[Résolu] Infecté par un trojan dropper

bonjour,

je suis actuellement infecté par un trojan dropper.


Que dois-je faire ? Merci d'avance.

je vous poste les rapports :

Logfile of random's system information tool 1.06 (written by random/random)
Run by denis at 2009-08-03 17:53:29
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 5 GB (4%) free of 131 GB
Total RAM: 1023 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:53:36, on 03/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\denis\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\denis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [E06FXLRD_92935046] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [symws] C:\WINDOWS\defragnt.exe
O4 - HKLM\..\Policies\Explorer\Run: [Joomlab] C:\WINDOWS\defragnt.exe
O4 - HKCU\..\Policies\Explorer\Run: [Joomlab] C:\WINDOWS\defragnt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\denis\Application Data\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{02FA14D5-68BF-4D7A-AF4A-98C27BBF4CF9}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{02FA14D5-68BF-4D7A-AF4A-98C27BBF4CF9}: NameServer = 192.168.1.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8693 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HPpromotions journeysoftware.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_LifeExp_exe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
DealioBHO Class - C:\Program Files\Dealio\kb127\Dealio.dll [2008-05-26 3170144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{955BE0B8-BC85-4CAF-856E-8E0D8B610560}]
BHO pour Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-04 228048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - C:\Program Files\Search Settings\kb127\SearchSettings.dll [2008-06-12 1111904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{147D6308-0614-4112-89B1-31402F9B82C4} - Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-04 228048]

{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Dealio - C:\Program Files\Dealio\kb127\Dealio.dll [2008-05-26 3170144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-12-13 919016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-18 13574144]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Joomlab"=C:\WINDOWS\defragnt.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"MsgCenterExe"=C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe -osboot []
"E06FXLRD_92935046"=C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"symws"=C:\WINDOWS\defragnt.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Joomlab"=C:\WINDOWS\defragnt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
C:\Program Files\Dealio\DealioAU.exe [2008-05-26 595296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_1024515]
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_34222078]
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_366718]
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_456015]
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_51534937]
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_6466781]
-m []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_7249859]
C:\Program Files\Microsoft Encarta\Microsoft Encarta Junior 2006\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_812437]
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HiYo]
C:\Program Files\HiYo\bin\HiYo.exe [2009-01-11 300336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-02-16 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
C:\Program Files\Microsoft LifeCam\LifeExp.exe [2008-08-04 160800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\DOCUME~1\denis\MENUDM~1\PROGRA~1\NEROBA~1\NBJ.exe [2005-06-02 1957888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-09-18 13574144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-09-18 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
C:\WINDOWS\system32\nvraidservice.exe [2008-08-18 203296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\Search Settings\SearchSettings.exe [2008-06-12 991584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2008-10-08 1410296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Store 'n' Go]
C:\Documents and Settings\denis\Application Data\Verbatim Software\V-Key.exe [2005-11-29 2297856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2005-10-27 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [2006-06-06 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
C:\WINDOWS\vVX3000.exe [2008-08-04 721936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-11-04 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^denis^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-09-12 384000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-10-09 79408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"EditLevel"=0
"NoRun"=0
"NoClose"=0
"NoCommonGroups"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\CodeRED Alien Arena\crx.exe"="C:\CodeRED Alien Arena\crx.exe:*isabled:crx"
"C:\nexuiz\nexuiz.exe"="C:\nexuiz\nexuiz.exe:*:EnabledarkPlaces Game Engine"
"C:\Sauerbraten\sauerbraten\bin\sauerbraten.exe"="C:\Sauerbraten\sauerbraten\bin\sauerbraten.exe:*:Enabled:sauerbraten"
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Sierra\FEARCombat\fpupdate.exe"="C:\Program Files\Sierra\FEARCombat\fpupdate.exe:*isabled:fpupdate"
"C:\Program Files\Sierra\FEARCombat\FEARMP.exe"="C:\Program Files\Sierra\FEARCombat\FEARMP.exe:*:Enabled:FEAR Combat"
"C:\Program Files\GameSpy\Comrade\Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe"="C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe"
"C:\Program Files\Microsoft LifeCam\LifeTray.exe"="C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a26c6c7-c5f6-11dd-a8e5-00148524342d}]
shell\AutoRun\command - I:\setupSNK.exe


======List of files/folders created in the last 1 months======

2009-08-03 17:53:29 ----D---- C:\rsit
2009-07-30 02:57:37 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-07-21 21:36:27 ----D---- C:\Program Files\QuickMediaConverter
2009-07-21 00:27:49 ----A---- C:\version.txt
2009-07-16 09:03:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-16 09:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-16 03:01:12 ----A---- C:\WINDOWS\imsins.BAK
2009-07-16 03:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

======List of files/folders modified in the last 1 months======

2009-08-03 17:53:37 ----D---- C:\WINDOWS\Prefetch
2009-08-03 16:00:12 ----D---- C:\WINDOWS\Internet Logs
2009-08-03 15:57:51 ----D---- C:\WINDOWS\Temp
2009-08-03 15:19:02 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-03 15:18:21 ----D---- C:\WINDOWS
2009-08-03 14:58:13 ----D---- C:\Program Files\Mozilla Firefox
2009-08-03 14:54:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-31 19:05:05 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-31 18:58:35 ----SHD---- C:\WINDOWS\Installer
2009-07-31 18:58:34 ----HD---- C:\Config.Msi
2009-07-30 12:53:23 ----D---- C:\WINDOWS\system32
2009-07-30 02:57:49 ----HD---- C:\WINDOWS\inf
2009-07-30 02:57:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-30 02:56:53 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-29 11:57:33 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-22 23:55:13 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-22 15:13:54 ----D---- C:\Documents and Settings\denis\Application Data\AdobeUM
2009-07-21 22:12:33 ----D---- C:\Documents and Settings\denis\Application Data\uTorrent
2009-07-21 21:36:27 ----AD---- C:\Program Files
2009-07-18 18:03:49 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-07-18 18:03:49 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-16 09:30:48 ----D---- C:\WINDOWS\system32\LogFiles
2009-07-16 09:02:58 ----D---- C:\WINDOWS\Debug
2009-07-16 08:58:57 ----D---- C:\WINDOWS\system32\drivers
2009-07-11 01:55:13 ----D---- C:\Documents and Settings\denis\Application Data\Vso
2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-04 04:01:23 ----RSD---- C:\WINDOWS\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 43008]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-05 3968]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-27 75096]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-10-02 5632]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2007-12-13 394952]
R2 irda;Protocole IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [1996-12-12 64512]
R2 X4HSX32;X4HSX32; \??\C:\Program Files\Player Metaboli\X4HSX32.Sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 irsir;Pilote série infrarouge Microsoft; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-18 6132576]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-14 47360]
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2008-08-04 1964816]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2002-05-06 24511]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-24 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-11-11 9856]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-10-09 312880]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2008-08-04 164896]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-18 163908]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-10-12 66872]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2007-12-13 75304]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-10-25 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 InstallShield Licensing Service;InstallShield Licensing Service; C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe [2006-02-28 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-12-19 195752]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------











