.dll (Conduit Ltd.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    [2011.04.27 08:38:18 | 000,000,000 | ---D | M] (uTorrentBar_FR Community Toolbar) -- C:\Users\Marion\AppData\Roaming\mozilla\Firefox\Profiles\ia8yl79j.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e
    O2 - BHO: (uTorrentBar_FR Toolbar) - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files\uTorrentBar_FR\tbuTo1.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (uTorrentBar_FR Toolbar) - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files\uTorrentBar_FR\tbuTo1.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-2151653560-3182608252-2240940037-1000\..\Toolbar\WebBrowser: (uTorrentBar_FR Toolbar) - {05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} - C:\Program Files\uTorrentBar_FR\tbuTo1.dll (Conduit Ltd.)
    [2010.11.09 16:39:36 | 000,010,134 | R--- | M] () -- C:\Users\Marion\AppData\Roaming\Microsoft\Installer\{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}\ARPPRODUCTICON.exe
    [2009.04.17 16:49:25 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Marion\AppData\Roaming\Microsoft\Installer\{99529516-4696-483A-A235-5D340A2B35EF}\ARPPRODUCTICON.exe
    [2009.04.17 16:49:25 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Marion\AppData\Roaming\Microsoft\Installer\{99529516-4696-483A-A235-5D340A2B35EF}\BluetoothShortcut.exe
    [2009.04.17 16:49:25 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Marion\AppData\Roaming\Microsoft\Installer\{99529516-4696-483A-A235-5D340A2B35EF}\BluetoothShortcut_DEU.exe
    [2009.04.17 16:49:25 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Marion\AppData\Roaming\Microsoft\Installer\{99529516-4696-483A-A235-5D340A2B35EF}\BluetoothShortcut_ITA.exe
    [2009.04.17 16:49:25 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Marion\AppData\Roaming\Microsoft\Installer\{99529516-4696-483A-A235-5D340A2B35EF}\NewShortcut5.exe
    [2009.04.17 16:49:25 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Marion\AppData\Roaming\Microsoft\Installer\{99529516-4696-483A-A235-5D340A2B35EF}\NewShortcut5_2.exe
    [2009.04.17 16:49:25 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Marion\AppData\Roaming\Microsoft\Installer\{99529516-4696-483A-A235-5D340A2B35EF}\PalmDesktopShortcut.exe
    [2010.11.09 16:41:00 | 000,010,134 | R--- | M] () -- C:\Users\Marion\AppData\Roaming\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
    [2009.06.04 18:58:50 | 000,010,134 | R--- | M] () -- C:\Users\Marion\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
    [2010.11.09 16:37:54 | 000,010,134 | R--- | M] () -- C:\Users\Marion\AppData\Roaming\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
    :Files
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:2B99FE60
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:580E04D8
    :Commands
    [emptytemp]
    [emptyflash]
    [Reboot]


    * Cliques sur >> CORRECTION:

    * Le rapport texte apparait au Redémarrage de ton PC.

    * Héberge le rapport sur ce site,
    >> Cijoint.fr
    * puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.

    * Pour t aider ,pour heberger le rapport
    * rends toi sur Cijoint.fr
    * clic sur Parcourir
    * Trouve >> le rapport que tu viens d'enregistrer qui doit par exemple être sur ton bureau
    * et valide en cliquant sur >> Cliquez ici pour déposer le Fichier
    * un lien de ce genre http://www.cijoint.fr/cjlink.php?file=cj201004/cijecaEGX.txt te sera généré,
    * il te suffit de le poster ici pour que je puisse voir le rapport

    ==============================================

    ensuite

    2) * Télécharge Defogger (de jpshortstuff) sur ton Bureau
    ICI >> Defogger (de jpshortstuff)
    * Lance le
    * Pour Windows Vista et Windows 7,
    * faire un clic droit et >> Exécuter en tant qu'administrateur.
    * Une fenêtre apparait : clique sur "Disable"
    * Un message va t'avertir que tes lecteurs virtuels vont être désactivés. Clique sur Oui pour continuer
    * Attends que le message Finished apparaisse puis clique sur OK pour fermer la fenêtre.
    * Defogger va te demander de redémarrer la machine. Accepte en cliquant sur OK

