Infection http://www.searchqu.com/413

Pitochu -  
kalimusic Messages postés 14619 Statut Contributeur sécurité -
Bonjour,


Je vous contacte car mon pc est aussi infecté par le virus http://www.searchqu.com/413
J'ai suivi les instructions d'un précédent post ou vous aviez donné la procédure a suivre et j'ai effectué les scans que je poste ici.

Pouvez-vous m'indiquer la suite de ce qu'il faut faire pour les supprimer? Voici d'abord le rapport AD-Report :


======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 13:13:16 le 08/10/2011, Mode normal

Microsoft® Windows Vista(TM) Édition Familiale Premium Service Pack 2 (X64)
Anne Laurie et Auré@PCDEROC (Packard Bell imedia S1710)

============== RECHERCHE ==============


Dossier trouvé: C:\Program Files (x86)\Windows Searchqu Toolbar
Dossier trouvé: C:\Users\Anne Laurie et Auré\AppData\Roaming\PriceGong
Dossier trouvé: C:\Users\Anne Laurie et Auré\AppData\LocalLow\PriceGong
Dossier trouvé: C:\Program Files (x86)\PriceGong

Clé trouvée: HKLM\Software\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Clé trouvée: HKLM\Software\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Clé trouvée: HKLM\Software\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}
Clé trouvée: HKLM\Software\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}
Clé trouvée: HKLM\Software\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Clé trouvée: HKLM\Software\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Clé trouvée: HKLM\Software\Classes\PriceFactorIE.PriceGongBHO
Clé trouvée: HKLM\Software\Classes\PriceFactorIE.PriceGongBHO.1
Clé trouvée: HKLM\Software\Classes\PriceGongIE.PriceGongCtrl
Clé trouvée: HKLM\Software\Classes\PriceGongIE.PriceGongCtrl.1
Clé trouvée: HKLM\Software\Classes\AppID\PriceGongIE.DLL
Clé trouvée: HKLM\Software\DataMngr
Clé trouvée: HKLM\Software\SearchquMediabarTb
Clé trouvée: HKCU\Software\DataMngr
Clé trouvée: HKCU\Software\PriceGong
Clé trouvée: HKCU\Software\AppDataLow\Software\PriceGong
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\pricegong
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\pricegong

Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DataMngr


============== SCAN ADDITIONNEL ==============

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Default_Page_URL - hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&m=imedia_s1710&r=1v3607098606p03c5vq75y47n19221
HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU_Main|Start Page - hxxp://google.fr/
HKLM_Main|Default_Page_URL - hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&m=imedia_s1710&r=1v3607098606p03c5vq75y47n19221
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&m=imedia_s1710&r=1v3607098606p03c5vq75y47n19221
HKCU_SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} - "Web Search" (hxxp://www.searchqu.com//web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms})
HKLM_SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} - "Web Search" (hxxp://www.searchqu.com//web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms})
HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll)
HKCU_Toolbar\WebBrowser|{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} (x)
HKLM_Toolbar|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll)
HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{B44B636D-C6F5-41A4-AF8D-F09CDB4CA876} - C:\PROGRA~2\WI9130~1\Datamngr\ToolBar\dtUser.exe (x)
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
BHO\{1631550F-191D-4826-B069-D9439253D926} - "PriceGongBHO Class" (C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll)
BHO\{465E08E7-F005-4389-980F-1D8764B3486C} (?)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll)
BHO\{9D717F81-9148-4f12-8568-69135F087DB0} - "Loader Class" (C:\PROGRA~2\WI9130~1\Datamngr\BROWSE~1.DLL)
BHO\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - "Yontoo Layers" (C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll)

========================================

C:\Program Files (x86)\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 0 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 08/10/2011 13:13:27 (5107 Octet(s))

Fin à: 13:14:24, 08/10/2011

============== E.O.F ==============




Puis le scan Malwarebyte :

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 7900

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

08/10/2011 13:27:40
mbam-log-2011-10-08 (13-27-22).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 179004
Temps écoulé: 5 minute(s), 24 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\captura.bmp (Malware.Traces) -> No action taken.
c:\codigo1.bmp (Malware.Traces) -> No action taken.
c:\codigo2.bmp (Malware.Traces) -> No action taken.
c:\codigo3.bmp (Malware.Traces) -> No action taken.
c:\codigo4.bmp (Malware.Traces) -> No action taken.