info.txt logfile of random's system information tool 1.06 2009-08-03 17:53:44

======Uninstall list======

skins ALMS Mod Prototypes 1998-2008 SCC v2.41 for GTR2-->C:\GTR2\Uninstall_ALMS_skins_Mod_Prototypes_1998-2008_SCC_v2.41_for_GTR2.exe
skins Le Mans Mod Prototypes 1998-2008 SCC v2.41 for GTR2-->C:\GTR2\Uninstall_LeMans_skins_Mod_Prototypes_1998-2008_SCC_v2.41_for_GTR2.exe
skins LMES Mod Prototypes 1998-2008 SCC v2.41 for GTR2-->C:\GTR2\Uninstall_ skins_LMES_Mod_Prototypes_1998-2008_SCC_v2.41_for_GTR2.exe
-->C:\WINDOWS\unin040c.exe -fC:\ADLM\DeIsL1.isu
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D-WinBrick2001-->C:\WINDOWS\s&f_UnIn.exe -uC:\Program Files\3D-WinBrick2001\UnInst.inf
ACDSee 10 Photo Manager-->MsiExec.exe /I{F8B98EB6-FC06-45BF-87D4-9784E0408611}
Ad-aware SE - Traduction FR-->C:\Program Files\Lavasoft\Ad-Aware SE Personal\uninst-trad.exe
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Illustrator CS2 Version d'évaluation-->msiexec /I {7F9A0582-482D-4F0B-B85C-C1418418077F}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
Adobe Reader 6.0.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A00000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Alien Arena 2006-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A376CC14-A32D-4D4D-889E-5546BCC4B595}\setup.exe" -l0x9
Apple Software Update-->MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c
Audacity 1.3.2 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BMW M3 Challenge-->"C:\BMW M3 Challenge\Support\unins000.exe"
Canon Camera Access Library-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
CANON iMAGE GATEWAY Task-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Collection Microsoft Encarta 2006 DVD-->MsiExec.exe /I{06180081-3E21-46D6-9A91-D927BA08F41D}
Companion wizard-->C:\Program Files\Common Files\Companion Wizard\compwiz.exe -u
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
ConvertXtoDVD 3.3.4.107-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Dance eJay 7 Demo-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D74C204-0451-463E-8B8E-F2E11504A675}\setup.exe" -l0x40c -removeonly
Dealio Toolbar 3.4-->MsiExec.exe /X{6105648C-0C3C-481D-8C11-1F4952D6FB53}
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
Driver Detective-->C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
EVEREST Ultimate Edition v4.60-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
F1 2007 pour GTR2 v1.15-->C:\GTR2\Uninstal mod F1 2007 pour GTR2.exe
FEARCombat-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75E607CF-7BAE-4B88-84B3-97F3DF44BA28}\setup.exe" -l0x9 /zU -removeonly
Free Mp3 Wma Converter V 1.7.2-->"C:\Program Files\Free Audio Pack\unins000.exe"
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GLtron version 0.70-->"C:\Program Files\GLtron\unins000.exe"
GTR 2 1.0.0.0-->"C:\GTR2\Support\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HiYo -->MsiExec.exe /X{8F3A13FC-DFDA-4001-A6C3-030495A1E66E} ARPVAL="UnInst" /qf /L*V "%temp%\HiYoUninstallLog.log"
HiYo-->MsiExec.exe /X{8F3A13FC-DFDA-4001-A6C3-030495A1E66E}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Extended Capabilities 4.7-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Scanjet 3770-->C:\Program Files\HP\Digital Imaging\{7CFD1028-F6C9-4b3c-BD20-51D56E7C7C8D}\setup\hpzscr01.exe -datfile hpgscr01.dat
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
IFOEdit 0.971 Fr-->C:\Program Files\IfoEdit\UnInstall_IfoEdit.exe
InstallScript-->"C:\Program Files\Octatec\InstallScript\uninstall\unsetup.exe" "C:\Program Files\Octatec\InstallScript\uninstall"
iTunes-->MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JkDefrag 3.34a-->"C:\Program Files\JkDefrag\unins000.exe"
Kit de Connexion Alice ADSL-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A0221AD-D30B-4320-8F9B-1D0F0E6C6843}\setup.exe" -l0x40c ControlPanel
K-Lite Codec Pack 2.89 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
KnC-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71C554B9-79B7-4B5A-8AF0-C6E5CBE108CC}\setup.exe" -l0x40c -removeonly
L&H TTS3000 Français-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSFRF.inf, Uninstall
Leadfoot-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA7632CD-454A-11D5-B5D0-0010B543C735}\Setup.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Light Driver-->C:\WINDOWS\UNWISE.EXE C:\WINDOWS\LightDriver.LOG
Ma-Config.com-->MsiExec.exe /X{EC7FE2ED-F305-41B7-90B8-3DAE9E35307A}
Macrogaming SweetIM 1.2a-->MsiExec.exe /X{5827C8C9-A3C6-4E7C-AA70-F6AFAB52F981}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaCoder 0.6.1-->C:\Program Files\MediaCoder\uninst.exe
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Micro Application - Kit CD-DVD MC-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6589821-39D7-4A4F-8CF7-B3CCB3717829}\SETUP.EXE" -l0x40c
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Corporation-->MsiExec.exe /I{7B08D306-7266-4647-A926-2F78817ED1E0}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft LifeCam-->MsiExec.exe /X{6BCB7EAA-598C-4836-B7EA-3642E41AA222}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 CD-ROM 2-->MsiExec.exe /I{0004040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mod Prototypes 1998-2008 SCC v2.41 for GTR2 - Cars-->C:\GTR2\Uninstall_Mod_Prototypes_1998-2008_SCC_v2.41_for_GTR2.exe
MoTeC i2 Pro-->MsiExec.exe /I{D416059B-C21B-4405-ACC0-010C481E0FDA}
Mozilla Firefox (3.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Multimedia Card Reader-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{07B02BD4-E799-4945-B240-166CA9A9BE2D} /l1036
My DSC-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD>
Nero OEM-->C:\Documents and Settings\denis\Menu Démarrer\Programmes\Démarrage\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\Setup.exe /uninstall ExtraUninstallID=""
Nuance Palm Voice Recorder-->MsiExec.exe /I{57DB3FC4-FB4F-48F8-A290-1C22FB349277}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe
OpenAL-->"C:\Program Files\OpenAL\OalinstGridRelease.exe" /U
OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Pangya_Eu (GOA)-->C:\Program Files\GOA\Pangya_Eu\uninstall.exe
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
PKR-->"C:\Program Files\PKR\uninstall-pkr.exe"
Plane Arcade-->C:\Program Files\Plane Arcade\uninstall.exe
Player Metaboli-->"C:\Program Files\Player Metaboli\Uninstall.exe"
QuickTime-->MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RAD Video Tools-->"C:\Program Files\RADVideo\uninstall.exe"
Radio Fr Solo 2.1-->C:\Program Files\Radio Fr Solo\Uninstall.exe
Readiris Pro 9-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CA9D105-113C-11D8-AB3E-000102B0F79A}\setup.exe" -l0x40c
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly
Reparer MSN-->C:\WINDOWS\Désinstaller reparermsn.exe
rFactor (remove only)-->"C:\Program Files\rFactor\Uninstall.exe"
Richard Burns Rally-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92C7D009-A464-4948-A980-7A3E28CB2F49}\setup.exe" -l0x40c
RSRBR2009-->"C:\Program Files\SCi Games\Richard Burns Rally\unins000.exe"
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Taleban Attack-->C:\WINDOWS\system32\duninstall.exe "C:\Program Files\Brodaroda\Taleban Attack\\install.log"
TrackMania Nations ESWC 1.7.9-->"C:\Program Files\TrackMania Nations ESWC\unins000.exe"
True Combat: Elite 0.49-->C:\PROGRA~1\WOLFEN~1\tcetest\uninst.exe
Uniblue DriverScanner 2009-->"C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue DriverScanner 2009-->C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
VobEdit 0.6 Fr-->C:\Program Files\IfoEdit\UnInstall_VobEdit.exe
WarRock-->C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
Web Media Player 0.63b-->"C:\Program Files\Web Media Player\unins000.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sync-->MsiExec.exe /X{67D0313C-4F15-437D-9A2D-C1564088A26A}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wolfenstein - Enemy Territory-->C:\PROGRA~1\WOLFEN~1\Uninstall\Unwise.exe /u C:\PROGRA~1\WOLFEN~1\Uninstall\Install.log
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