    3)/!\ Il faut impérativement désactiver tous tes logiciels de protection pour utiliser ce programme/!\
    * A savoir : [Antivirus et Antispywares, HIPS et autre résident]

    4) * Télécharge mbr.exe de Gmer
    * ici >> mbr.exe
    * Enregistre le fichier sur le Bureau.
    * Coupe la connexion.
    * Double clique sur mbr.exe
    * Pour Windows Vista et Windows 7,
    * faire un clic droit sur >> mbr.exe et >> Exécuter en tant qu'administrateur.
    * Un rapport sera généré : mbr.log

    5) * Télécharge GMER Rootkit Scanner :

    ICI >> gmer

    * Ferme également toutes les applications actives dont ton navigateur.
    * Clique sur le bouton "Download EXE"
    * Sauvegarde-le sur ton Bureau.
    * Double-clique sur l'exécutable téléchargé .
    * Utilisateurs de Windows Vista / Windows7 tu fais un clic droit sur l'icône et exécute en tant qu'administrateur..
    * Dans l'onglet "Rootkit", clique sur "SCAN" puis patiente...
    * A la fin, clique sur "SAVE" et enregistre le rapport sur ton Bureau.
    * Héberge le rapport de Gmer sur ce site,
    cijoint.fr
    * Copie/colle les liens générés ici

    * Pour t aider
    * rends toi sur http://www.cijoint.fr
    * clic sur Parcourir
    * trouve >> le rapport que tu viens d'enregistrer qui doit par exemple être sur ton bureau
    * et valide en cliquant sur >> Cliquez ici pour déposer le Fichier
    * un lien de ce genre http://www.cijoint.fr/cjlink.php?file=cj201004/cijecaEGX.txt te sera généré,

    6) * Réactive tes protections.

    * PS >> Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"

    @+ VIRUS/C/C
    0
  17. royounette Messages postés 14 Statut Membre
     
    Je ne peux pas mettre les rapports sur le site cijoint, il me dit que les .log ne peuvent pas être mis...
    0
  18. Utilisateur anonyme
     
    Salut

    Le forum avait des petits soucis

    * Si sur çiJoint .fr ça ne fonctionne pas

    * Essayes >> ICI >> pjjoint.malekal
    * Cliques sur >> Parcourir
    * Trouve >> le rapport que tu viens d'enregistrer par exemple sur ton bureau
    * Cliques sur >> envoyer le fichier
    * Un lien te sera généré,
    * il te suffit de le poster ici

    *sinon tu les postes en plusieurs parties ,Ok , mais >> en entier bien sur !!

    @+ VIRUS/C/C
    0
  19. royounette Messages postés 14 Statut Membre
     
    Desolée je n'avais pas acces a mon ordi ces derniers jours

    Rapport OTL: https://pjjoint.malekal.com/files.php?id=c2fe1726a2h7i1015j5m10b7q12k13y12m10i14x14t5t5l8g7n13x15u6g13

    Rapport GMER: GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-07-26 18:49:36
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.11.0
    Running: b9j3dicb.exe; Driver: C:\Users\Marion\AppData\Local\Temp\kglcapoc.sys

