demande d'aide pour pc infecter

dijital · le 30 Avr 2011 11:32

bonjour
je demande votre aide pour m'aider a me debarrasser d'un ou des virus qui ont infectes mon pc depuis quelque jour suite a
installation d'un logiciel infecter :oops:

les simptomes sont des pub intempestive a tout va ,le centre de securite windows qui est desactiver et impossible a reactiver .
et aussi restauration a une date anterieur qui se termine a chaque fois en erreur (signale a cause d'avast) et windows redemare sur un ecrand noir meme en mode sans echec ,obliger d'utiliser l'outil windows reparation au demarrage .

merci d'avance

lien ol.txt : http://mqmecf.pjointe.com/

lien extra.txt : http://wk38z7.megadl.fr/

nb:j'ai aucun support de restauration ,apart un cd de boot que je vien de cree avec seven

danakil · le 30 Avr 2011 11:54

Salut dijital!

Effectivement ton PC est trés contaminé.

Fais ceci dans un premier temps :
Ferme toutes les fenêtres actives sur ton PC.
Relance OTL > Clic droit dessus > "Exécuter en tant qu'Administrateur".
Dans l'interface d'OTL, vérifie que la case "Rapport minimal" soit bien cochée.
Copie et colle le contenu de cette citation (en bleu) dans la fenêtre "Personnalisation" :

:Otl
PRC - [2008/06/12 17:57:18 | 000,991,584 | ---- | M] (Vendio Services, Inc.) -- C:\Program Files\Search Settings\SearchSettings.exe
IE - HKU\S-1-5-21-2519781988-2905465911-4085053731-1002\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
IE - HKU\S-1-5-21-2519781988-2905465911-4085053731-1003\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
IE - HKLM\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2519781988-2905465911-4085053731-1002\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2519781988-2905465911-4085053731-1002\..\Toolbar\WebBrowser: (Softonic_France Toolbar) - {4DAAC69C-CBA7-45E2-9BC8-1044483D3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)
O33 - MountPoints2\{69f96402-f66f-11de-9baf-001c252938cb}\Shell - "" = AutoRun
O33 - MountPoints2\{69f96402-f66f-11de-9baf-001c252938cb}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{69f964d4-f66f-11de-9baf-001c252938cb}\Shell - "" = AutoRun
O33 - MountPoints2\{69f964d4-f66f-11de-9baf-001c252938cb}\Shell\AutoRun\command - "" = K:\autorun.exe
[2011/04/30 11:34:24 | 000,000,244 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/30 11:34:12 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/29 21:20:28 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/29 21:20:27 | 000,000,244 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/30 11:34:12 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/30 11:34:24 | 000,000,244 | -H-- | M] () -- C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2009/01/18 23:10:47 | 000,087,608 | ---- | M] () -- C:\Users\moha\AppData\Roaming\inst.exe

:files
c:\program files\search settings\searchsettings.exe
c:\program files\search settings\kb127\searchsettings.dll
c:\users\moha\appdata\roaming\inst.exe

:Commands
[emptytemp]
[emptyflash]
[resethosts]
[reboot]

Clique sur le bouton "Correction".
Ne touche plus au PC avant son redémarrage.
A l'ouverture du PC un rapport va s'ouvrir --> 04272011_xxxxxx.log ... Si ce n'est le cas tu le retrouveras sous le même nom sur le Bureau ou alors dans son dossier --> C:\_OTL
Copie et colle ici en réponse le contenu de ce rapport.

dijital · le 30 Avr 2011 12:27

merci pour ton aide ,voici le rapport otl :

Code: Tout sélectionner: All processes killed ========== OTL ========== No active process named SearchSettings.exe was found! Registry value HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully. C:\Program Files\Search Settings\kb127\SearchSettings.dll moved successfully. Registry value HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found. File C:\Program Files\Search Settings\kb127\SearchSettings.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{4daac69c-cba7-45e2-9bc8-1044483d3352} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ deleted successfully. C:\Program Files\Softonic_France\tbSoft.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. C:\Program Files\ConduitEngine\ConduitEngine.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ not found. File C:\Program Files\Softonic_France\tbSoft.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found. File C:\Program Files\Search Settings\kb127\SearchSettings.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Program Files\ConduitEngine\ConduitEngine.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4daac69c-cba7-45e2-9bc8-1044483d3352} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ not found. File C:\Program Files\Softonic_France\tbSoft.dll not found. Registry value HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Program Files\ConduitEngine\ConduitEngine.dll not found. Registry value HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}\ not found. File C:\Program Files\Softonic_France\tbSoft.dll not found. Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found. C:\Program Files\Search Settings\SearchSettings.exe moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69f96402-f66f-11de-9baf-001c252938cb}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69f96402-f66f-11de-9baf-001c252938cb}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69f96402-f66f-11de-9baf-001c252938cb}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69f96402-f66f-11de-9baf-001c252938cb}\ not found. File E:\Autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69f964d4-f66f-11de-9baf-001c252938cb}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69f964d4-f66f-11de-9baf-001c252938cb}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69f964d4-f66f-11de-9baf-001c252938cb}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69f964d4-f66f-11de-9baf-001c252938cb}\ not found. File K:\autorun.exe not found. C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job moved successfully. File C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found. File C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found. File C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job not found. File C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found. File C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job not found. C:\Users\moha\AppData\Roaming\inst.exe moved successfully. ========== FILES ========== File\Folder c:\program files\search settings\searchsettings.exe not found. File\Folder c:\program files\search settings\kb127\searchsettings.dll not found. File\Folder c:\users\moha\appdata\roaming\inst.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: freenet ->Temp folder emptied: 597526858 bytes ->Temporary Internet Files folder emptied: 0 bytes User: moha ->Temp folder emptied: 5778 bytes ->Temporary Internet Files folder emptied: 102618150 bytes ->Java cache emptied: 11393399 bytes ->FireFox cache emptied: 49538490 bytes ->Google Chrome cache emptied: 15481467 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 63546 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 200728 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 67126 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 741,00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: freenet User: moha ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.22.3 log created on 04302011_131915 Files\Folders moved on Reboot... File\Folder C:\Users\freenet\AppData\Local\Temp\hsperfdata_SYSTEM\2220 not found! C:\Users\freenet\AppData\Local\Temp\jbigi3089225465794053171lib.tmp moved successfully. C:\Users\freenet\AppData\Local\Temp\jcpuid2842873760049704314lib.tmp moved successfully. C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZKKU4A6\adsCAILDCA0.htm moved successfully. C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZKKU4A6\background-banner-middle-v45[1].jpg moved successfully. C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BULVW304\ads[2].htm moved successfully. C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BULVW304\list-item-plus[1].png moved successfully. C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BULVW304\planete-realmadrid_fr[1].htm moved successfully. C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9C3WPVCP\background-banner-right-v45[1].jpg moved successfully. C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1I0PE4YT\ads[3].htm moved successfully. C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1I0PE4YT\background_banner_green_50_v45[1].jpg moved successfully. C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1I0PE4YT\background_button_green_full[1].png moved successfully. C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1I0PE4YT\demande-aide-pc-infecter-vt-57188[1].html moved successfully. C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. C:\Windows\temp\JET3081.tmp moved successfully. Registry entries deleted on Reboot...

dijital · le 30 Avr 2011 16:08

suite du proleme ,mon grand frere sans savoir que j'ai demander de l'aide ici a fait un scan avec le logiciel malwerbyte anti-malwer est suprimer ? quelques infections? il a enregistrer un rapport que voici :