AV: Avira AntiVir PersonalEdition
FW: ZoneAlarm Firewall

======System event log======

Computer Name: DENIS-QIOX3BIL7
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).

Record Number: 651440
Source Name: Service Control Manager
Time Written: 20090526174739.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: DENIS-QIOX3BIL7
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.

Record Number: 651439
Source Name: Service Control Manager
Time Written: 20090526174739.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: DENIS-QIOX3BIL7
Event Code: 7036
Message: Le service Téléphonie est entré dans l'état : en cours d'exécution.

Record Number: 651438
Source Name: Service Control Manager
Time Written: 20090526174739.000000+120
Event Type: Informations
User:

Computer Name: DENIS-QIOX3BIL7
Event Code: 7036
Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.

Record Number: 651437
Source Name: Service Control Manager
Time Written: 20090526174739.000000+120
Event Type: Informations
User:

Computer Name: DENIS-QIOX3BIL7
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.

Record Number: 651436
Source Name: Service Control Manager
Time Written: 20090526174739.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

=====Application event log=====

Computer Name: DENIS-QIOX3BIL7
Event Code: 102
Message: MsnMsgr (864) \\.\C:\Documents and Settings\denis\Local Settings\Application Data\Microsoft\Messenger\denislucie@live.fr\SharingMetadata\Working\database_A4A0_2AB_A002_83D0\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 24284
Source Name: ESENT
Time Written: 20090501122532.000000+120
Event Type: Informations
User:

Computer Name: DENIS-QIOX3BIL7
Event Code: 100
Message: MsnMsgr (864) Le moteur de base de données 5.01.2600.5512 est démarré.

Record Number: 24283
Source Name: ESENT
Time Written: 20090501122532.000000+120
Event Type: Informations
User:

Computer Name: DENIS-QIOX3BIL7
Event Code: 101
Message: MsnMsgr (864) Le moteur de base de données est arrêté.

Record Number: 24282
Source Name: ESENT
Time Written: 20090501122521.000000+120
Event Type: Informations
User:

Computer Name: DENIS-QIOX3BIL7
Event Code: 103
Message: MsnMsgr (864) \\.\C:\Documents and Settings\denis\Local Settings\Application Data\Microsoft\Messenger\denislucie@live.fr\SharingMetadata\Working\database_A4A0_2AB_A002_83D0\dfsr.db: Le moteur de base de données a arrêté une instance (0).

Record Number: 24281
Source Name: ESENT
Time Written: 20090501122521.000000+120
Event Type: Informations
User:

Computer Name: DENIS-QIOX3BIL7
Event Code: 102
Message: MsnMsgr (864) \\.\C:\Documents and Settings\denis\Local Settings\Application Data\Microsoft\Messenger\denislucie@live.fr\SharingMetadata\Working\database_A4A0_2AB_A002_83D0\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 24280
Source Name: ESENT
Time Written: 20090501121905.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\FICHIE~1\AUTODE~1;C:\Program Files\QuickTime\QTSystem\;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\Fichiers communs\Adobe\AGL;C:\Program Files\Samsung\Samsung PC Studio 3\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------

voila mon rapport :


Malwarebytes' Anti-Malware 1.08
Version de la base de données: 475

Type de recherche: Examen rapide
Eléments examinés: 31761
Temps écoulé: 7 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

voila mon nouveau rapport, en effet c'est pas la même chose :


Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2551
Windows 5.1.2600 Service Pack 3

03/08/2009 20:37:12
mbam-log-2009-08-03 (20-37-12).txt

Type de recherche: Examen rapide
Eléments examinés: 98757
Temps écoulé: 5 minute(s), 59 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{n0ksq317-x610-4u04-4u51-6ug553325747} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b5141620-c2b2-4d95-9f0f-134d99c87ab0} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

voila mon rapport :