    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8F946202]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8F9487F0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8F948848]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8F94895E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8F948746]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8F948898]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8F94879A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8F94890C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8F946226]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8F945FF0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8F94624A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8F948D56]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8F946CDA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8F948820]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8F948870]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8F948988]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8F948772]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8F9488D8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8F9487C8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8F948936]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8F946BA0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8F94626E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8F946292]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8F94604A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8F946186]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8F946162]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8F9461AA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8F9462B6]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90E45398]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 10D 82CFC890 4 Bytes [02, 62, 94, 8F]
    .text ntkrnlpa.exe!KeSetEvent + 1D1 82CFC954 8 Bytes [F0, 87, 94, 8F, 48, 88, 94, ...] {LOCK XCHG [EDI+ECX*4-0x706b77b8], EDX}
    .text ntkrnlpa.exe!KeSetEvent + 1DD 82CFC960 4 Bytes [5E, 89, 94, 8F]
    .text ntkrnlpa.exe!KeSetEvent + 1F5 82CFC978 4 Bytes [46, 87, 94, 8F]
    .text ntkrnlpa.exe!KeSetEvent + 215 82CFC998 8 Bytes [98, 88, 94, 8F, 9A, 87, 94, ...] {CWDE ; MOV [EDI+ECX*4-0x706b7866], DL}
    .text ...
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E275C7 5 Bytes JMP 90E40D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 82E804F3 5 Bytes JMP 90E427F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82E89E18 4 Bytes CALL 8F94734B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82E8DA8C 4 Bytes CALL 8F947361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 82EE1DAE 7 Bytes JMP 90E4539C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F008340, 0x3EDF57, 0xE8000020]
    .text win32k.sys!EngCreateRectRgn + 4537 9B62FC80 5 Bytes JMP 8F949440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + C20 9B648EA9 5 Bytes JMP 8F949E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngTransparentBlt + 4A1 9B649C95 5 Bytes JMP 8F949F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngTransparentBlt + 8C03 9B6523F7 5 Bytes JMP 8F948D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 616 9B65334E 5 Bytes JMP 8F949BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XFORMOBJ_iGetXform + 3103 9B65EA94 5 Bytes JMP 8F949316 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XFORMOBJ_iGetXform + 456E 9B65FEFF 5 Bytes JMP 8F948F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMapFontFileFD + 119C6 9B679A35 5 Bytes JMP 8F949180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMapFontFileFD + 11A1A 9B679A89 5 Bytes JMP 8F949326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 377F 9B6A0A8E 5 Bytes JMP 8F949B64 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 60DE 9B6A33ED 5 Bytes JMP 8F948E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMulDiv + 4D3F 9B6A9D2E 5 Bytes JMP 8F948FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStretchBlt + 2B42 9B6B41CC 5 Bytes JMP 8F94A014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStrokePath + 5FF 9B6B70B4 5 Bytes JMP 8F948E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngNineGrid + 81C 9B6D54E5 5 Bytes JMP 8F949D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngNineGrid + 6EEA 9B6DBBB3 5 Bytes JMP 8F949BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + B0F 9B6DF32A 5 Bytes