Code: Tout sélectionner: Malwarebytes' Anti-Malware 1.50.1.1100 http://www.malwarebytes.org Version de la base de données: 6478 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 30/04/2011 16:54:47 mbam-log-2011-04-30 (16-54-42).txt Type d'examen: Examen rapide Elément(s) analysé(s): 198381 Temps écoulé: 10 minute(s), 33 seconde(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 6 Valeur(s) du Registre infectée(s): 4 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 14 Processus mémoire infecté(s): c:\Windows\Azoleb.exe (Trojan.Downloader) -> 2112 -> No action taken. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{M671V35S-6E7E-NL17-043K-BVR4K3476637} (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{M671V35S-6E7E-NL17-043K-BVR4K3476637} (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{9D71D88C-C598-4935-C5D1-43AA4DB90836} (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\GHWAUC6NNZ (Trojan.FakeAlert.SA) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Yahoo (Trojan.Agent) -> Value: Yahoo -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Trojan.Agent) -> Value: Policies -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Trojan.Agent) -> Value: Policies -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GHWAUC6NNZ (Trojan.FakeAlert.SA) -> Value: GHWAUC6NNZ -> No action taken. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\Windows\Azoleb.exe (Trojan.Downloader) -> No action taken. c:\dir\install\install\explorere.exe (Trojan.Agent) -> No action taken. c:\Users\moha\AppData\Local\Temp\Aw0.exe (Trojan.Downloader) -> No action taken. c:\Users\moha\AppData\Local\Temp\Aw1.exe (Trojan.Downloader) -> No action taken. c:\Users\moha\AppData\Local\Temp\Aww.exe (Trojan.Downloader) -> No action taken. c:\Users\moha\AppData\Local\Temp\Awy.exe (Trojan.Downloader) -> No action taken. c:\Windows\Azolea.exe (Trojan.Downloader) -> No action taken. c:\Users\moha\AppData\addons.dat (Bifrose.Trace) -> No action taken. c:\Users\moha\AppData\Roaming\addons.dat (Bifrose.Trace) -> No action taken. c:\Users\moha\AppData\logs.dat (Bifrose.Trace) -> No action taken. c:\Users\moha\AppData\Roaming\logs.dat (Bifrose.Trace) -> No action taken. c:\Users\moha\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> No action taken. c:\Users\moha\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> No action taken. c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> No action taken.

danakil · le 30 Avr 2011 16:40

Re!

Regarde ce que tu peux voir dans le rapport Mbam - un exemple :

c:\Users\moha\AppData\Local\Temp\Aw0.exe (Trojan.Downloader) -> No action taken.
c:\Users\moha\AppData\Local\Temp\Aw1.exe (Trojan.Downloader) -> No action taken.

No action taken = Aucune action entreprise

Donc les infections sont toujours là. :wink:

Ton grand frére a bien agit mais a mal utilisé MalWareBytes.

Demande à celui-ci de me laisser terminer la désinfection de ce PC en utilisant mes procédures, sinon on va se mélanger les informations et on n'arrivera pas à dépanner ce PC.
Merci.

Fais ceci maintenant :
Télécharge UsbFix sur ton Bureau.

• Lance l'installation avec les paramètres par défaut.
/!\ Branche tes sources de données externes à ton PC (clé USB,disque dur externe,etc...) sans les ouvrir /!\

• Double-clique sur le raccourci UsbFix sur ton Bureau.(ou sous Vista et seven
fais un clic droit > Exécuter en tant qu'administrateur)

• Choisis l'option 2.Suppression

• Laisse travailler l'outil.

• Poste le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

dijital · le 30 Avr 2011 17:01

re danakil
pour mon frere t'inquite pas il a interdiction d'approcher mon pc a moin de 50m .lol

voici le rapport usbfix :