======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 21:15:48, 03/08/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: DENIS-QIOX3BIL7 | Utilisateur actuel: denis
.
Administrateur: Administrateur
N'est pas administrateur: ASPNET
Administrateur: denis
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
.
HKCR\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}
HKCR\Interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
HKCR\SearchSettings.BHO
HKCR\SearchSettings.BHO.1
HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
HKCU\Software\SWEETIE
HKLM\Software\Classes\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}
HKLM\Software\Classes\Interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
HKLM\Software\Classes\SearchSettings.BHO
HKLM\Software\Classes\SearchSettings.BHO.1
HKLM\Software\Classes\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
HKLM\Software\Dealio
HKLM\Software\Macrogaming
HKLM\Software\Microsoft\ESENT\Process\SweetIM
HKLM\Software\Microsoft\Internet Explorer\Extensions\{E908B145-C847-4e85-B315-07E2E70DECF8}
HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
HKLM\Software\Search Settings
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
HKCR\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082}
HKLM\Software\Classes\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\35F8F48CFBC340946AF151B8E2105C1B
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\430B9074095998B438236F5FB1ED75CB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\80719E8EA720305459C0EE8389E9CAFB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A8B8696B937B0D04B8796ADECB6EC106
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B084A05F467835D4394CCF76723438C1
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E6E39982D5828024DA11899256779137
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F1B496B301445D115AA4000972A8B18B
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
.
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
C:\DOCUME~1\denis\APPLIC~1\Dealio
C:\DOCUME~1\denis\APPLIC~1\Search Settings
C:\Program Files\Dealio
C:\Program Files\Macrogaming
C:\Program Files\Search Settings
C:\WINDOWS\Installer\15759a.msi
C:\WINDOWS\Installer\1e87a21.msi
C:\WINDOWS\Installer\1e87a27.msi
.
============== Scan additionnel ==============
.

* Mozilla FireFox Version 3.0.12 *

Nom du profil: fqaghp26.default (denis)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Google" );
(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search" );
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" );
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:frfficial" );
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.12" );
.
.

* Internet Explorer Version 6.0.2900.5512 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchAssistant: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start Page: hxxp://www.msn.fr/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.google.com/ie
SearchAssistant: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.google.com

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]


.
============== Processus Caches/Bloque ==============
.
PID: 1468 [LOCKED] vsmon.exe
PID: 516 [LOCKED] zlclient.exe
.

============== Suspect (Cracks, Serials ... ) ==============

.
C:\Documents and Settings\denis\Bureau\a trier bureau\ET_Patch_2_60.exe
C:\Documents and Settings\denis\Bureau\a trier bureau\nerovision-express_patch_francais_3.1.0.25_francais_10914.exe
C:\Documents and Settings\denis\Bureau\JEUX divers\Grid\#readme#\GRIDPatch2.exe
C:\Documents and Settings\denis\Mes documents\Fichiers p2p\FILMS\GTR.2-RELOADED\Crack\GTR2 v1.1 no-cd.rar
C:\Documents and Settings\denis\Mes documents\Fichiers p2p\FILMS\GTR.2-RELOADED\Crack\GTR2.exe
C:\Documents and Settings\denis\Mes documents\Fichiers p2p\Lavalys.EVEREST.Ultimate.Edition.v4.60.1500.Multilingual.Incl.Keygen-BRD\brd.nfo
C:\Documents and Settings\denis\Mes documents\Fichiers p2p\Lavalys.EVEREST.Ultimate.Edition.v4.60.1500.Multilingual.Incl.Keygen-BRD\Lavalys.EVEREST.Ultimate.Edition.v4.60.1500.Multilingual.Incl.Keygen-BRD.rar
C:\Documents and Settings\denis\Mes documents\Fichiers p2p\Uniblue.DriverScanner 2009 2.0.0.47.Inc Keygen-lz0{DEMONOID}{JOHNCANADUDE}\driverscanner.exe
C:\Documents and Settings\denis\Mes documents\Fichiers p2p\Uniblue.DriverScanner 2009 2.0.0.47.Inc Keygen-lz0{DEMONOID}{JOHNCANADUDE}\Universal Keygen.BRD.rar
C:\Documents and Settings\denis\Mes documents\fichiers torrent trackers\Architecte 3D (Plan Maison Architecture) Crack.zip.rar.torrent
C:\Documents and Settings\denis\Mes documents\fichiers torrent trackers\Dragon.Naturally.Speaking.9.51.Professional(French+all.English).setup+Readme.Serial.torrent
C:\Documents and Settings\denis\Mes documents\fichiers torrent trackers\Lavalys.EVEREST.Ultimate.Edition.v4.60.1500.Multilingual.Incl.Keygen-BRD.torrent
C:\Documents and Settings\denis\Mes documents\fichiers torrent trackers\Need.For.Speed.Pro.Street.CRACK-ONLY-RELOADED.torrent
C:\Documents and Settings\denis\Mes documents\fichiers torrent trackers\Uniblue.DriverScanner 2009 2.0.0.47.Inc Keygen-lz0{DEMONOID}{JOHNCANADUDE}.torrent
C:\Documents and Settings\denis\Mes documents\fichiers torrent trackers\VSO ConvertXtoDVD 3.3.4.107+keygen.torrent
.
===================================
.
10529 Octet(s) - C:\Ad-Report-SCAN.log
.
127 Fichier(s) - C:\DOCUME~1\denis\LOCALS~1\Temp
41 Fichier(s) - C:\WINDOWS\Temp
.
1 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 21:58:26 | 03/08/2009
.
============== E.O.F ==============
.

voila la rapport après nettoyage:


======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 0:28:37, 04/08/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: DENIS-QIOX3BIL7 | Utilisateur actuel: denis
.
Administrateur: Administrateur
N'est pas administrateur: ASPNET
Administrateur: denis
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\35F8F48CFBC340946AF151B8E2105C1B
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\430B9074095998B438236F5FB1ED75CB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\80719E8EA720305459C0EE8389E9CAFB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A8B8696B937B0D04B8796ADECB6EC106
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B084A05F467835D4394CCF76723438C1
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E6E39982D5828024DA11899256779137
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F1B496B301445D115AA4000972A8B18B
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
.
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio\Dealio Deskbar.lnk
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio\Help.url
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio\Uninstall.lnk
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio\What is Dealio.url
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\alerts.gif
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\alerts_over.gif
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\alerts_rec.gif
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\alerts_rec_over.gif
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\chevron-small.gif
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\DealioSearch.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\deals-leftcap.gif
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\deal_report.jpg
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\ebay_login.jpg
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\err_mainwindow.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\err_toolbar.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\global_scripts.js
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\headerbgthin.jpg
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\highlight-bg.png
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\logo.gif
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\logo_over.gif
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\man_toolbar.css
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\man_toolbar.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\man_toolbar.js
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\man_toolbarl.js
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\post-this-deal.gif
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\post-this-deal_over.gif
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\scripts.js
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\scroller.js
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\search-chevron.gif
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\search-chevron_over.gif
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\search_bg_blink.gif
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\separator.gif
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\settings.gif
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\settings_over.gif
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\yahoo-search.png
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\index.76.35
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.10.76
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.109.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.110.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.12.52
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.13.58
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.130.58
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.135.50
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.153.44
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.155.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.156.49
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.16.60
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.161.52
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.178.66
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.184.55
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.188.52
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.189.45
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.196.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.198.56
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.199.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.200.53
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.201.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.202.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.203.71
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.205.62
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.213.71
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.214.49
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.215.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.216.67
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.217.67
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.218.52
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.219.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.220.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.221.57
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.222.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.223.68
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.226.68
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.227.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.228.62
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.229.76
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.23.63
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.239.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.24.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.240.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.241.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.242.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.243.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.244.63
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.245.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.247.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.248.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.249.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.250.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.251.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.252.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.253.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.254.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.255.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.256.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.257.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.279.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.28.58
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.282.75
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.283.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.284.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.289.67
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.290.62
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.291.61
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.296.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.297.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.304.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.307.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.308.75
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.31.47
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.310.46
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.311.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.315.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.316.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.317.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.318.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.319.49
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.32.48
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.334.44
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.335.60
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.336.44
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.337.44
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.338.75
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.339.47
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.34.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.340.47
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.341.47
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.349.50
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.35.48
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.350.50
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.351.51
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.352.54
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.353.51
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.354.51
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.357.62