JMP 8F949CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!STROBJ_vEnumStart + 4728 9B6E6C49 5 Bytes JMP 8F948EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + E80 9B7051BC 5 Bytes JMP 8F9490AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!CLIPOBJ_bEnum + 248 9B70AA3A 5 Bytes JMP 8F949008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPlgBlt + 26D9 9B70E572 5 Bytes JMP 8F949ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngLineTo + A0F 9B72CA97 5 Bytes JMP 8F94903E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngLineTo + D269 9B7392F1 5 Bytes JMP 8F9490E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in "" section [0xA47A741C]
    .clc C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl unknown last code section [0xA47A8000, 0x1000, 0xE0000020]
    ? C:\Users\Marion\AppData\Local\Temp\mbr.sys Le fichier spécifié est introuvable. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\System32\spoolsv.exe[620] ntdll.dll!LdrLoadDll 777C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\spoolsv.exe[620] ntdll.dll!LdrUnloadDll 777DB740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\spoolsv.exe[620] kernel32.dll!GetBinaryTypeW + 70 774D2467 1 Byte [62]
    .text C:\Windows\System32\spoolsv.exe[620] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\spoolsv.exe[620] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\spoolsv.exe[620] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\spoolsv.exe[620] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\spoolsv.exe[620] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\spoolsv.exe[620] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\spoolsv.exe[620] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\spoolsv.exe[620] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\spoolsv.exe[620] USER32.dll!SetWindowsHookExA 77566322 5 Bytes JMP 005A0600
    .text C:\Windows\System32\spoolsv.exe[620] USER32.dll!SetWindowsHookExW 775687AD 5 Bytes JMP 005A0804
    .text C:\Windows\System32\spoolsv.exe[620] USER32.dll!UnhookWindowsHookEx 775698DB 5 Bytes JMP 005A0A08
    .text C:\Windows\System32\spoolsv.exe[620] USER32.dll!SetWinEventHook 77569F3A 5 Bytes JMP 005A01F8
    .text C:\Windows\System32\spoolsv.exe[620] USER32.dll!UnhookWinEvent 7756C06F 5 Bytes JMP 005A03FC
    .text C:\Windows\system32\csrss.exe[660] KERNEL32.dll!GetBinaryTypeW + 70 774D2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[664] ntdll.dll!LdrLoadDll 777C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[664] ntdll.dll!LdrUnloadDll 777DB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[664] kernel32.dll!GetBinaryTypeW + 70 774D2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[664] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[664] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[664] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[664] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[664] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[664] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[664] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[664] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[664] USER32.dll!SetWindowsHookExA 77566322 5 Bytes JMP 00380600
    .text C:\Windows\system32\svchost.exe[664] USER32.dll!SetWindowsHookExW 775687AD 5 Bytes JMP 00380804
    .text C:\Windows\system32\svchost.exe[664] USER32.dll!UnhookWindowsHookEx 775698DB 5 Bytes JMP 00380A08
    .text C:\Windows\system32\svchost.exe[664] USER32.dll!SetWinEventHook 77569F3A 5 Bytes JMP 003801F8
    .text C:\Windows\system32\svchost.exe[664] USER32.dll!UnhookWinEvent 7756C06F 5 Bytes JMP 003803FC
    .text C:\Windows\system32\wininit.exe[712] ntdll.dll!LdrLoadDll 777C93A8 5 Bytes JMP 000301F8
    .text C:\Windows\system32\wininit.exe[712] ntdll.dll!LdrUnloadDll 777DB740 5 Bytes JMP 000303FC
    .text C:\Windows\system32\wininit.exe[712] kernel32.dll!GetBinaryTypeW + 70 774D2467 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[712] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 000503FC
    .text C:\Windows\system32\wininit.exe[712] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 00050600
    .text C:\Windows\system32\wininit.exe[712] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 00051014
    .text C:\Windows\system32\wininit.exe[712] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 00050804