Code: Tout sélectionner: ############################## | UsbFix 7.044 | [Suppression] Utilisateur: moha (Administrateur) # PC-DE-MOHA [PACKARD BELL BV IMEDIA 8638] Mis à jour le 25/04/2011 par TeamXscript Lancé à 17:52:46 | 30/04/2011 Site Web: http://www.teamxscript.org Submit your sample: http://www.teamxscript.org/Upload.php Contact: TeamXscript.ElDesaparecido@gmail.com CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ CPU 2: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ Microsoft Windows 7 Édition Intégrale (6.1.7600 32-Bit) # Internet Explorer 8.0.7600.16385 Pare-feu Windows: Activé RAM -> 3072 Mo C:\ (%systemdrive%) -> Disque fixe # 365 Go (98 Go libre(s) - 27%) [HDD] # NTFS D:\ -> CD-ROM E:\ -> CD-ROM F:\ -> Disque amovible # 4 Go (533 Mo libre(s) - 14%) [MOHA] # FAT32 I:\ -> CD-ROM K:\ -> CD-ROM M:\ -> CD-ROM ################## | Éléments infectieux | Supprimé! C:\$RECYCLE.BIN\S-1-5-18 Supprimé! C:\$RECYCLE.BIN\S-1-5-20 Supprimé! C:\$RECYCLE.BIN\S-1-5-21-1026319779-3202175374-426762610-500 Supprimé! C:\$RECYCLE.BIN\S-1-5-21-2152478756-3922319563-605102323-500 Supprimé! C:\$RECYCLE.BIN\S-1-5-21-2519781988-2905465911-4085053731-1002 Supprimé! C:\dir Supprimé! C:\tmp ################## | Registre | Supprimé! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|google update ################## | Mountpoints2 | ################## | Listing | [01/09/2009 - 03:31:01 | D ] C:\$INPLACE.~TR [30/04/2011 - 17:56:57 | SHD ] C:\$Recycle.Bin [01/09/2009 - 06:34:57 | D ] C:\$WINDOWS.~Q [30/04/2011 - 16:57:09 | N | 161949] C:\aaw7boot.log [04/02/2010 - 01:38:06 | D ] C:\ADCDA2 [31/12/2009 - 16:49:43 | D ] C:\ADCDTEMP [13/03/2009 - 19:42:27 | D ] C:\Anuman Interactive [08/09/2008 - 02:43:26 | D ] C:\ASR [10/06/2009 - 23:42:20 | N | 24] C:\autoexec.bat [30/04/2011 - 11:38:55 | RASHD ] C:\Autorun.inf [10/11/2010 - 02:27:16 | D ] C:\BackupHelper [24/03/2011 - 05:59:36 | D ] C:\Backup_DB [30/04/2011 - 04:14:35 | SHD ] C:\boot [21/09/2010 - 16:11:53 | RSH | 383562] C:\bootmgr [01/09/2009 - 04:08:40 | RASH | 8192] C:\BOOTSECT.BAK [21/09/2010 - 16:08:24 | N | 438840] C:\bootxez [26/06/2010 - 03:05:19 | D ] C:\c38ad83b046f30ee4f6751f0 [23/03/2010 - 17:13:31 | D ] C:\CDTELE [29/09/2010 - 11:57:41 | N | 775] C:\cleanup.bat [22/04/2011 - 01:14:11 | SHD ] C:\Config.Msi [10/06/2009 - 23:42:20 | N | 10] C:\config.sys [14/07/2009 - 06:53:55 | SHD ] C:\Documents and Settings [30/08/2009 - 01:07:09 | D ] C:\Données Ciel [02/12/2009 - 03:06:57 | D ] C:\Downloads [02/09/2010 - 01:57:56 | D ] C:\dreambox [10/11/2009 - 20:17:55 | D ] C:\drivers [22/03/2011 - 02:19:46 | D ] C:\dual [08/01/2009 - 02:45:56 | D ] C:\firefoxuser [18/06/2010 - 02:15:14 | D ] C:\found.000 [04/08/2009 - 18:06:10 | N | 171136] C:\grldr [30/04/2011 - 16:57:10 | ASH | 2415566848] C:\hiberfil.sys [24/04/2011 - 21:35:24 | N | 921624] C:\img2-001.raw [02/03/2010 - 03:02:36 | D ] C:\Intel [01/03/2010 - 03:57:53 | D ] C:\Internet Explorer [09/07/2008 - 20:58:50 | N | 0] C:\IO.SYS [08/10/2008 - 20:31:58 | D ] C:\Language [26/10/2010 - 18:33:29 | N | 1060] C:\libSRTP_log.txt [24/03/2007 - 15:45:48 | N | 57344] C:\libsyslic1.dll [14/03/2007 - 04:57:54 | N | 144896] C:\libsyslic1.original.dll [23/06/2010 - 00:58:40 | N | 3397] C:\M7BL_Rapport.log [01/03/2010 - 02:04:48 | D ] C:\Mes Sites Web [09/07/2008 - 20:58:50 | N | 0] C:\MSDOS.SYS [11/09/2007 - 19:38:30 | RHD ] C:\MSOCache [12/09/2008 - 19:23:32 | D ] C:\navcore_SE_8.201.9497_basicpack [09/06/2010 - 16:04:41 | D ] C:\NVIDIA [30/04/2011 - 16:57:11 | ASH | 3220758528] C:\pagefile.sys [14/07/2009 - 04:37:05 | D ] C:\PerfLogs [30/04/2011 - 04:50:17 | D ] C:\Program Files [26/04/2011 - 23:55:50 | HD ] C:\ProgramData [01/09/2009 - 06:49:54 | SHD ] C:\Recovery [12/09/2008 - 19:28:40 | D ] C:\SE_ttsystem.8201.9497 [14/10/2009 - 20:24:33 | N | 232] C:\sqmdata00.sqm [15/10/2009 - 00:55:02 | N | 232] C:\sqmdata01.sqm [15/10/2009 - 12:11:50 | N | 232] C:\sqmdata02.sqm [15/10/2009 - 19:25:36 | N | 232] C:\sqmdata03.sqm [15/10/2009 - 19:26:44 | N | 232] C:\sqmdata04.sqm [15/10/2009 - 23:47:15 | N | 232] C:\sqmdata05.sqm [16/10/2009 - 23:45:05 | N | 232] C:\sqmdata06.sqm [17/10/2009 - 14:30:02 | N | 232] C:\sqmdata07.sqm [17/10/2009 - 20:59:15 | N | 232] C:\sqmdata08.sqm [18/10/2009 - 00:12:12 | N | 232] C:\sqmdata09.sqm [18/10/2009 - 13:59:10 | N | 232] C:\sqmdata10.sqm [18/10/2009 - 18:58:40 | N | 232] C:\sqmdata11.sqm [19/10/2009 - 01:07:34 | N | 268] C:\sqmdata12.sqm [18/11/2009 - 18:16:29 | N | 232] C:\sqmdata13.sqm [12/10/2009 - 22:35:23 | N | 232] C:\sqmdata14.sqm [13/10/2009 - 00:02:21 | N | 232] C:\sqmdata15.sqm [13/10/2009 - 12:33:04 | N | 232] C:\sqmdata16.sqm [13/10/2009 - 22:01:41 | N | 232] C:\sqmdata17.sqm [13/10/2009 - 22:13:28 | N | 232] C:\sqmdata18.sqm [14/10/2009 - 13:14:47 | N | 232] C:\sqmdata19.sqm [14/10/2009 - 20:24:33 | N | 244] C:\sqmnoopt00.sqm [15/10/2009 - 00:55:02 | N | 244] C:\sqmnoopt01.sqm [15/10/2009 - 12:11:50 | N | 244] C:\sqmnoopt02.sqm [15/10/2009 - 19:25:36 | N | 244] C:\sqmnoopt03.sqm [15/10/2009 - 19:26:44 | N | 244] C:\sqmnoopt04.sqm [15/10/2009 - 23:47:15 | N | 244] C:\sqmnoopt05.sqm [16/10/2009 - 23:45:05 | N | 244] C:\sqmnoopt06.sqm [17/10/2009 - 14:30:02 | N | 244] C:\sqmnoopt07.sqm [17/10/2009 - 20:59:15 | N | 244] C:\sqmnoopt08.sqm [18/10/2009 - 00:12:12 | N | 244] C:\sqmnoopt09.sqm [18/10/2009 - 13:59:10 | N | 244] C:\sqmnoopt10.sqm [18/10/2009 - 18:58:40 | N | 244] C:\sqmnoopt11.sqm [19/10/2009 - 01:07:34 | N | 172] C:\sqmnoopt12.sqm [18/11/2009 - 18:16:29 | N | 244] C:\sqmnoopt13.sqm [12/10/2009 - 22:35:23 | N | 244] C:\sqmnoopt14.sqm [13/10/2009 - 00:02:21 | N | 244] C:\sqmnoopt15.sqm [13/10/2009 - 12:33:04 | N | 244] C:\sqmnoopt16.sqm [13/10/2009 - 22:01:41 | N | 244] C:\sqmnoopt17.sqm [13/10/2009 - 22:13:28 | N | 244] C:\sqmnoopt18.sqm [14/10/2009 - 13:14:47 | N | 244] C:\sqmnoopt19.sqm [12/09/2008 - 19:28:42 | D ] C:\switch_update_for_8.201 [30/04/2011 - 04:45:42 | SHD ] C:\System Volume Information [22/03/2011 - 02:05:18 | D ] C:\temp [21/09/2010 - 16:37:31 | D ] C:\TokensBackup [30/04/2011 - 17:56:57 | D ] C:\UsbFix [30/04/2011 - 17:52:48 | A | 6367] C:\UsbFix.txt [01/03/2010 - 03:58:05 | D ] C:\Users [11/05/2009 - 02:00:42 | D ] C:\ViaMichelin [01/03/2010 - 03:58:04 | D ] C:\WAUUPGRD [30/04/2011 - 16:57:00 | D ] C:\Windows [21/09/2010 - 16:08:24 | N | 206312] C:\XELDZ [30/04/2011 - 13:19:15 | D ] C:\_OTL [10/11/2010 - 01:47:26 | D ] F:\ipa 2 [10/11/2010 - 02:01:20 | D ] F:\iPod Photo Cache [21/05/2007 - 18:51:02 | N | 759808] F:\DreamUP.exe [26/02/2008 - 18:12:02 | N | 5169152] F:\Gemini_0431_DM500_26022008.img [01/01/2011 - 23:37:52 | N | 5189632] F:\Gemini_470_DM500s_NO-bomb.img [08/01/2011 - 14:21:08 | D ] F:\dossier dm 500hd [08/01/2011 - 19:35:36 | D ] F:\BuckupDM500HD 09012010 salah [10/01/2011 - 12:38:00 | N | 1528] F:\BOOTEX.LOG [31/03/2011 - 01:18:04 | N | 12660544] F:\mozilla-firefox_mozilla_firefox_4.0_final_francais_11003.exe [02/04/2011 - 01:30:48 | N | 1514527] F:\FreeWifi_Manager_1.0.8_Setup.exe [30/04/2011 - 11:39:00 | RASHD ] F:\Autorun.inf [30/04/2011 - 16:36:32 | N | 7734216] F:\malwarebytes antimalware setup.exe ################## | Vaccin | C:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript) F:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript) ################## | Upload | Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_PC-DE-MOHA.zip http://www.teamxscript.org/Upload.php Merci de votre contribution. ################## | E.O.F |

danakil · le 30 Avr 2011 17:40

Voilà qui est mieux!