Et enfin le rapport OTL





OTL logfile created on: 08/10/2011 13:34:44 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Anne Laurie et Auré\Desktop\VireVirus\instal
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 61,12% Memory free
8,17 Gb Paging File | 6,46 Gb Available in Paging File | 79,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,46 Gb Total Space | 326,81 Gb Free Space | 71,28% Space Free | Partition Type: NTFS
Drive D: | 458,41 Gb Total Space | 406,13 Gb Free Space | 88,60% Space Free | Partition Type: NTFS
Drive E: | 2,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: PCDEROC | User Name: Anne Laurie et Auré | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========/color

PRC - [2011/10/08 12:55:47 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Anne Laurie et Auré\Desktop\VireVirus\instal\OTL.exe
PRC - [2011/09/30 17:12:41 | 001,030,200 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/09/06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/08/09 20:54:18 | 001,599,888 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/08/02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/04/15 15:50:00 | 000,610,120 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files (x86)\WinZip\WZQKPICK.EXE
PRC - [2010/12/06 09:47:40 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/03/18 10:46:30 | 001,160,736 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\SetUpMyPC\SmpSys.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/09/18 11:13:00 | 000,099,896 | ---- | M] (Packard Bell BV) -- C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe
PRC - [2008/09/18 11:13:00 | 000,079,416 | ---- | M] (Packard Bell BV) -- C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe


[color=#E56717]========== Modules (No Company Name) ==========/color

MOD - [2011/09/30 17:12:40 | 000,412,728 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\ppgooglenaclpluginchrome.dll
MOD - [2011/09/30 17:12:39 | 003,696,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\pdf.dll
MOD - [2011/09/30 17:11:13 | 000,142,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\avutil-51.dll
MOD - [2011/09/30 17:11:12 | 000,253,320 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\avformat-53.dll
MOD - [2011/09/30 17:11:10 | 002,403,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\avcodec-53.dll
MOD - [2011/09/29 22:06:57 | 008,587,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\gcswf32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========/color

SRV:[b]64bit:/b - [2011/09/06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:/b - [2008/05/29 10:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) [Auto | Running] -- C:\Windows\SysNative\HidService.exe -- (GenericHidService)
SRV:[b]64bit:/b - [2008/01/21 04:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/08/31 19:56:43 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 17:44:50 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/04/28 05:34:46 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/05/29 10:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) [Auto | Running] -- C:\Windows\SysWow64\HidService.exe -- (GenericHidService)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


[color=#E56717]========== Driver Services (SafeList) ==========/color

DRV:[b]64bit:/b - [2011/09/06 22:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:[b]64bit:/b - [2011/09/06 22:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:/b - [2011/09/06 22:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:[b]64bit:/b - [2011/09/06 22:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:[b]64bit:/b - [2011/09/06 22:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:/b - [2011/09/06 22:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:[b]64bit:/b - [2011/08/31 19:56:43 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:[b]64bit:/b - [2011/08/31 19:56:43 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:/b - [2011/08/11 22:39:28 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:[b]64bit:/b - [2010/11/12 01:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:/b - [2009/11/11 17:47:48 | 000,034,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\point64k.sys -- (Point64)
DRV:[b]64bit:/b - [2009/10/01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:[b]64bit:/b - [2009/04/28 05:08:06 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2010/09/12 13:23:04 | 000,053,760 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SSHDRV76.sys -- (SSHDRV76)
DRV - [2003/04/19 01:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\tandpl.sys -- (tandpl)


[color=#E56717]========== Standard Registry (SafeList) ==========/color


[color=#E56717]========== Internet Explorer ==========/color

IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&m=imedia_s1710&r=1v3607098606p03c5vq75y47n19221
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&m=imedia_s1710&r=1v3607098606p03c5vq75y47n19221
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&m=imedia_s1710&r=1v3607098606p03c5vq75y47n19221
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&m=imedia_s1710&r=1v3607098606p03c5vq75y47n19221