    .text C:\Windows\system32\wininit.exe[712] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00050A08
    .text C:\Windows\system32\wininit.exe[712] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 00050C0C
    .text C:\Windows\system32\wininit.exe[712] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00050E10
    .text C:\Windows\system32\wininit.exe[712] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 000501F8
    .text C:\Windows\system32\wininit.exe[712] USER32.dll!SetWindowsHookExA 77566322 5 Bytes JMP 00060600
    .text C:\Windows\system32\wininit.exe[712] USER32.dll!SetWindowsHookExW 775687AD 5 Bytes JMP 00060804
    .text C:\Windows\system32\wininit.exe[712] USER32.dll!UnhookWindowsHookEx 775698DB 5 Bytes JMP 00060A08
    .text C:\Windows\system32\wininit.exe[712] USER32.dll!SetWinEventHook 77569F3A 5 Bytes JMP 000601F8
    .text C:\Windows\system32\wininit.exe[712] USER32.dll!UnhookWinEvent 7756C06F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\csrss.exe[724] KERNEL32.dll!GetBinaryTypeW + 70 774D2467 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[736] ntdll.dll!LdrLoadDll 777C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\taskeng.exe[736] ntdll.dll!LdrUnloadDll 777DB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\taskeng.exe[736] kernel32.dll!GetBinaryTypeW + 70 774D2467 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[736] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 000803FC
    .text C:\Windows\system32\taskeng.exe[736] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 00080600
    .text C:\Windows\system32\taskeng.exe[736] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 00081014
    .text C:\Windows\system32\taskeng.exe[736] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 00080804
    .text C:\Windows\system32\taskeng.exe[736] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00080A08
    .text C:\Windows\system32\taskeng.exe[736] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 00080C0C
    .text C:\Windows\system32\taskeng.exe[736] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00080E10
    .text C:\Windows\system32\taskeng.exe[736] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 000801F8
    .text C:\Windows\system32\taskeng.exe[736] USER32.dll!SetWindowsHookExA 77566322 5 Bytes JMP 00090600
    .text C:\Windows\system32\taskeng.exe[736] USER32.dll!SetWindowsHookExW 775687AD 5 Bytes JMP 00090804
    .text C:\Windows\system32\taskeng.exe[736] USER32.dll!UnhookWindowsHookEx 775698DB 5 Bytes JMP 00090A08
    .text C:\Windows\system32\taskeng.exe[736] USER32.dll!SetWinEventHook 77569F3A 5 Bytes JMP 000901F8
    .text C:\Windows\system32\taskeng.exe[736] USER32.dll!UnhookWinEvent 7756C06F 5 Bytes JMP 000903FC
    .text C:\Windows\Explorer.EXE[760] ntdll.dll!LdrLoadDll 777C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\Explorer.EXE[760] ntdll.dll!LdrUnloadDll 777DB740 5 Bytes JMP 000503FC
    .text C:\Windows\Explorer.EXE[760] kernel32.dll!GetBinaryTypeW + 70 774D2467 1 Byte [62]
    .text C:\Windows\Explorer.EXE[760] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 000703FC
    .text C:\Windows\Explorer.EXE[760] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 00070600
    .text C:\Windows\Explorer.EXE[760] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 00071014
    .text C:\Windows\Explorer.EXE[760] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 00070804
    .text C:\Windows\Explorer.EXE[760] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070A08
    .text C:\Windows\Explorer.EXE[760] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 00070C0C
    .text C:\Windows\Explorer.EXE[760] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070E10
    .text C:\Windows\Explorer.EXE[760] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 000701F8
    .text C:\Windows\Explorer.EXE[760] USER32.dll!SetWindowsHookExA 77566322 5 Bytes JMP 00080600
    .text C:\Windows\Explorer.EXE[760] USER32.dll!SetWindowsHookExW 775687AD 5 Bytes JMP 00080804
    .text C:\Windows\Explorer.EXE[760] USER32.dll!UnhookWindowsHookEx 775698DB 5 Bytes JMP 00080A08
    .text C:\Windows\Explorer.EXE[760] USER32.dll!SetWinEventHook 77569F3A 5 Bytes JMP 000801F8
    .text C:\Windows\Explorer.EXE[760] USER32.dll!UnhookWinEvent 7756C06F 5 Bytes JMP 000803FC
    .text C:\Windows\Explorer.EXE[760] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 7624B37C 4 Bytes [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}