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.358.52
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.359.52
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.360.53
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.361.54
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.362.68
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.363.58
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.364.54
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.365.53
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.367.56
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.368.58
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.369.55
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.370.56
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.371.56
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.372.57
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.373.55
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.375.56
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.376.57
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.377.55
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.378.65
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.384.58
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.386.71
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.387.59
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.388.59
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.389.59
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.390.60
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.391.60
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.392.60
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.393.60
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.394.60
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.396.61
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.397.61
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.398.60
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.399.60
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.403.61
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.404.63
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.405.61
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.406.61
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.407.76
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.408.63
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.409.61
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.412.62
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.413.62
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.414.62
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.415.62
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.416.62
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.417.62
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.418.62
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.419.62
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.420.62
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.421.62
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.423.63
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.424.63
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.425.63
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.426.63
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.427.63
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.428.65
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.429.63
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.430.63
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.432.65
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.433.64
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.434.65
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.435.64
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.436.76
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.437.64
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.438.71
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.439.71
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.440.75
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.442.73
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.443.73
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.444.73
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.445.68
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.446.69
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.450.67
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.451.67
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.452.68
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.453.68
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.454.69
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.456.69
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.457.75
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.458.70
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.459.70
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.460.69
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.462.74
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.463.69
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.464.70
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.465.68
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.468.70
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.469.70
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.470.70
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.471.73
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.472.70
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.478.74
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.479.73
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.480.68
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.481.71
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.482.74
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.49.67
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.50.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.500.71
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.501.74
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.502.71
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.51.69
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.52.72
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.520.76
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.521.76
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.522.76
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.53.51
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.531.76
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.532.75
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.534.75
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.54.47
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.55.45
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.56.69
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.57.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.58.47
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.593.76
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.595.76
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.63.57
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.66.47
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.70.75
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.71.43
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\dealio-14459.log
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\dod_cache.xml
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1104_1112_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1332_908_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1384_3440_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2044_2120_5.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2064_3864_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2160_1944_6.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2160_2152_18.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2160_2300_12.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2160_2600_9.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2160_3364_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2160_3732_15.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2216_2284_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2268_2232_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2312_2836_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_1000_8.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_1120_45.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_2260_5.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_228_9.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_2808_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_3276_30.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_3416_24.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_3772_36.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_3788_15.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_3824_27.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_3848_48.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_3892_12.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_3956_42.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_4044_33.