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&m=imedia_s1710&r=1v3607098606p03c5vq75y47n19221
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



[color=#E56717]========== Chrome ==========/color

CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = http://www.searchqu.com//web?src=crb&appid=0&systemid=413&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\Anne Laurie et Auré\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\

O1 HOSTS File: ([2006/09/18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:[b]64bit:/b - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
O2:[b]64bit:/b - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.)
O3:[b]64bit:/b - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:/b - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:[b]64bit:/b - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:[b]64bit:/b - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:/b - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:[b]64bit:/b - HKLM..\Run: [FijiKeyboard] c:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe (Packard Bell BV)
O4:[b]64bit:/b - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:[b]64bit:/b - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:/b - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
O4:[b]64bit:/b - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [PCLEUSBTip] C:\Program Files (x86)\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SmpcSys] C:\Program Files (x86)\Packard Bell\SetUpMyPC\SmpSys.exe (Acer Incorporated)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKCU..\RunOnce: [!SearchquCRHP] C:\Windows\system32\RUNDLL32.EXE C:\Users\ANNELA~1\AppData\Local\Temp\INSTAL~1.DLL,_SetChromeHP http://www.searchqu.com/413, File not found
O4 - HKCU..\RunOnce: [!SearchquDSCR] C:\Windows\system32\RUNDLL32.EXE C:\Users\ANNELA~1\AppData\Local\Temp\SRASSE~1.DLL,_SetChromeAssets http://www.searchqu.com//web?src=crb&appid=0&systemid=413&sr=0&q={searchTerms},Web Search,r, File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:[b]64bit:/b - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:[b]64bit:/b - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13[b]64bit:/b - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CDCC957-7A65-49B4-96BB-1636957A2978}: DhcpNameServer = 192.168.1.254
O18:[b]64bit:/b - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:/b - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:/b - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:[b]64bit:/b - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:[b]64bit:/b - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:/b - Protocol\Handler\ms-itss - No CLSID value found
O18:[b]64bit:/b - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:/b - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:[b]64bit:/b - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:/b - AppInit_DLLs: (C:\PROGRA~2\WI9130~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:[b]64bit:/b - AppInit_DLLs: (C:\PROGRA~2\WI9130~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI9130~1\Datamngr\datamngr.dll) -C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI9130~1\Datamngr\IEBHO.dll) -C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20:[b]64bit:/b - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:/b - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Anne Laurie et Auré\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anne Laurie et Auré\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/30 10:30:42 | 000,000,154 | R--- | M] () - E:\autorun.cfg -- [ UDF ]
O32 - AutoRun File - [2008/11/27 14:02:24 | 000,214,280 | R--- | M] (Sports Interactive) - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2006/09/11 15:26:42 | 000,000,027 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{5c012fb4-46f7-11df-83e8-0025113d8758}\Shell\AutoRun\command - "" = J:\NEVERUJMI//kadaplacem.exe
O33 - MountPoints2\{649f1f6b-78ab-11de-a864-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{649f1f6b-78ab-11de-a864-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2008/11/27 14:02:24 | 000,214,280 | R--- | M] (Sports Interactive)
O33 - MountPoints2\{676d8d91-f3d0-11df-aebd-0025113d8758}\Shell\AutoRun\command - "" = J:\U3ROM/system32.exe
O33 - MountPoints2\{676d8d91-f3d0-11df-aebd-0025113d8758}\Shell\explore\command - "" = J:\U3ROM/system32.exe
O33 - MountPoints2\{676d8d91-f3d0-11df-aebd-0025113d8758}\Shell\open\command - "" = J:\U3ROM/system32.exe
O33 - MountPoints2\{ed52bf15-09df-11df-96a6-0025113d8758}\Shell - "" = AutoRun
O33 - MountPoints2\{ed52bf15-09df-11df-96a6-0025113d8758}\Shell\AutoRun\command - "" = K:\autorun6e.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:/b - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:/b - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:/b - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:/b - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