Maintenant tu vas utiliser MalWareBytes en effectuant un scan complet du PC.
Voici un tuto en images afin de t'aider --> tutoriel-malwarebytes-anti-malware-vt-46564.html

! Consignes importantes !
> Effectue une mise à jour du logiciel avant de lancer le scan.
> Lance un scan complet.
> A la fin du scan > Sélectionne toutes les cases affichés < puis clique sur le bouton Supprimer la sélection.
> Récupère le Rapport de suppression et poste le moi en réponse.

dijital · le 01 Mai 2011 00:07

re ,voici le rapport de supression :

Code: Tout sélectionner: Malwarebytes' Anti-Malware 1.50.1.1100 http://www.malwarebytes.org Version de la base de données: 6478 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 01/05/2011 00:59:10 mbam-log-2011-05-01 (00-59-10).txt Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|) Elément(s) analysé(s): 542917 Temps écoulé: 2 heure(s), 48 minute(s), 53 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 13 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\Users\moha\Desktop\tous les logiciel bureau\craagle 4.0.exe (HackTool.Craggle) -> Quarantined and deleted successfully. c:\Users\moha\Desktop\tous les logiciel bureau\activateur windows 7 removewat v2.2.3\removewat.exe (HackTool.Wpakill) -> Quarantined and deleted successfully. c:\Users\moha\Desktop\tous les logiciel bureau\usb 4go\activateur windows 7 removewat v2.2.3\removewat.exe (HackTool.Wpakill) -> Quarantined and deleted successfully. c:\Users\moha\Desktop\tous les logiciel bureau\usb 4go\MOHA (F)\crack mp messenger.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\moha\Desktop\tous les logiciel bureau\usb 4go\MOHA (F)\win_xp_activ.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. c:\Users\moha\Desktop\tous les logiciel bureau\usb 4go\MOHA (F)\hasni legend vol.2\hasni legend vol.2 .exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\moha\Desktop\tous les logiciel bureau\usb 4go\MOHA (F)\log pr enlever windows genuis\removewat.exe (HackTool.Wpakill) -> Quarantined and deleted successfully. c:\Users\moha\Desktop\tous les logiciel bureau\log pr enlever windows genuis\removewat.exe (HackTool.Wpakill) -> Quarantined and deleted successfully. c:\Users\moha\Desktop\tt les dossiers telechargers\telecargement rapidshare\ciel compta 2009\cc15\KeyGen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully. c:\Users\moha\Desktop\tt les dossiers telechargers\telecargement rapidshare\telechargement rs 1\piratez un reseau wifi\Tools\WlanDrv\WlanDrv.exe (Backdoor.Bot) -> Quarantined and deleted successfully. c:\Users\moha\Desktop\tt les dossiers telechargers\telecargement rapidshare\ivt.bluesoleil.v6.4.249.0.incl.keymaker-embrace\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\moha\Desktop\telechargement recent\crack mp messenger.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Windows\System32\internet download manager 5.16.3\CK\Keygen.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.

danakil · le 01 Mai 2011 06:04

Salut!

Cela se présente pas mal.
Un petit contrôle maintenant.

Relance OTL > Coche la case 'Rapport minimal' est colle cette citation dans la fenêtre 'Personnalisation' :

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
SAVEMBR:0

Clique sur le bouton 'Analyse' > Poste moi le rapport OTL.txt qui sera généré.

dijital · le 01 Mai 2011 11:22

bonjour danakil ,voici le raport :

OTL logfile created on: 01/05/2011 12:13:24 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\moha\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 364,61 Gb Total Space | 95,63 Gb Free Space | 26,23% Space Free | Partition Type: NTFS
Drive F: | 3,72 Gb Total Space | 0,52 Gb Free Space | 13,99% Space Free | Partition Type: FAT32

Computer Name: PC-DE-MOHA | User Name: moha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\moha\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\System32\msfeedssync.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Dokan\DokanLibrary\mounter.exe ()
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe (Autodata Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (Lavasoft)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\Nouveau dossier\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\System32\java.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe ()
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe ()
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe ()
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe ()
PRC - C:\Program Files\SmartCam\SmartCam.exe ()
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe ()
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragMonitorService.exe (ashampoo Technology GmbH & Co. KG)
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe ()
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe ( )
PRC - C:\Program Files\cFosSpeed\spd.exe (cFos Software GmbH)
PRC - C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

========== Modules (SafeList) ==========

MOD - C:\Users\moha\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (SessionLauncher) -- File not found
SRV - (SBSDWSCService) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (DokanMounter) -- C:\Program Files\Dokan\DokanLibrary\mounter.exe ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe ()
SRV - (maconfservice) -- C:\Program Files\ma-config.com\maconfservice.exe (CybelSoft)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (Autodata Limited License Service) -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe (Autodata Limited)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BlueSoleilCS) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe ()
SRV - (BsHelpCS) -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe ()
SRV - (BsMobileCS) -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (AshampooDefragService) -- C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe ( )
SRV - (cFosSpeedS) -- C:\Program Files\cFosSpeed\spd.exe (cFos Software GmbH)
SRV - (Roxio Upnp Server 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (RoxLiveShare10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxWatch10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (freenet-darknet-8888) -- C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe ()

========== Driver Services (SafeList) ==========

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Dokan) -- C:\Windows\System32\drivers\dokan.sys (Windows (R) Win 7 DDK provider)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (driverhardwarev2) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (CybelSoft)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (mf) -- C:\Windows\System32\drivers\mf.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.)
DRV - (BlueletSCOAudio) -- C:\Windows\System32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (BlueletAudio) -- C:\Windows\System32\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (RxFilter) -- C:\Windows\System32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (c2scsi) -- C:\Windows\System32\drivers\C2SCSI.SYS (Sonic Solutions)
DRV - (NmPar) -- C:\Windows\System32\drivers\NmPar.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmserial) -- C:\Windows\System32\drivers\NmSerial.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (BTNetFilter) -- C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys (IVT Corporation.)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (PRODIGY) -- C:\Windows\System32\drivers\prodigy.sys (B-phreaks)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 49 02 0E 7D FA CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=201.219.17.29:3128;http=201.219.17.29:3128;https=201.219.17.29:3128;gopher=201.219.17.29:3128;socks=201.219.17.29:3128;

========== FireFox ==========

FF - prefs.js..network.proxy.ftp: "201.219.17.29"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "201.219.17.29"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.socks: "201.219.17.29"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "201.219.17.29"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/09/01 04:39:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/02/16 03:51:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/03/08 14:55:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/31 03:15:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/31 01:16:00 | 000,000,000 | ---D | M]

[2011/03/31 01:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\moha\AppData\Mozilla\Extensions
[2010/06/25 04:45:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\moha\AppData\Mozilla\Extensions\home2@tomtom.com
[2011/04/27 19:40:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\moha\AppData\Mozilla\Firefox\Profiles\67cptpgj.default\extensions
[2011/04/30 04:50:39 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\moha\AppData\Mozilla\Firefox\Profiles\67cptpgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/20 14:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\moha\AppData\Mozilla\Firefox\Profiles\76qhtb5g.default\extensions
[2010/03/30 23:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\moha\AppData\Mozilla\Firefox\Profiles\mc46q8jk.default\extensions
[2011/03/31 03:15:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\MOHA\APPDATA\MOZILLA\FIREFOX\PROFILES\67CPTPGJ.DEFAULT\EXTENSIONS\NEWTABURL@SOGAME.CAT.XPI
[2011/03/18 19:58:47 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/07/31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2010/01/01 10:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/01 10:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/01/01 10:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/01/01 10:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/04/30 13:21:12 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (SolidConverter PDF) - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (TBSB08867 Class) - {6E3F081B-8632-486B-83FC-1A21840C0BA2} - C:\Program Files\LaTransparenceDesPrix\La Transparence Des Prix\tbcore3.dll ()
O2 - BHO: () - {A6984C00-C6EB-11D4-B4A4-080000180323} - C:\Program Files\Rapidown\rapi310.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\Nouveau dossier\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKLM\..\Toolbar: (SolidConverter PDF) - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (La Transparence Des Prix) - {76985346-BDA2-4B2E-A727-956D7B8B012E} - C:\Program Files\LaTransparenceDesPrix\La Transparence Des Prix\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (La Transparence Des Prix) - {76985346-BDA2-4B2E-A727-956D7B8B012E} - C:\Program Files\LaTransparenceDesPrix\La Transparence Des Prix\tbcore3.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DefragTaskBar] C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe ()
O4 - HKLM..\Run: [psastart] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\Nouveau dossier\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O9 - Extra Button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe ()
O9 - Extra 'Tools' menuitem : Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resourc ... dfr-fr.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 7168450039 (Reg Error: Key error.)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://www.ma-config.com/plugins/MaConfig_4_1_0_3.cab ("Ma-Config.com control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} http://www.extrafilm.fr/ExtraFilmUploader6.cab (ExtraFilm Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://webcam.singlehoteleden.ch/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/ph ... dfr-fr.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\System32\skype4com.dll (Skype Technologies)
O20 - AppInit_DLLs: (CLKERN.DLL) - C:\Windows\System32\CLKERN.DLL (MicroBest Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/04/30 17:57:18 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/04/30 17:57:20 | 000,000,000 | RHSD | M] - F:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.WMV3 - C:\Windows\System32\WMV9VCM.dll (Microsoft Corporation)

PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011/05/01 01:01:51 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{B91E5660-9002-4E45-9BD0-52B4D450CB90}
[2011/04/30 18:49:16 | 000,000,000 | ---D | C] -- C:\Users\moha\Desktop\enregdm500
[2011/04/30 17:57:18 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2011/04/30 16:37:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/30 16:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/30 16:37:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/30 13:19:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/30 11:39:33 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\moha\Desktop\OTL.exe
[2011/04/30 11:38:43 | 001,227,544 | ---- | C] (TeamXscript.org) -- C:\Users\moha\Desktop\UsbFix.exe
[2011/04/30 11:35:21 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{35056536-17BF-4E30-B11F-7DF5339B4FEA}
[2011/04/30 02:42:53 | 000,000,000 | ---D | C] -- C:\UsbFix
[2011/04/30 01:14:59 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Malwarebytes
[2011/04/30 00:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/29 21:51:38 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{92418E7A-9974-4C1C-9EFE-10798DA8873B}
[2011/04/29 00:02:38 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{E4AF7E12-BA63-423A-8DCB-35525ACC3851}
[2011/04/28 11:56:22 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{2CAA22F0-FFA8-4F6C-B7D2-B5B01E4D5A03}
[2011/04/26 23:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\VOWSoft
[2011/04/26 23:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPodRobot
[2011/04/26 23:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPodRobot
[2011/04/26 23:53:00 | 000,000,000 | ---D | C] -- C:\Users\moha\Desktop\Celestial.framework
[2011/04/25 12:24:21 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{189F4067-C504-44B3-B9F7-FA7853445F52}
[2011/04/24 13:28:15 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{71406F55-C5B4-4B4F-B806-FC168429D7CE}
[2011/04/23 11:40:02 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{F7EF57A5-07E9-43FB-812F-F4A72834A100}
[2011/04/22 12:03:11 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{9CD9ED4D-E780-43C0-99AE-58A4246FEE7C}
[2011/04/21 16:24:57 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{93EF28B8-F280-4521-B3D3-638E5C410E46}
[2011/04/20 13:07:59 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{0124E40B-6853-497C-8E52-5FD04C0D6A22}
[2011/04/19 23:11:50 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{C4478F51-0286-4D6C-8C11-2213D14AFFE1}
[2011/04/19 11:11:22 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{11312CF7-68B2-4D4F-83CC-E44739A8D1E2}
[2011/04/18 09:53:38 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{E1F0FF82-3A2A-45E7-89AF-180C5FDEAF5E}
[2011/04/17 09:25:50 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{AA181150-A506-48E3-870C-7A8CF6EF2277}
[2011/04/16 10:14:22 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{0C625F94-4059-4CB9-998E-D1D1470C3539}
[2011/04/15 12:19:53 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{473739B2-EBBC-45F2-8BCE-43487450360A}
[2011/04/14 23:33:01 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{26F0830E-7F9F-4401-A8DB-2D2EB4E1C9A8}
[2011/04/14 10:18:40 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{D6D7F372-97DA-4022-B576-AA4D08C757C6}
[2011/04/13 23:31:03 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/13 23:31:03 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/13 23:31:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/13 23:31:01 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/13 23:31:00 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/13 23:30:52 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/13 23:30:52 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/13 23:30:52 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/13 23:30:52 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/13 23:30:52 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/13 23:30:52 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/13 23:30:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/13 23:30:52 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/13 23:30:52 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/13 23:30:52 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/13 23:30:52 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/13 23:30:35 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/13 23:30:32 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/04/13 23:30:30 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/13 23:30:30 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/13 11:26:20 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{A72AEC5C-346E-488D-93FE-B6F63B563CC4}
[2011/04/12 12:55:44 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{F4B79EEF-1385-4601-979A-1DA6D4C5C050}
[2011/04/11 15:46:24 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{04E42FCF-5E27-47E8-B4F4-3E63CD67100C}
[2011/04/10 12:30:30 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{B8425AA5-9337-4B53-8D5A-7857EBED7F4C}
[2011/04/10 00:10:27 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{8404795D-D727-41AE-ABC6-67331C39F69D}
[2011/04/06 14:56:46 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallJammer Registry
[2011/04/06 14:56:42 | 000,000,000 | ---D | C] -- C:\Users\moha\.gstreamer-0.10
[2011/04/06 14:56:23 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DreamStream-E2
[2011/04/06 14:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\DreamStream-E2
[2011/04/06 12:31:30 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{DAEDB7AF-EF19-4097-BFBA-BB5E05B5F3A7}
[2011/04/06 00:21:50 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{CC7F0D79-E757-4BFC-84A5-8856AF0028BD}
[2011/04/05 12:20:27 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{E78C2912-4EAF-4FD0-BBA8-31EF7958AA49}
[2011/04/04 12:50:53 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{E7CD16BB-B2DB-4966-9D70-F423A6378A22}
[2011/04/04 01:30:40 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\ZapDreamBoxServer
[2011/04/04 01:28:35 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\vlc
[2011/04/04 01:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/04/04 00:30:34 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\Dado
[2011/04/03 12:58:36 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{323E3C38-77BB-416F-BA0D-65503CD8D121}
[2011/04/01 12:28:35 | 000,000,000 | ---D | C] -- C:\Users\moha\AppData\Local\{1FD2F223-F448-4C2D-BE49-96D3B159F153}
[2009/05/22 00:41:04 | 000,439,440 | ---- | C] (Pantaray Research Ltd.) -- C:\Program Files\un_Internet Download Manager_16575.exe