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_576_39.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_656_21.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_912_18.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2816_2568_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2832_2648_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2868_3536_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2868_3756_6.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3104_1272_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3124_3276_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3140_884_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3144_3140_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3180_1816_5.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3228_244_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3392_4088_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3408_1560_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3408_1880_27.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3408_1900_12.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3408_192_24.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3408_2472_11.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3408_2648_21.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3408_2996_30.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3408_3696_6.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3408_3788_15.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3408_548_18.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3416_1388_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3416_3448_6.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3680_692_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3708_812_5.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3808_3712_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3808_3848_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3808_896_8.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3880_1784_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3880_3416_6.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3900_3904_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4080_2140_9.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4080_2356_6.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4080_3064_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4080_3996_12.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4996_5000_5.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5364_2636_15.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5364_4260_18.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5364_4412_9.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5364_4900_6.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5364_5140_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5364_5876_12.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_620_288_6.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_620_864_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_624_3484_3.html
C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_836_2016_5.html
C:\DOCUME~1\denis\APPLIC~1\Dealio
C:\DOCUME~1\denis\APPLIC~1\Search Settings\kb127
C:\DOCUME~1\denis\APPLIC~1\Search Settings\kb127\res
C:\DOCUME~1\denis\APPLIC~1\Search Settings\kb127\temp
C:\DOCUME~1\denis\APPLIC~1\Search Settings\kb127\temp\ws-14459.log
C:\DOCUME~1\denis\APPLIC~1\Search Settings
C:\Program Files\Dealio\DealioAU.exe
C:\Program Files\Dealio\kb127
C:\Program Files\Dealio\SearchSettingsKit.exe
C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
C:\Program Files\Dealio\kb127\Dealio.dll
C:\Program Files\Dealio\kb127\DealioRes409.dll
C:\Program Files\Dealio\kb127\res
C:\Program Files\Dealio\kb127\resDN
C:\Program Files\Dealio\kb127\rules
C:\Program Files\Dealio\kb127\temp
C:\Program Files\Dealio\kb127\res\alerts.gif
C:\Program Files\Dealio\kb127\res\alerts_over.gif
C:\Program Files\Dealio\kb127\res\alerts_rec.gif
C:\Program Files\Dealio\kb127\res\alerts_rec_over.gif
C:\Program Files\Dealio\kb127\res\chevron-small.gif
C:\Program Files\Dealio\kb127\res\DealioSearch.html
C:\Program Files\Dealio\kb127\res\deals-leftcap.gif
C:\Program Files\Dealio\kb127\res\deal_report.jpg
C:\Program Files\Dealio\kb127\res\ebay_login.jpg
C:\Program Files\Dealio\kb127\res\err_mainwindow.html
C:\Program Files\Dealio\kb127\res\err_toolbar.html
C:\Program Files\Dealio\kb127\res\global_scripts.js
C:\Program Files\Dealio\kb127\res\headerbgthin.jpg
C:\Program Files\Dealio\kb127\res\highlight-bg.png
C:\Program Files\Dealio\kb127\res\logo.gif
C:\Program Files\Dealio\kb127\res\logo_over.gif
C:\Program Files\Dealio\kb127\res\man_toolbar.css
C:\Program Files\Dealio\kb127\res\man_toolbar.html
C:\Program Files\Dealio\kb127\res\man_toolbar.js
C:\Program Files\Dealio\kb127\res\man_toolbarl.js
C:\Program Files\Dealio\kb127\res\post-this-deal.gif
C:\Program Files\Dealio\kb127\res\post-this-deal_over.gif
C:\Program Files\Dealio\kb127\res\scripts.js
C:\Program Files\Dealio\kb127\res\scroller.js
C:\Program Files\Dealio\kb127\res\search-chevron.gif
C:\Program Files\Dealio\kb127\res\search-chevron_over.gif
C:\Program Files\Dealio\kb127\res\search_bg_blink.gif
C:\Program Files\Dealio\kb127\res\separator.gif
C:\Program Files\Dealio\kb127\res\settings.gif
C:\Program Files\Dealio\kb127\res\settings_over.gif
C:\Program Files\Dealio\kb127\res\yahoo-search.png
C:\Program Files\Dealio\kb127\resDN\bottom.gif
C:\Program Files\Dealio\kb127\resDN\chevron_down.gif
C:\Program Files\Dealio\kb127\resDN\chevron_up.gif
C:\Program Files\Dealio\kb127\resDN\close.gif
C:\Program Files\Dealio\kb127\resDN\deskbar.css
C:\Program Files\Dealio\kb127\resDN\deskbar.js
C:\Program Files\Dealio\kb127\resDN\dispatch_helper.js
C:\Program Files\Dealio\kb127\resDN\ebay_compatible.jpg
C:\Program Files\Dealio\kb127\resDN\logo.gif
C:\Program Files\Dealio\kb127\resDN\logo_chevron_bkg.gif
C:\Program Files\Dealio\kb127\resDN\losing.gif
C:\Program Files\Dealio\kb127\resDN\lost.gif
C:\Program Files\Dealio\kb127\resDN\man_deskbar.html
C:\Program Files\Dealio\kb127\resDN\menu_arrow.gif
C:\Program Files\Dealio\kb127\resDN\menu_check.gif
C:\Program Files\Dealio\kb127\resDN\no_image.gif
C:\Program Files\Dealio\kb127\resDN\prod_img.gif
C:\Program Files\Dealio\kb127\resDN\search_chevron.gif
C:\Program Files\Dealio\kb127\resDN\spacer.gif
C:\Program Files\Dealio\kb127\resDN\textfield_bkg.gif
C:\Program Files\Dealio\kb127\resDN\top.gif
C:\Program Files\Dealio\kb127\resDN\unknown.gif
C:\Program Files\Dealio\kb127\resDN\winning.gif
C:\Program Files\Dealio\kb127\resDN\won.gif
C:\Program Files\Dealio\kb127\rules\index.76.35
C:\Program Files\Dealio\kb127\rules\rules.1.10.76
C:\Program Files\Dealio\kb127\rules\rules.1.109.43
C:\Program Files\Dealio\kb127\rules\rules.1.110.43
C:\Program Files\Dealio\kb127\rules\rules.1.12.52
C:\Program Files\Dealio\kb127\rules\rules.1.13.58
C:\Program Files\Dealio\kb127\rules\rules.1.130.58
C:\Program Files\Dealio\kb127\rules\rules.1.135.50
C:\Program Files\Dealio\kb127\rules\rules.1.153.44
C:\Program Files\Dealio\kb127\rules\rules.1.155.43
C:\Program Files\Dealio\kb127\rules\rules.1.156.49
C:\Program Files\Dealio\kb127\rules\rules.1.16.60
C:\Program Files\Dealio\kb127\rules\rules.1.161.52
C:\Program Files\Dealio\kb127\rules\rules.1.178.66
C:\Program Files\Dealio\kb127\rules\rules.1.184.55
C:\Program Files\Dealio\kb127\rules\rules.1.188.52
C:\Program Files\Dealio\kb127\rules\rules.1.189.45
C:\Program Files\Dealio\kb127\rules\rules.1.196.43
C:\Program Files\Dealio\kb127\rules\rules.1.198.56
C:\Program Files\Dealio\kb127\rules\rules.1.199.43
C:\Program Files\Dealio\kb127\rules\rules.1.200.53
C:\Program Files\Dealio\kb127\rules\rules.1.201.43
C:\Program Files\Dealio\kb127\rules\rules.1.202.43
C:\Program Files\Dealio\kb127\rules\rules.1.203.71
C:\Program Files\Dealio\kb127\rules\rules.1.205.62
C:\Program Files\Dealio\kb127\rules\rules.1.213.71
C:\Program Files\Dealio\kb127\rules\rules.1.214.49
C:\Program Files\Dealio\kb127\rules\rules.1.215.43
C:\Program Files\Dealio\kb127\rules\rules.1.216.67
C:\Program Files\Dealio\kb127\rules\rules.1.217.67
C:\Program Files\Dealio\kb127\rules\rules.1.218.52
C:\Program Files\Dealio\kb127\rules\rules.1.219.43
C:\Program Files\Dealio\kb127\rules\rules.1.220.43
C:\Program Files\Dealio\kb127\rules\rules.1.221.57
C:\Program Files\Dealio\kb127\rules\rules.1.222.43
C:\Program Files\Dealio\kb127\rules\rules.1.223.68
C:\Program Files\Dealio\kb127\rules\rules.1.226.68
C:\Program Files\Dealio\kb127\rules\rules.1.227.43
C:\Program Files\Dealio\kb127\rules\rules.1.228.62
C:\Program Files\Dealio\kb127\rules\rules.1.229.76
C:\Program Files\Dealio\kb127\rules\rules.1.23.63
C:\Program Files\Dealio\kb127\rules\rules.1.239.43
C:\Program Files\Dealio\kb127\rules\rules.1.24.43
C:\Program Files\Dealio\kb127\rules\rules.1.240.43
C:\Program Files\Dealio\kb127\rules\rules.1.241.43
C:\Program Files\Dealio\kb127\rules\rules.1.242.43
C:\Program Files\Dealio\kb127\rules\rules.1.243.43
C:\Program Files\Dealio\kb127\rules\rules.1.244.63
C:\Program Files\Dealio\kb127\rules\rules.1.245.43
C:\Program Files\Dealio\kb127\rules\rules.1.247.43
C:\Program Files\Dealio\kb127\rules\rules.1.248.43
C:\Program Files\Dealio\kb127\rules\rules.1.249.43
C:\Program Files\Dealio\kb127\rules\rules.1.250.43