SafeBootMin:[b]64bit:/b AppMgmt - Service
SafeBootMin:[b]64bit:/b Base - Driver Group
SafeBootMin:[b]64bit:/b Boot Bus Extender - Driver Group
SafeBootMin:[b]64bit:/b Boot file system - Driver Group
SafeBootMin:[b]64bit:/b File system - Driver Group
SafeBootMin:[b]64bit:/b Filter - Driver Group
SafeBootMin:[b]64bit:/b HelpSvc - Service
SafeBootMin:[b]64bit:/b PCI Configuration - Driver Group
SafeBootMin:[b]64bit:/b PNP Filter - Driver Group
SafeBootMin:[b]64bit:/b Primary disk - Driver Group
SafeBootMin:[b]64bit:/b sacsvr - Service
SafeBootMin:[b]64bit:/b SCSI Class - Driver Group
SafeBootMin:[b]64bit:/b System Bus Extender - Driver Group
SafeBootMin:[b]64bit:/b WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:/b {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:[b]64bit:/b {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:[b]64bit:/b {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:[b]64bit:/b {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:[b]64bit:/b {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:[b]64bit:/b {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:[b]64bit:/b {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:[b]64bit:/b {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:[b]64bit:/b {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:[b]64bit:/b {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:[b]64bit:/b {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:[b]64bit:/b {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:[b]64bit:/b {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:[b]64bit:/b {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:[b]64bit:/b {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:[b]64bit:/b {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:[b]64bit:/b {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:[b]64bit:/b AppMgmt - Service
SafeBootNet:[b]64bit:/b Base - Driver Group
SafeBootNet:[b]64bit:/b Boot Bus Extender - Driver Group
SafeBootNet:[b]64bit:/b Boot file system - Driver Group
SafeBootNet:[b]64bit:/b File system - Driver Group
SafeBootNet:[b]64bit:/b Filter - Driver Group
SafeBootNet:[b]64bit:/b HelpSvc - Service
SafeBootNet:[b]64bit:/b Messenger - Service
SafeBootNet:[b]64bit:/b NDIS Wrapper - Driver Group
SafeBootNet:[b]64bit:/b NetBIOSGroup - Driver Group
SafeBootNet:[b]64bit:/b NetDDEGroup - Driver Group
SafeBootNet:[b]64bit:/b Network - Driver Group
SafeBootNet:[b]64bit:/b NetworkProvider - Driver Group
SafeBootNet:[b]64bit:/b PCI Configuration - Driver Group
SafeBootNet:[b]64bit:/b PNP Filter - Driver Group
SafeBootNet:[b]64bit:/b PNP_TDI - Driver Group
SafeBootNet:[b]64bit:/b Primary disk - Driver Group
SafeBootNet:[b]64bit:/b rdsessmgr - Service
SafeBootNet:[b]64bit:/b sacsvr - Service
SafeBootNet:[b]64bit:/b SCSI Class - Driver Group
SafeBootNet:[b]64bit:/b Streams Drivers - Driver Group
SafeBootNet:[b]64bit:/b System Bus Extender - Driver Group
SafeBootNet:[b]64bit:/b TDI - Driver Group
SafeBootNet:[b]64bit:/b WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:/b WudfPf - Driver
SafeBootNet:[b]64bit:/b WudfUsbccidDriver - Driver
SafeBootNet:[b]64bit:/b {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:[b]64bit:/b {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:[b]64bit:/b {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:[b]64bit:/b {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:[b]64bit:/b {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:[b]64bit:/b {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:[b]64bit:/b {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:[b]64bit:/b {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:[b]64bit:/b {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:[b]64bit:/b {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:[b]64bit:/b {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:[b]64bit:/b {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:[b]64bit:/b {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:[b]64bit:/b {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:[b]64bit:/b {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:[b]64bit:/b {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:[b]64bit:/b {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:[b]64bit:/b {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:[b]64bit:/b {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:[b]64bit:/b {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:[b]64bit:/b {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:[b]64bit:/b {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:[b]64bit:/b {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:[b]64bit:/b {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:[b]64bit:/b {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:/b {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:/b {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:/b {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:[b]64bit:/b {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:/b {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:/b {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:/b {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:/b {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:/b {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:/b {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:/b {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:/b {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:[b]64bit:/b {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:[b]64bit:/b {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:[b]64bit:/b {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:/b {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:/b {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:[b]64bit:/b {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:/b {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:/b {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:[b]64bit:/b {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:/b >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:[b]64bit:/b >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:[b]64bit:/b >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:[b]64bit:/b msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color