    .text C:\Windows\Explorer.EXE[760] SHELL32.dll!ShellExecuteExW + 18B7 7627DA0C 4 Bytes [70, 1D, 00, 10] {JO 0x1f; ADD [EAX], DL}
    .text C:\Windows\system32\services.exe[764] ntdll.dll!LdrLoadDll 777C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\services.exe[764] ntdll.dll!LdrUnloadDll 777DB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\services.exe[764] kernel32.dll!GetBinaryTypeW + 70 774D2467 1 Byte [62]
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\services.exe[764] USER32.dll!SetWindowsHookExA 77566322 5 Bytes JMP 00080600
    .text C:\Windows\system32\services.exe[764] USER32.dll!SetWindowsHookExW 775687AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\services.exe[764] USER32.dll!UnhookWindowsHookEx 775698DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\services.exe[764] USER32.dll!SetWinEventHook 77569F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\services.exe[764] USER32.dll!UnhookWinEvent 7756C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\lsass.exe[776] ntdll.dll!LdrLoadDll 777C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\lsass.exe[776] ntdll.dll!LdrUnloadDll 777DB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!GetBinaryTypeW + 70 774D2467 1 Byte [62]
    .text C:\Windows\system32\lsass.exe[776] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\lsass.exe[776] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\lsass.exe[776] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\lsass.exe[776] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\lsass.exe[776] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\lsass.exe[776] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\lsass.exe[776] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\lsass.exe[776] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\lsass.exe[776] USER32.dll!SetWindowsHookExA 77566322 5 Bytes JMP 00090600
    .text C:\Windows\system32\lsass.exe[776] USER32.dll!SetWindowsHookExW 775687AD 5 Bytes JMP 00090804
    .text C:\Windows\system32\lsass.exe[776] USER32.dll!UnhookWindowsHookEx 775698DB 5 Bytes JMP 00090A08
    .text C:\Windows\system32\lsass.exe[776] USER32.dll!SetWinEventHook 77569F3A 5 Bytes JMP 000901F8
    .text C:\Windows\system32\lsass.exe[776] USER32.dll!UnhookWinEvent 7756C06F 5 Bytes JMP 000903FC
    .text C:\Windows\system32\lsm.exe[784] ntdll.dll!LdrLoadDll 777C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\lsm.exe[784] ntdll.dll!LdrUnloadDll 777DB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\lsm.exe[784] kernel32.dll!GetBinaryTypeW + 70 774D2467 1 Byte [62]
    .text C:\Windows\system32\lsm.exe[784] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\lsm.exe[784] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\lsm.exe[784] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\lsm.exe[784] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\lsm.exe[784] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\lsm.exe[784] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\lsm.exe[784] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\lsm.exe[784] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[932] ntdll.dll!LdrLoadDll 777C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[932] ntdll.dll!LdrUnloadDll 777DB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[932] kernel32.dll!GetBinaryTypeW + 70 774D2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 000803FC
    .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 00080600
    .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 00081014
    .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 00080804
    .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00080A08
    .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 00080C0C
    .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00080E10
    .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 000801F8
    .text C:\Windows\system32\svchost.exe[932] USER32.dll!SetWindowsHookExA 77566322 5 Bytes JMP 003F0600
    .text C:\Windows\system32\svchost.exe[932] USER32.dll!SetWindowsHookExW 775687AD 5 Bytes JMP 003F0804
    .text C:\Windows\system32\svchost.exe[932] USER32.dll!UnhookWindowsHookEx 775698DB 5 Bytes JMP 003F0A08
    .text C:\Windows\system32\svchost.exe[932] USER32.dll!SetWinEventHook 77569F3A 5 Bytes JMP 003F01F8