========== Files - Modified Within 30 Days ==========

[2011/05/01 12:15:06 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/05/01 11:58:00 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/01 11:56:32 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2519781988-2905465911-4085053731-1002UA.job
[2011/05/01 11:56:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/01 01:00:58 | 000,001,243 | ---- | M] () -- C:\Windows\System32\bscs.ini
[2011/05/01 01:00:58 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/01 01:00:58 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\fkcp.job
[2011/05/01 01:00:31 | 2415,566,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/01 00:56:49 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2519781988-2905465911-4085053731-1002Core.job
[2011/04/30 19:09:16 | 000,312,611 | ---- | M] () -- C:\Users\moha\Desktop\Enigma² - Monter le HDD de son PC sur son demo.pdf
[2011/04/30 17:57:22 | 004,836,110 | ---- | M] () -- C:\UsbFix_Upload_Me_PC-DE-MOHA.zip
[2011/04/30 17:51:41 | 001,227,544 | ---- | M] (TeamXscript.org) -- C:\Users\moha\Desktop\UsbFix.exe
[2011/04/30 16:37:38 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/30 13:21:12 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/04/30 11:39:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\moha\Desktop\OTL.exe
[2011/04/30 11:39:15 | 000,716,850 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/04/30 11:39:15 | 000,627,482 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/30 11:39:15 | 000,136,288 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/04/30 11:39:15 | 000,111,060 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/30 04:08:18 | 000,016,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/30 04:08:17 | 000,016,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/30 04:00:11 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/04/30 04:00:11 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/29 21:20:26 | 000,135,168 | RHS- | M] () -- C:\Windows\System32\tsdisconc.dll
[2011/04/29 11:10:12 | 000,002,261 | ---- | M] () -- C:\Users\moha\Desktop\Google Chrome.lnk
[2011/04/28 13:25:09 | 000,179,550 | ---- | M] () -- C:\Users\moha\Documents\Unidialog_1418713e_1303989884322.pdf
[2011/04/24 21:35:24 | 000,921,624 | ---- | M] () -- C:\img2-001.raw
[2011/04/14 10:15:35 | 000,540,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/06 18:20:03 | 210,526,376 | ---- | M] () -- C:\Users\moha\Documents\vlc-record-2011-04-06-18h18m11s-http___192.168.0.12_8001_1_0_19_2264_438_1_C00000_0_0_0_-.ts
[2011/04/06 18:11:34 | 000,249,344 | ---- | M] () -- C:\Users\moha\Documents\vlc-record-2011-04-06-18h11m30s-Diffusion-.ts
[2011/04/06 18:05:06 | 000,001,049 | ---- | M] () -- C:\Users\moha\Desktop\VLC media player.lnk
[2011/04/06 18:02:43 | 029,985,812 | ---- | M] () -- C:\Users\moha\Documents\vlc-record-2011-04-06-18h02m27s-http___192.168.0.12_8001_1_0_19_2264_438_1_C00000_0_0_0_-.ts
[2011/04/06 17:52:01 | 299,663,328 | ---- | M] () -- C:\Users\moha\Documents\vlc-record-2011-04-06-17h49m15s-http___192.168.0.12_8001_1_0_19_2264_438_1_C00000_0_0_0_-.ts
[2011/04/05 03:47:32 | 000,013,312 | ---- | M] () -- C:\Users\moha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/05/01 12:15:06 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/04/30 19:09:14 | 000,312,611 | ---- | C] () -- C:\Users\moha\Desktop\Enigma² - Monter le HDD de son PC sur son demo.pdf
[2011/04/30 17:57:22 | 004,836,110 | ---- | C] () -- C:\UsbFix_Upload_Me_PC-DE-MOHA.zip
[2011/04/30 16:37:38 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/30 04:00:11 | 000,001,936 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/29 21:20:27 | 000,000,306 | -HS- | C] () -- C:\Windows\tasks\fkcp.job
[2011/04/29 21:20:26 | 000,135,168 | RHS- | C] () -- C:\Windows\System32\tsdisconc.dll
[2011/04/28 13:25:09 | 000,179,550 | ---- | C] () -- C:\Users\moha\Documents\Unidialog_1418713e_1303989884322.pdf
[2011/04/06 18:18:11 | 210,526,376 | ---- | C] () -- C:\Users\moha\Documents\vlc-record-2011-04-06-18h18m11s-http___192.168.0.12_8001_1_0_19_2264_438_1_C00000_0_0_0_-.ts
[2011/04/06 18:11:30 | 000,249,344 | ---- | C] () -- C:\Users\moha\Documents\vlc-record-2011-04-06-18h11m30s-Diffusion-.ts
[2011/04/06 18:05:06 | 000,001,049 | ---- | C] () -- C:\Users\moha\Desktop\VLC media player.lnk
[2011/04/06 18:02:27 | 029,985,812 | ---- | C] () -- C:\Users\moha\Documents\vlc-record-2011-04-06-18h02m27s-http___192.168.0.12_8001_1_0_19_2264_438_1_C00000_0_0_0_-.ts
[2011/04/06 17:49:15 | 299,663,328 | ---- | C] () -- C:\Users\moha\Documents\vlc-record-2011-04-06-17h49m15s-http___192.168.0.12_8001_1_0_19_2264_438_1_C00000_0_0_0_-.ts
[2011/01/04 21:04:07 | 000,000,600 | ---- | C] () -- C:\Users\moha\AppData\Local\PUTTY.RND
[2010/10/28 01:56:56 | 000,049,152 | ---- | C] () -- C:\Windows\System32\DocToPDFMon.dll
[2010/10/05 03:13:34 | 000,203,944 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/10/01 01:28:50 | 000,000,600 | ---- | C] () -- C:\Users\moha\AppData\winscp.rnd
[2010/07/05 14:37:06 | 000,033,792 | ---- | C] () -- C:\Windows\System32\dokan.dll
[2010/04/29 17:37:26 | 000,002,137 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/04/16 01:23:43 | 001,490,356 | ---- | C] () -- C:\Users\moha\AppData\Local\rx_audio.Cache
[2010/04/16 01:21:34 | 017,919,888 | ---- | C] () -- C:\Users\moha\AppData\Local\rx_image.Cache
[2010/04/06 19:54:32 | 000,203,336 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/04/01 00:58:00 | 000,007,605 | ---- | C] () -- C:\Users\moha\AppData\Local\Resmon.ResmonCfg
[2010/01/12 02:02:52 | 000,000,127 | ---- | C] () -- C:\Windows\FileTranslator.INI
[2009/12/31 05:02:44 | 000,013,030 | ---- | C] () -- C:\Users\moha\AppData\Local\PDOXUSRS.NET
[2009/12/21 03:00:01 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/12/20 01:48:15 | 000,013,312 | ---- | C] () -- C:\Users\moha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/06 00:48:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2009/10/06 00:48:48 | 000,002,412 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2009/09/05 15:49:08 | 000,000,092 | ---- | C] () -- C:\Users\moha\AppData\Local\fusioncache.dat
[2009/09/02 00:15:56 | 000,001,775 | ---- | C] () -- C:\Windows\hpdj5700.ini
[2009/09/01 06:33:57 | 000,022,280 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/08/31 01:18:26 | 000,002,334 | ---- | C] () -- C:\Windows\System32\SHORTCUT.INI
[2009/08/31 01:17:41 | 000,000,126 | ---- | C] () -- C:\Windows\System32\REMOTEDEVICE.INI
[2009/08/30 15:33:58 | 000,006,056 | ---- | C] () -- C:\Windows\System32\LOCALSERVICE.INI
[2009/08/30 15:33:56 | 000,000,102 | ---- | C] () -- C:\Windows\System32\LOCALDEVICE.INI
[2009/08/30 13:53:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\BSPRINT.INI
[2009/08/30 01:08:02 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2009/07/14 10:39:49 | 000,716,850 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2009/07/14 10:39:49 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2009/07/14 10:39:49 | 000,136,288 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2009/07/14 10:39:49 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 000,540,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,627,482 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,111,060 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/11 01:36:37 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/05/04 16:37:23 | 000,102,520 | ---- | C] () -- C:\Windows\System32\setup.dll
[2009/04/20 01:42:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/04/16 02:05:03 | 000,000,087 | ---- | C] () -- C:\Windows\BsMobileModel.ini
[2009/04/14 04:40:38 | 000,000,325 | ---- | C] () -- C:\Windows\calculat.ini
[2009/04/14 04:37:55 | 000,000,037 | ---- | C] () -- C:\Windows\Viewer.ini
[2009/03/18 21:43:07 | 000,000,050 | ---- | C] () -- C:\Windows\winzipme.ini
[2009/03/17 03:45:17 | 000,003,241 | ---- | C] () -- C:\Windows\jvnwz24.ini
[2009/03/17 03:45:17 | 000,001,431 | ---- | C] () -- C:\Windows\crzm_c48.ini
[2009/03/15 04:24:27 | 000,446,464 | ---- | C] () -- C:\Windows\System32\Tx32.dll