[2011/10/08 13:15:33 | 000,000,000 | ---D | C] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\Malwarebytes
[2011/10/08 13:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/08 13:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/08 13:15:20 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/10/08 13:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/08 12:58:12 | 000,000,000 | ---D | C] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ad-Remover
[2011/10/08 12:58:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Remover
[2011/10/08 12:53:32 | 000,000,000 | ---D | C] -- C:\Users\Anne Laurie et Auré\Desktop\VireVirus
[2011/09/27 07:51:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[color=#E56717]========== Files - Modified Within 30 Days ==========/color

[2011/10/08 13:38:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/08 13:37:50 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/10/08 13:29:45 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/08 13:29:37 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/08 13:29:36 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/08 13:29:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/08 13:29:25 | 4294,168,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/08 13:15:24 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/08 12:58:12 | 000,001,732 | ---- | M] () -- C:\Users\Anne Laurie et Auré\Desktop\Ad-Remover.lnk
[2011/10/07 21:08:50 | 000,122,880 | ---- | M] () -- C:\Users\Anne Laurie et Auré\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/07 14:00:09 | 000,074,858 | ---- | M] () -- C:\Users\Anne Laurie et Auré\Desktop\Evema.jpg
[2011/09/19 23:46:52 | 000,000,294 | ---- | M] () -- C:\Windows\wininit.ini
[2011/09/18 23:17:36 | 001,518,928 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/18 23:17:36 | 000,678,804 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011/09/18 23:17:36 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/18 23:17:36 | 000,126,420 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011/09/18 23:17:36 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/12 22:00:43 | 000,000,680 | ---- | M] () -- C:\Users\Anne Laurie et Auré\AppData\Local\d3d9caps.dat
[2011/09/10 11:19:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[color=#E56717]========== Files Created - No Company Name ==========/color