    .text C:\Windows\system32\svchost.exe[932] USER32.dll!UnhookWinEvent 7756C06F 5 Bytes JMP 003F03FC
    .text C:\Windows\system32\nvvsvc.exe[1004] ntdll.dll!LdrLoadDll 777C93A8 5 Bytes JMP 001401F8
    .text C:\Windows\system32\nvvsvc.exe[1004] ntdll.dll!LdrUnloadDll 777DB740 5 Bytes JMP 001403FC
    .text C:\Windows\system32\nvvsvc.exe[1004] kernel32.dll!GetBinaryTypeW + 70 774D2467 1 Byte [62]
    .text C:\Windows\system32\nvvsvc.exe[1004] USER32.dll!SetWindowsHookExA 77566322 5 Bytes JMP 00160600
    .text C:\Windows\system32\nvvsvc.exe[1004] USER32.dll!SetWindowsHookExW 775687AD 5 Bytes JMP 00160804
    .text C:\Windows\system32\nvvsvc.exe[1004] USER32.dll!UnhookWindowsHookEx 775698DB 5 Bytes JMP 00160A08
    .text C:\Windows\system32\nvvsvc.exe[1004] USER32.dll!SetWinEventHook 77569F3A 5 Bytes JMP 001601F8
    .text C:\Windows\system32\nvvsvc.exe[1004] USER32.dll!UnhookWinEvent 7756C06F 5 Bytes JMP 001603FC
    .text C:\Windows\system32\nvvsvc.exe[1004] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 001703FC
    .text C:\Windows\system32\nvvsvc.exe[1004] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 00170600
    .text C:\Windows\system32\nvvsvc.exe[1004] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 00171014
    .text C:\Windows\system32\nvvsvc.exe[1004] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 00170804
    .text C:\Windows\system32\nvvsvc.exe[1004] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00170A08
    .text C:\Windows\system32\nvvsvc.exe[1004] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 00170C0C
    .text C:\Windows\system32\nvvsvc.exe[1004] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00170E10
    .text C:\Windows\system32\nvvsvc.exe[1004] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 001701F8
    .text C:\Windows\system32\svchost.exe[1036] ntdll.dll!LdrLoadDll 777C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 777DB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 70 774D2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1036] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1036] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 77566322 5 Bytes JMP 00110600
    .text C:\Windows\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 775687AD 5 Bytes JMP 00110804
    .text C:\Windows\system32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx 775698DB 5 Bytes JMP 00110A08
    .text C:\Windows\system32\svchost.exe[1036] USER32.dll!SetWinEventHook 77569F3A 5 Bytes JMP 001101F8
    .text C:\Windows\system32\svchost.exe[1036] USER32.dll!UnhookWinEvent 7756C06F 5 Bytes JMP 001103FC
    .text C:\Windows\System32\svchost.exe[1096] ntdll.dll!LdrLoadDll 777C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1096] ntdll.dll!LdrUnloadDll 777DB740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 70 774D2467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[1096] USER32.dll!SetWindowsHookExA 77566322 5 Bytes JMP 00200600
    .text C:\Windows\System32\svchost.exe[1096] USER32.dll!SetWindowsHookExW 775687AD 5 Bytes JMP 00200804
    .text C:\Windows\System32\svchost.exe[1096] USER32.dll!UnhookWindowsHookEx 775698DB 5 Bytes JMP 00200A08
    .text C:\Windows\System32\svchost.exe[1096] USER32.dll!SetWinEventHook 77569F3A 5 Bytes JMP 002001F8
    .text C:\Windows\System32\svchost.exe[1096] USER32.dll!UnhookWinEvent 7756C06F 5 Bytes JMP 002003FC
    .text C:\Windows\System32\svchost.exe[1140] ntdll.dll!LdrLoadDll 777C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1140] ntdll.dll!LdrUnloadDll 777DB740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1140] kernel32.dll!GetBinaryTypeW + 70 774D2467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[1140] USER32.dll!SetWindowsHookExA 77566322 5 Bytes JMP 001D0600
    .text C:\Windows\System32\svchost.exe[1140] USER32.dll!SetWindowsHookExW 775687AD 5 Bytes JMP 001D0804
    .text C:\Windows\System32\svchost.exe[1140] USER32.dll!UnhookWindowsHookEx 775698DB 5 Bytes JMP 001D0A08
    .text C:\Windows\System32\svchost.exe[1140] USER32.dll!SetWinEventHook 77569F3A 5 Bytes JMP 001D01F8
    .text C:\Windows\System32\svchost.exe[1140] USER32.dll!UnhookWinEvent 7756C06F 5 Bytes JMP 001D03FC
    .text C:\Windows\System32\svchost.exe[1180] ntdll.dll!LdrLoadDll 777C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1180] ntdll.dll!LdrUnloadDll 777DB740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1180] kernel32.dll!GetBinaryTypeW + 70 774D2467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[1180] USER32.dll!SetWindowsHookExA 77566322 5 Bytes JMP 00C70600