[2009/03/15 04:24:27 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ic32.ini
[2009/03/15 04:23:03 | 000,000,110 | ---- | C] () -- C:\Windows\NAVIGMA.INI
[2009/03/15 04:22:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/03/13 19:56:23 | 000,053,248 | ---- | C] () -- C:\Windows\System32\ArmAccess.dll
[2009/03/13 17:33:03 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/03/13 16:42:29 | 000,000,036 | ---- | C] () -- C:\Windows\ndet2000.INI
[2009/03/12 22:32:19 | 000,721,920 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2009/03/12 22:32:19 | 000,150,016 | ---- | C] () -- C:\Windows\System32\libxslt.dll
[2009/03/12 22:32:19 | 000,051,200 | ---- | C] () -- C:\Windows\System32\libexslt.dll
[2009/03/12 02:10:09 | 000,878,080 | ---- | C] () -- C:\Windows\System32\iconv.dll
[2009/02/27 17:04:46 | 000,001,243 | ---- | C] () -- C:\Windows\System32\bscs.ini
[2009/02/27 16:45:16 | 000,405,589 | ---- | C] () -- C:\Windows\System32\BsUI.dll
[2009/02/27 16:44:50 | 000,278,647 | ---- | C] () -- C:\Windows\System32\outlookAddin.dll
[2009/02/27 16:44:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\HtmPrintHelper.dll
[2009/02/27 16:44:10 | 000,622,693 | ---- | C] () -- C:\Windows\System32\BSShell.dll
[2009/02/27 16:41:02 | 000,122,976 | ---- | C] () -- C:\Windows\System32\BsMobileSDK.dll
[2009/02/27 16:40:50 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BsMobileCSps.dll
[2009/02/27 16:38:36 | 000,110,691 | ---- | C] () -- C:\Windows\System32\Bs2Res.dll
[2009/02/18 20:55:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 23:52:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009/01/19 03:36:20 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2008/12/30 20:14:06 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008/12/30 20:13:45 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008/10/22 15:30:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\BsVistaCommon.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/10/03 23:57:44 | 000,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/09/23 02:10:04 | 000,000,023 | ---- | C] () -- C:\Windows\kodakpcd.ini
[2008/08/04 17:22:18 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2008/07/09 20:58:55 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/07/09 20:58:54 | 000,001,644 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/06/15 19:51:55 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/05/04 01:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/07 13:54:22 | 017,907,824 | ---- | C] () -- C:\Windows\System32\BsLangInDepRes.dll
[2008/02/15 05:14:32 | 000,446,976 | ---- | C] () -- C:\Windows\System32\ShellMPD.dll
[2007/11/25 00:38:32 | 000,086,016 | ---- | C] () -- C:\Windows\removeark.exe
[2007/11/25 00:38:32 | 000,028,928 | ---- | C] () -- C:\Windows\System32\drivers\usb2vcom.sys
[2007/11/12 15:01:21 | 000,001,208 | ---- | C] () -- C:\Windows\Radio_Fr.ini
[2007/11/10 01:37:16 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2007/11/09 23:46:00 | 000,062,232 | R--- | C] () -- C:\Windows\System32\GameuxInstallHelper.dll
[2007/09/05 18:46:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2007/03/12 22:31:28 | 001,732,608 | ---- | C] () -- C:\Windows\System32\BCGPStyle2007Luna.dll
[2007/01/01 01:13:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2006/12/19 07:39:02 | 000,184,320 | ---- | C] () -- C:\Windows\System32\NmUninst.exe
[2006/12/19 07:22:22 | 000,008,192 | ---- | C] () -- C:\Windows\System32\NmCoInst.dll
[2005/05/27 15:57:16 | 000,162,304 | ---- | C] () -- C:\Windows\System32\drivers\PFC027.sys
[2005/01/25 16:15:42 | 000,010,240 | R--- | C] () -- C:\Windows\System32\PA207USD.DLL
[2001/08/29 20:57:40 | 000,155,648 | ---- | C] () -- C:\Windows\System32\addurl41.DLL
[2001/07/10 15:43:16 | 000,018,432 | ---- | C] () -- C:\Windows\System32\winwatch.DLL
[1996/04/03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/05/01 01:00:30 | 000,162,173 | ---- | M] () -- C:\aaw7boot.log
[2009/06/10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/09/21 16:11:53 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/09/01 04:08:40 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/09/21 16:08:24 | 000,438,840 | ---- | M] () -- C:\bootxez
[2010/09/29 11:57:41 | 000,000,775 | ---- | M] () -- C:\cleanup.bat
[2009/06/10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/08/04 18:06:10 | 000,171,136 | ---- | M] () -- C:\grldr
[2011/05/01 01:00:31 | 2415,566,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/24 21:35:24 | 000,921,624 | ---- | M] () -- C:\img2-001.raw
[2008/07/09 20:58:50 | 000,000,000 | ---- | M] () -- C:\IO.SYS
[2010/10/26 18:33:29 | 000,001,060 | ---- | M] () -- C:\libSRTP_log.txt
[2007/03/24 15:45:48 | 000,057,344 | ---- | M] (NGEN TEAM) -- C:\libsyslic1.dll
[2007/03/14 04:57:54 | 000,144,896 | ---- | M] (SYSTRAN) -- C:\libsyslic1.original.dll
[2010/06/23 00:58:40 | 000,003,397 | ---- | M] () -- C:\M7BL_Rapport.log
[2008/07/09 20:58:50 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
[2011/05/01 01:00:31 | 3220,758,528 | -HS- | M] () -- C:\pagefile.sys
[2011/05/01 12:15:06 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2009/10/14 20:24:33 | 000,000,232 | ---- | M] () -- C:\sqmdata00.sqm
[2009/10/15 00:55:02 | 000,000,232 | ---- | M] () -- C:\sqmdata01.sqm
[2009/10/15 12:11:50 | 000,000,232 | ---- | M] () -- C:\sqmdata02.sqm
[2009/10/15 19:25:36 | 000,000,232 | ---- | M] () -- C:\sqmdata03.sqm
[2009/10/15 19:26:44 | 000,000,232 | ---- | M] () -- C:\sqmdata04.sqm
[2009/10/15 23:47:15 | 000,000,232 | ---- | M] () -- C:\sqmdata05.sqm
[2009/10/16 23:45:05 | 000,000,232 | ---- | M] () -- C:\sqmdata06.sqm
[2009/10/17 14:30:02 | 000,000,232 | ---- | M] () -- C:\sqmdata07.sqm
[2009/10/17 20:59:15 | 000,000,232 | ---- | M] () -- C:\sqmdata08.sqm
[2009/10/18 00:12:12 | 000,000,232 | ---- | M] () -- C:\sqmdata09.sqm
[2009/10/18 13:59:10 | 000,000,232 | ---- | M] () -- C:\sqmdata10.sqm
[2009/10/18 18:58:40 | 000,000,232 | ---- | M] () -- C:\sqmdata11.sqm
[2009/10/19 01:07:34 | 000,000,268 | ---- | M] () -- C:\sqmdata12.sqm
[2009/11/18 18:16:29 | 000,000,232 | ---- | M] () -- C:\sqmdata13.sqm
[2009/10/12 22:35:23 | 000,000,232 | ---- | M] () -- C:\sqmdata14.sqm
[2009/10/13 00:02:21 | 000,000,232 | ---- | M] () -- C:\sqmdata15.sqm
[2009/10/13 12:33:04 | 000,000,232 | ---- | M] () -- C:\sqmdata16.sqm
[2009/10/13 22:01:41 | 000,000,232 | ---- | M] () -- C:\sqmdata17.sqm
[2009/10/13 22:13:28 | 000,000,232 | ---- | M] () -- C:\sqmdata18.sqm
[2009/10/14 13:14:47 | 000,000,232 | ---- | M] () -- C:\sqmdata19.sqm
[2009/10/14 20:24:33 | 000,000,244 | ---- | M] () -- C:\sqmnoopt00.sqm
[2009/10/15 00:55:02 | 000,000,244 | ---- | M] () -- C:\sqmnoopt01.sqm
[2009/10/15 12:11:50 | 000,000,244 | ---- | M] () -- C:\sqmnoopt02.sqm
[2009/10/15 19:25:36 | 000,000,244 | ---- | M] () -- C:\sqmnoopt03.sqm
[2009/10/15 19:26:44 | 000,000,244 | ---- | M] () -- C:\sqmnoopt04.sqm
[2009/10/15 23:47:15 | 000,000,244 | ---- | M] () -- C:\sqmnoopt05.sqm
[2009/10/16 23:45:05 | 000,000,244 | ---- | M] () -- C:\sqmnoopt06.sqm
[2009/10/17 14:30:02 | 000,000,244 | ---- | M] () -- C:\sqmnoopt07.sqm
[2009/10/17 20:59:15 | 000,000,244 | ---- | M] () -- C:\sqmnoopt08.sqm
[2009/10/18 00:12:12 | 000,000,244 | ---- | M] () -- C:\sqmnoopt09.sqm
[2009/10/18 13:59:10 | 000,000,244 | ---- | M] () -- C:\sqmnoopt10.sqm
[2009/10/18 18:58:40 | 000,000,244 | ---- | M] () -- C:\sqmnoopt11.sqm
[2009/10/19 01:07:34 | 000,000,172 | ---- | M] () -- C:\sqmnoopt12.sqm
[2009/11/18 18:16:29 | 000,000,244 | ---- | M] () -- C:\sqmnoopt13.sqm
[2009/10/12 22:35:23 | 000,000,244 | ---- | M] () -- C:\sqmnoopt14.sqm
[2009/10/13 00:02:21 | 000,000,244 | ---- | M] () -- C:\sqmnoopt15.sqm
[2009/10/13 12:33:04 | 000,000,244 | ---- | M] () -- C:\sqmnoopt16.sqm
[2009/10/13 22:01:41 | 000,000,244 | ---- | M] () -- C:\sqmnoopt17.sqm
[2009/10/13 22:13:28 | 000,000,244 | ---- | M] () -- C:\sqmnoopt18.sqm
[2009/10/14 13:14:47 | 000,000,244 | ---- | M] () -- C:\sqmnoopt19.sqm
[2011/04/30 17:57:33 | 000,007,790 | ---- | M] () -- C:\UsbFix.txt
[2011/04/30 17:57:22 | 004,836,110 | ---- | M] () -- C:\UsbFix_Upload_Me_PC-DE-MOHA.zip
[2010/09/21 16:08:24 | 000,206,312 | ---- | M] () -- C:\XELDZ