[2011/10/08 13:37:49 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/10/08 13:15:24 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/08 12:58:12 | 000,001,732 | ---- | C] () -- C:\Users\Anne Laurie et Auré\Desktop\Ad-Remover.lnk
[2011/10/07 14:00:14 | 000,074,858 | ---- | C] () -- C:\Users\Anne Laurie et Auré\Desktop\Evema.jpg
[2011/08/14 14:37:54 | 000,004,096 | -H-- | C] () -- C:\Users\Anne Laurie et Auré\AppData\Local\keyfile3.drm
[2011/06/04 10:08:00 | 000,000,294 | ---- | C] () -- C:\Windows\wininit.ini
[2011/03/06 19:16:13 | 000,000,680 | ---- | C] () -- C:\Users\Anne Laurie et Auré\AppData\Local\d3d9caps.dat
[2011/02/13 13:45:07 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011/02/13 13:44:47 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/02/13 13:44:30 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011/02/13 03:10:11 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/02/13 03:10:11 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/02/13 03:10:09 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/02/13 03:10:09 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/13 03:10:09 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/10/29 18:40:02 | 000,000,732 | ---- | C] () -- C:\Users\Anne Laurie et Auré\AppData\Local\d3d9caps64.dat
[2010/09/12 13:23:04 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\drivers\SSHDRV76.sys
[2010/01/09 15:41:59 | 000,000,083 | ---- | C] () -- C:\Windows\wwp.INI
[2009/12/08 18:19:24 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE
[2009/11/18 21:25:18 | 000,196,096 | ---- | C] () -- C:\Windows\SysWow64\MACD32.DLL
[2009/11/18 21:25:18 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\MASE32.DLL
[2009/11/18 21:25:18 | 000,136,192 | ---- | C] () -- C:\Windows\SysWow64\MAMC32.DLL
[2009/11/18 21:25:18 | 000,057,856 | ---- | C] () -- C:\Windows\SysWow64\MASD32.DLL
[2009/11/18 21:25:18 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\MA32.DLL
[2009/10/17 13:04:47 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/12 18:28:17 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/10/12 18:26:08 | 000,049,152 | ---- | C] () -- C:\Windows\Iniexpander.exe
[2009/10/12 18:21:20 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2009/10/12 18:21:20 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2009/09/20 18:07:25 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys
[2009/09/20 18:07:25 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys
[2009/09/19 20:42:00 | 000,122,880 | ---- | C] () -- C:\Users\Anne Laurie et Auré\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/19 20:40:25 | 000,000,040 | ---- | C] () -- C:\Windows\NAVIGMA.INI
[2009/09/19 20:26:31 | 000,007,410 | ---- | C] () -- C:\Users\Anne Laurie et Auré\AppData\Roaming\wklnhst.dat
[2009/09/17 17:26:08 | 000,000,982 | ---- | C] () -- C:\Windows\eReg.dat
[2009/07/25 01:51:28 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/07/25 01:43:45 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\hidservice.ini
[2009/04/28 05:08:02 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/04/28 03:52:41 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/06/20 12:20:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\px.ini
[2006/12/13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Roxio.dll
[2006/12/13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CddbFileTaggerRoxio.dll
[2006/11/02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2001/08/13 22:09:48 | 000,659,520 | ---- | C] () -- C:\Windows\SysWow64\vbid3lib.dll
[2001/04/20 21:23:28 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\PManager.dll
[1998/09/07 03:03:36 | 000,012,208 | ---- | C] () -- C:\Windows\SysWow64\Cdio16.dll
[1998/09/07 02:55:42 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\cdio32.dll
[1997/06/14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll

[color=#E56717]========== Custom Scans ==========/color


[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >/color

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >/color

[color=#A23BEC]< %APPDATA%\*. >/color
[2009/11/08 20:07:42 | 000,000,000 | ---D | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\Adobe
[2010/01/05 15:08:11 | 000,000,000 | ---D | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\Auslogics
[2011/03/07 19:03:31 | 000,000,000 | ---D | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\Avira
[2011/03/11 18:53:48 | 000,000,000 | ---D | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\DAEMON Tools Lite
[2010/05/01 16:05:55 | 000,000,000 | ---D | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\dvdcss
[2011/08/26 18:54:21 | 000,000,000 | ---D | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\FreeFLVConverter
[2009/12/08 18:18:08 | 000,000,000 | ---D | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\Google
[2009/09/17 15:55:15 | 000,000,000 | ---D | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\Identities
[2009/09/24 18:26:42 | 000,000,000 | ---D | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\InstallShield
[2009/10/12 18:24:02 | 000,000,000 | ---D | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\InterTrust
[2009/09/17 15:55:30 | 000,000,000 | ---D | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\Macromedia
[2011/10/08 13:15:33 | 000,000,000 | ---D | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\Malwarebytes
[2006/11/02 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\Media Center Programs
[2011/08/13 17:53:21 | 000,000,000 | --SD | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\Microsoft
[2010/08/22 15:45:56 | 000,000,000 | ---D | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\Mount&Blade Warband
[2010/05/09 16:59:31 | 000,000,000 | ---D | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\Nero
[2010/08/23 19:10:31 | 000,000,000 | ---D | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\Notepad++
[2009/09/19 20:28:15 | 000,000,000 | ---D | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\Packard Bell
[2011/02/27 19:22:37 | 000,000,000 | ---D | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\PCFix
[2011/02/09 19:33:36 | 000,000,000 | ---D | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\PeerNetworking
[2011/06/14 21:04:21 | 000,000,000 | ---D | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\PriceGong
[2010/05/13 20:35:44 | 000,000,000 | ---D | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\Roxio
[2009/09/17 16:13:17 | 000,000,000 | RH-D | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\SecuROM
[2011/03/12 15:23:13 | 000,000,000 | ---D | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\Sports Interactive
[2009/10/17 13:11:04 | 000,000,000 | ---D | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\Template
[2011/08/15 22:04:36 | 000,000,000 | ---D | M] -- C:\Users\Anne Laurie et Auré\AppData\Roaming\vlc