    .text C:\Windows\System32\svchost.exe[1180] USER32.dll!SetWindowsHookExW 775687AD 5 Bytes JMP 00C70804
    .text C:\Windows\System32\svchost.exe[1180] USER32.dll!UnhookWindowsHookEx 775698DB 5 Bytes JMP 00C70A08
    .text C:\Windows\System32\svchost.exe[1180] USER32.dll!SetWinEventHook 77569F3A 5 Bytes JMP 00C701F8
    .text C:\Windows\System32\svchost.exe[1180] USER32.dll!UnhookWinEvent 7756C06F 5 Bytes JMP 00C703FC
    .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1196] ntdll.dll!LdrLoadDll 777C93A8 5 Bytes JMP 001401F8
    .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1196] ntdll.dll!LdrUnloadDll 777DB740 5 Bytes JMP 001403FC
    .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1196] kernel32.dll!GetBinaryTypeW + 70 774D2467 1 Byte [62]
    .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1196] USER32.dll!SetWindowsHookExA 77566322 5 Bytes JMP 00160600
    .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1196] USER32.dll!SetWindowsHookExW 775687AD 5 Bytes JMP 00160804
    .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1196] USER32.dll!UnhookWindowsHookEx 775698DB 5 Bytes JMP 00160A08
    .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1196] USER32.dll!SetWinEventHook 77569F3A 5 Bytes JMP 001601F8
    .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1196] USER32.dll!UnhookWinEvent 7756C06F 5 Bytes JMP 001603FC
    .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1196] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 001703FC
    .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1196] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 00170600
    .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1196] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 00171014
    .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1196] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 00170804
    .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1196] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00170A08
    .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1196] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 00170C0C
    .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1196] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00170E10
    .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1196] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 001701F8
    .text C:\Windows\system32\svchost.exe[1224] ntdll.dll!LdrLoadDll 777C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1224] ntdll.dll!LdrUnloadDll 777DB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetBinaryTypeW + 70 774D2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExA 77566322 5 Bytes JMP 000D0600
    .text C:\Windows\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExW 775687AD 5 Bytes JMP 000D0804
    .text C:\Windows\system32\svchost.exe[1224] USER32.dll!UnhookWindowsHookEx 775698DB 5 Bytes JMP 000D0A08
    .text C:\Windows\system32\svchost.exe[1224] USER32.dll!SetWinEventHook 77569F3A 5 Bytes JMP 000D01F8
    .text C:\Windows\system32\svchost.exe[1224] USER32.dll!UnhookWinEvent 7756C06F 5 Bytes JMP 000D03FC
    .text C:\Windows\system32\winlogon.exe[1300] ntdll.dll!LdrLoadDll 777C93A8 5 Bytes JMP 000301F8
    .text C:\Windows\system32\winlogon.exe[1300] ntdll.dll!LdrUnloadDll 777DB740 5 Bytes JMP 000303FC
    .text C:\Windows\system32\winlogon.exe[1300] kernel32.dll!GetBinaryTypeW + 70 774D2467 1 Byte [62]
    .text C:\Windows\system32\winlogon.exe[1300] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 000503FC
    .text C:\Windows\system32\winlogon.exe[1300] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 00050600
    .text C:\Windows\system32\winlogon.exe[1300] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 00051014
    .text C:\Windows\system32\winlogon.exe[1300] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 00050804
    .text C:\Windows\system32\winlogon.exe[1300] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00050A08
    .text C:\Windows\system32\winlogon.exe[1300] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 00050C0C
    .text
    0
  20. Utilisateur anonyme
     
    Salut

    ok !!

    Manque le rapport de Mbr >> : mbr.log

    @+ VIRUS/C/C
    0
  • 1
  • 2