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2011/02/24 07:29:55 | 000,185,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
[2011/04/29 21:20:26 | 000,135,168 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\System32\tsdisconc.dll

< %systemroot%\Tasks\*.job /lockedfiles >
[2011/05/01 01:00:58 | 000,000,306 | -HS- | M] () Unable to obtain MD5 -- C:\Windows\Tasks\fkcp.job

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2011/02/23 07:05:25 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys
[2011/02/03 07:45:07 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/02/23 07:05:31 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2011/02/23 07:05:41 | 000,221,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2011/02/23 07:05:35 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2011/02/23 07:06:11 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2011/02/23 07:05:57 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2011/02/23 07:05:48 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-28 01:05:07

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\X-Lite:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\wpe5.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\vlc-record-2011-04-06-18h18m11s-http___192.168.0.12_8001_1_0_19_2264_438_1_C00000_0_0_0_-.ts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\vlc-record-2011-04-06-18h11m30s-Diffusion-.ts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\vlc-record-2011-04-06-18h02m27s-http___192.168.0.12_8001_1_0_19_2264_438_1_C00000_0_0_0_-.ts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\vlc-record-2011-04-06-17h49m15s-http___192.168.0.12_8001_1_0_19_2264_438_1_C00000_0_0_0_-.ts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\UDC Output Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\TF1 - Reportages - 25-11-2006 13h30 40m.ts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\TF1 - F1 à la Une - 08-10-2006 06h45 10m.ts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Revue Technique RENAULT SCENIC 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\photo_1296822.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\pemplois:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\memoire de masse n95:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\MEGANE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\manuel de reparation scenic:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\lcl.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\injecteur.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\GameCenter iOS 4.1 iPhone 3G Final:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\DriverGenius:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Dreambox Air Control:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Clip audio entretien avec mr.guth.wav:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture trop percu caf 18112009.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture suivi colisimo.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture payment carte bancaire tele samsung cz ubladi 06032011.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture lcl vir 10000 19112010.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture lcl keuch.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture lcl 20112010.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture lcl 03122009.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture kaporal .PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture FREE.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture direct assurance.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture caf 3.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture caf 2.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture caf 1.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture caf 02.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture caf .PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture billet abdelkrim.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\capture achat rue du commerce 20072008.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture 307.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture 307 2 .PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture 2galli.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture 03012010-8.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture 03012010-7.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture 03012010-6.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture 03012010-5.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture 03012010-11.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture 03012010-10.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture 03.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture 02102010.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture 02012010-4.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture 02012010-3.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture 02012010-2 .PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture lcl 20112010.PNG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\caf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Barcelona 4-0 Henry.avi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Barcelona 3-0 Messi.avi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Barcelona 2-0 Eto_o.avi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Barcelona 1-0 Messi_2.avi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Autodata:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\adsl TV 480094.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\adsl TV 480025.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\adsl TV 479954.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\adsl TV 479900.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\adsl TV 2009-06-09 03-05-05 BFM TV.mpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\ABCD0007.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\ABCD0007 (2).JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\307 2.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Desktop\telechargement recent:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Desktop\Revue Technique - Peugeot 307(Expert Automobile):Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Desktop\Picture Collage Maker Pro 2.5.4 Build 3297 Portable:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Desktop\NDS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Desktop\music film photo:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Desktop\Mode Dieu.{ED7BA470-8E54-465E-825C-99712043E01C}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Desktop\Celestial.framework:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\moha\Desktop\Applications & Jeux 2009 Pour iPhone & iPod Touch:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\firefoxuser:Roxio EMC Stream

< End of report >

Ask to Old Man · le 01 Mai 2011 14:24

Bonjour,

Merci de lire le cadre rouge situé au début du message... ...Utiliser les balises codes !!

Je laisse le soin à danakil de diriger vers le bon support les gros rapports OTL ou autres.
Cela prend beaucoup trop de place dans les sujets. Merci.

dijital · le 01 Mai 2011 21:16

bonsoir

ok ,Ask to old man

===> pour danakil ,les pub intempestive son revenues ,un peu moins q'avant mais quand je surf , a 80% je suis toujours rediriger vers des sites pas tres net. :oops:

merci

danakil · le 01 Mai 2011 21:46

Salut!

AtOM

Mea Culpa. J'ai omis de préciser l'hébergement du rapport.

dijital,
Que tu sois encore redirigé est un peu normal quand je vois le contenu de tes rapports. Ta naviguation et tes téléchargements ...

Bon je regarde ton dernier rapport et je réponds!

danakil · le 02 Mai 2011 09:14

Re,

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=201.219.17.29:3128;http=201.219.17.29:3128;https=201.219.17.29:3128;gopher=201.219.17.29:3128;socks=201.219.17.29:3128;
FF - prefs.js..network.proxy.ftp: "201.219.17.29"

Tu me confirmes que tes redirections sont visibles sur IE et FF!

dijital · le 02 Mai 2011 11:08

bonjour danakil

oui ya toujours les redirection sur les 2 navigateur.

merci

demande d'aide pour pc infecter

demande d'aide pour pc infecter

Re: demande d'aide pour pc infecter

Re: demande d'aide pour pc infecter

Re: demande d'aide pour pc infecter

Re: demande d'aide pour pc infecter

Re: demande d'aide pour pc infecter

Re: demande d'aide pour pc infecter

Re: demande d'aide pour pc infecter

Re: demande d'aide pour pc infecter

Re: demande d'aide pour pc infecter

Re: demande d'aide pour pc infecter

Re: demande d'aide pour pc infecter

Re: demande d'aide pour pc infecter

Re: demande d'aide pour pc infecter

Re: demande d'aide pour pc infecter

Sujets similaires

Qui est en ligne