[color=#A23BEC]< %APPDATA%\*.exe /s >/color

[color=#A23BEC]< %temp%\.exe /s >/color

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >/color

[color=#A23BEC]< %systemroot%\*. /mp /s >/color

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >/color

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >/color

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >/color

[color=#A23BEC]< %systemroot%\System32\config\*.sav >/color


[color=#A23BEC]< MD5 for: EXPLORER.EXE >/color
[2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/21 04:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/21 04:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

[color=#A23BEC]< MD5 for: WININIT.EXE >/color
[2008/01/21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit

1 réponse

Réponse 1 / 1
kalimusic Messages postés 14619 Statut Contributeur sécurité 3 027
 
Bonjour et Bienvenue sur CCM

Pas mal d'infections, searchqu est loin d'être seul !

● La plupart des infections nécessitent plusieurs outils et manipulations pour les supprimer complètement. Même si les symptômes disparaissent rapidement, il est préférable de terminer la procédure.
● N'utilise pas d'outil de désinfection de ta propre initiative, ne pas suivre également d'autres conseils afin de ne pas interférer sur la procédure en cours.
● Prends le temps de lire ce qui est demandé, ne te lance pas dans une manipulation que tu n'as pas compris.
● Je t'aide bénévolement, merci d'en tenir compte :)

== == == == == == == == == == == == == == == == == == == == == ==

1. Désinstalle Spybot S&D, logiciel obsolète et qui risque de gêner la désinfection :

Désactive le module Tea Timer
● Dé-vaccine
● Désinstalle

2. Désinstalle si possible et si présents :

Searchqu
PriceGong
DataMngr
Yontoo layers (sauf si tu t'en sers)

3. Relance AD-Remover
- Sous XP double-clic sur l'icône pour lancer l'outil.
- Sous Vista/Seven clic-droit sur l'icône et choisir "Exécuter en tant qu'administrateur" dans le menu contextuel.

Désactive la protection résidente de ton anti-virus pour ne pas gêner le travail de l'outil

● Clique sur le bouton Nettoyer puis confirme l'action en cliquant sur "Oui"
● Patiente le temps du scan (le bureau peut disparaitre), le rapport doit s'ouvrir spontanément à la fin.
● Clique sur Quitter
● Copie/colle le rapport dans ton prochain message.

Le rapport est sauvegardé à la racine du disque C:\Ad-report-CLEAN

3. Télécharge UsbFix (par C_XX & El Desaparecido) sur le Bureau
! ! Branche tous tes supports amovibles (Clés USB, DD externes, etc...) sans les ouvrir !!
● lance UsbFix
- Sous XP double-clic sur l'icône pour lancer l'outil.
- Sous Vista/Seven clic-droit sur l'icône et choisir "Exécuter en tant qu'administrateur" dans le menu contextuel.
● Clique sur le bouton "Recherche"
● Patiente le temps du balayage qui peut durer plusieurs minutes
● Le rapport doit s'ouvrir spontanément à la fin du scan
● Copie/colle le rapport dans le prochain message

Le rapport est sauvegardé à la racine du disque C:\Usbfix.txt

4. Héberge les rapports sur un des sites suivants :
https://www.cjoint.com/
http://www.cijoint.fr/
http://pjjoint.malekal.com/
https://textup.fr/
Tu obtiendras 2 liens que tu me donneras dans ton prochain message afin que je puisse les consulter.

A +
0

Discussions similaires

Site Easywifi.config inaccessible /
Charly -
Repeteurwifi -

8 réponses
Configuration répéteur Wifi
Squall -
Squall -

4 réponses
Impossible de se connecter a 192.168.1.1
papemane -
Quels -

5 réponses
192.168.49.1
4Pedro -
hopelan -

1 réponse
Chromecast sur tv dans un hôtel ?
totony59 -
Judge_DT -

4 réponses