C:\Program Files\Dealio\kb127\rules\rules.1.251.43
C:\Program Files\Dealio\kb127\rules\rules.1.252.43
C:\Program Files\Dealio\kb127\rules\rules.1.253.43
C:\Program Files\Dealio\kb127\rules\rules.1.254.43
C:\Program Files\Dealio\kb127\rules\rules.1.255.43
C:\Program Files\Dealio\kb127\rules\rules.1.256.43
C:\Program Files\Dealio\kb127\rules\rules.1.257.43
C:\Program Files\Dealio\kb127\rules\rules.1.279.43
C:\Program Files\Dealio\kb127\rules\rules.1.28.58
C:\Program Files\Dealio\kb127\rules\rules.1.282.75
C:\Program Files\Dealio\kb127\rules\rules.1.283.43
C:\Program Files\Dealio\kb127\rules\rules.1.284.43
C:\Program Files\Dealio\kb127\rules\rules.1.289.67
C:\Program Files\Dealio\kb127\rules\rules.1.290.62
C:\Program Files\Dealio\kb127\rules\rules.1.291.61
C:\Program Files\Dealio\kb127\rules\rules.1.296.43
C:\Program Files\Dealio\kb127\rules\rules.1.297.43
C:\Program Files\Dealio\kb127\rules\rules.1.304.43
C:\Program Files\Dealio\kb127\rules\rules.1.307.43
C:\Program Files\Dealio\kb127\rules\rules.1.308.75
C:\Program Files\Dealio\kb127\rules\rules.1.31.47
C:\Program Files\Dealio\kb127\rules\rules.1.310.46
C:\Program Files\Dealio\kb127\rules\rules.1.311.43
C:\Program Files\Dealio\kb127\rules\rules.1.315.43
C:\Program Files\Dealio\kb127\rules\rules.1.316.43
C:\Program Files\Dealio\kb127\rules\rules.1.317.43
C:\Program Files\Dealio\kb127\rules\rules.1.318.43
C:\Program Files\Dealio\kb127\rules\rules.1.319.49
C:\Program Files\Dealio\kb127\rules\rules.1.32.48
C:\Program Files\Dealio\kb127\rules\rules.1.334.44
C:\Program Files\Dealio\kb127\rules\rules.1.335.60
C:\Program Files\Dealio\kb127\rules\rules.1.336.44
C:\Program Files\Dealio\kb127\rules\rules.1.337.44
C:\Program Files\Dealio\kb127\rules\rules.1.338.75
C:\Program Files\Dealio\kb127\rules\rules.1.339.47
C:\Program Files\Dealio\kb127\rules\rules.1.34.43
C:\Program Files\Dealio\kb127\rules\rules.1.340.47
C:\Program Files\Dealio\kb127\rules\rules.1.341.47
C:\Program Files\Dealio\kb127\rules\rules.1.349.50
C:\Program Files\Dealio\kb127\rules\rules.1.35.48
C:\Program Files\Dealio\kb127\rules\rules.1.350.50
C:\Program Files\Dealio\kb127\rules\rules.1.351.51
C:\Program Files\Dealio\kb127\rules\rules.1.352.54
C:\Program Files\Dealio\kb127\rules\rules.1.353.51
C:\Program Files\Dealio\kb127\rules\rules.1.354.51
C:\Program Files\Dealio\kb127\rules\rules.1.357.62
C:\Program Files\Dealio\kb127\rules\rules.1.358.52
C:\Program Files\Dealio\kb127\rules\rules.1.359.52
C:\Program Files\Dealio\kb127\rules\rules.1.360.53
C:\Program Files\Dealio\kb127\rules\rules.1.361.54
C:\Program Files\Dealio\kb127\rules\rules.1.362.68
C:\Program Files\Dealio\kb127\rules\rules.1.363.58
C:\Program Files\Dealio\kb127\rules\rules.1.364.54
C:\Program Files\Dealio\kb127\rules\rules.1.365.53
C:\Program Files\Dealio\kb127\rules\rules.1.367.56
C:\Program Files\Dealio\kb127\rules\rules.1.368.58
C:\Program Files\Dealio\kb127\rules\rules.1.369.55
C:\Program Files\Dealio\kb127\rules\rules.1.370.56
C:\Program Files\Dealio\kb127\rules\rules.1.371.56
C:\Program Files\Dealio\kb127\rules\rules.1.372.57
C:\Program Files\Dealio\kb127\rules\rules.1.373.55
C:\Program Files\Dealio\kb127\rules\rules.1.375.56
C:\Program Files\Dealio\kb127\rules\rules.1.376.57
C:\Program Files\Dealio\kb127\rules\rules.1.377.55
C:\Program Files\Dealio\kb127\rules\rules.1.378.65
C:\Program Files\Dealio\kb127\rules\rules.1.384.58
C:\Program Files\Dealio\kb127\rules\rules.1.386.71
C:\Program Files\Dealio\kb127\rules\rules.1.387.59
C:\Program Files\Dealio\kb127\rules\rules.1.388.59
C:\Program Files\Dealio\kb127\rules\rules.1.389.59
C:\Program Files\Dealio\kb127\rules\rules.1.390.60
C:\Program Files\Dealio\kb127\rules\rules.1.391.60
C:\Program Files\Dealio\kb127\rules\rules.1.392.60
C:\Program Files\Dealio\kb127\rules\rules.1.393.60
C:\Program Files\Dealio\kb127\rules\rules.1.394.60
C:\Program Files\Dealio\kb127\rules\rules.1.396.61
C:\Program Files\Dealio\kb127\rules\rules.1.397.61
C:\Program Files\Dealio\kb127\rules\rules.1.398.60
C:\Program Files\Dealio\kb127\rules\rules.1.399.60
C:\Program Files\Dealio\kb127\rules\rules.1.403.61
C:\Program Files\Dealio\kb127\rules\rules.1.404.63
C:\Program Files\Dealio\kb127\rules\rules.1.405.61
C:\Program Files\Dealio\kb127\rules\rules.1.406.61
C:\Program Files\Dealio\kb127\rules\rules.1.407.76
C:\Program Files\Dealio\kb127\rules\rules.1.408.63
C:\Program Files\Dealio\kb127\rules\rules.1.409.61
C:\Program Files\Dealio\kb127\rules\rules.1.412.62
C:\Program Files\Dealio\kb127\rules\rules.1.413.62
C:\Program Files\Dealio\kb127\rules\rules.1.414.62
C:\Program Files\Dealio\kb127\rules\rules.1.415.62
C:\Program Files\Dealio\kb127\rules\rules.1.416.62
C:\Program Files\Dealio\kb127\rules\rules.1.417.62
C:\Program Files\Dealio\kb127\rules\rules.1.418.62
C:\Program Files\Dealio\kb127\rules\rules.1.419.62
C:\Program Files\Dealio\kb127\rules\rules.1.420.62
C:\Program Files\Dealio\kb127\rules\rules.1.421.62
C:\Program Files\Dealio\kb127\rules\rules.1.423.63
C:\Program Files\Dealio\kb127\rules\rules.1.424.63
C:\Program Files\Dealio\kb127\rules\rules.1.425.63
C:\Program Files\Dealio\kb127\rules\rules.1.426.63
C:\Program Files\Dealio\kb127\rules\rules.1.427.63
C:\Program Files\Dealio\kb127\rules\rules.1.428.65
C:\Program Files\Dealio\kb127\rules\rules.1.429.63
C:\Program Files\Dealio\kb127\rules\rules.1.430.63
C:\Program Files\Dealio\kb127\rules\rules.1.432.65
C:\Program Files\Dealio\kb127\rules\rules.1.433.64
C:\Program Files\Dealio\kb127\rules\rules.1.434.65
C:\Program Files\Dealio\kb127\rules\rules.1.435.64
C:\Program Files\Dealio\kb127\rules\rules.1.436.76
C:\Program Files\Dealio\kb127\rules\rules.1.437.64
C:\Program Files\Dealio\kb127\rules\rules.1.438.71
C:\Program Files\Dealio\kb127\rules\rules.1.439.71
C:\Program Files\Dealio\kb127\rules\rules.1.440.75
C:\Program Files\Dealio\kb127\rules\rules.1.442.73
C:\Program Files\Dealio\kb127\rules\rules.1.443.73
C:\Program Files\Dealio\kb127\rules\rules.1.444.73
C:\Program Files\Dealio\kb127\rules\rules.1.445.68
C:\Program Files\Dealio\kb127\rules\rules.1.446.69
C:\Program Files\Dealio\kb127\rules\rules.1.450.67
C:\Program Files\Dealio\kb127\rules\rules.1.451.67
C:\Program Files\Dealio\kb127\rules\rules.1.452.68
C:\Program Files\Dealio\kb127\rules\rules.1.453.68
C:\Program Files\Dealio\kb127\rules\rules.1.454.69
C:\Program Files\Dealio\kb127\rules\rules.1.456.69
C:\Program Files\Dealio\kb127\rules\rules.1.457.75
C:\Program Files\Dealio\kb127\rules\rules.1.458.70
C:\Program Files\Dealio\kb127\rules\rules.1.459.70
C:\Program Files\Dealio\kb127\rules\rules.1.460.69
C:\Program Files\Dealio\kb127\rules\rules.1.462.74
C:\Program Files\Dealio\kb127\rules\rules.1.463.69
C:\Program Files\Dealio\kb127\rules\rules.1.464.70
C:\Program Files\Dealio\kb127\rules\rules.1.465.68
C:\Program Files\Dealio\kb127\rules\rules.1.468.70
C:\Program Files\Dealio\kb127\rules\rules.1.469.70
C:\Program Files\Dealio\kb127\rules\rules.1.470.70
C:\Program Files\Dealio\kb127\rules\rules.1.471.73
C:\Program Files\Dealio\kb127\rules\rules.1.472.70
C:\Program Files\Dealio\kb127\rules\rules.1.478.74
C:\Program Files\Dealio\kb127\rules\rules.1.479.73
C:\Program Files\Dealio\kb127\rules\rules.1.480.68
C:\Program Files\Dealio\kb127\rules\rules.1.481.71
C:\Program Files\Dealio\kb127\rules\rules.1.482.74
C:\Program Files\Dealio\kb127\rules\rules.1.49.67
C:\Program Files\Dealio\kb127\rules\rules.1.50.43
C:\Program Files\Dealio\kb127\rules\rules.1.500.71
C:\Program Files\Dealio\kb127\rules\rules.1.501.74
C:\Program Files\Dealio\kb127\rules\rules.1.502.71
C:\Program Files\Dealio\kb127\rules\rules.1.51.69
C:\Program Files\Dealio\kb127\rules\rules.1.52.72
C:\Program Files\Dealio\kb127\rules\rules.1.520.76
C:\Program Files\Dealio\kb127\rules\rules.1.521.76
C:\Program Files\Dealio\kb127\rules\rules.1.522.76
C:\Program Files\Dealio\kb127\rules\rules.1.53.51
C:\Program Files\Dealio\kb127\rules\rules.1.531.76
C:\Program Files\Dealio\kb127\rules\rules.1.532.75
C:\Program Files\Dealio\kb127\rules\rules.1.534.75
C:\Program Files\Dealio\kb127\rules\rules.1.54.47
C:\Program Files\Dealio\kb127\rules\rules.1.55.45
C:\Program Files\Dealio\kb127\rules\rules.1.56.69
C:\Program Files\Dealio\kb127\rules\rules.1.57.43
C:\Program Files\Dealio\kb127\rules\rules.1.58.47
C:\Program Files\Dealio\kb127\rules\rules.1.593.76
C:\Program Files\Dealio\kb127\rules\rules.1.595.76
C:\Program Files\Dealio\kb127\rules\rules.1.63.57
C:\Program Files\Dealio\kb127\rules\rules.1.66.47
C:\Program Files\Dealio\kb127\rules\rules.1.70.75
C:\Program Files\Dealio\kb127\rules\rules.1.71.43
C:\Program Files\Dealio
C:\Program Files\Macrogaming\SweetIM
C:\Program Files\Macrogaming\SweetIM\conf
C:\Program Files\Macrogaming\SweetIM\data
C:\Program Files\Macrogaming\SweetIM\default.xml
C:\Program Files\Macrogaming\SweetIM\logs
C:\Program Files\Macrogaming\SweetIM\mgAdaptersProxy.dll
C:\Program Files\Macrogaming\SweetIM\mgArchive.dll
C:\Program Files\Macrogaming\SweetIM\mgcommon.dll
C:\Program Files\Macrogaming\SweetIM\mgcommunication.dll
C:\Program Files\Macrogaming\SweetIM\mgconfig.dll
C:\Program Files\Macrogaming\SweetIM\mgFlashPlayer.dll
C:\Program Files\Macrogaming\SweetIM\mghooking.dll
C:\Program Files\Macrogaming\SweetIM\mgIEPlayer.dll
C:\Program Files\Macrogaming\SweetIM\mglogger.dll
C:\Program Files\Macrogaming\SweetIM\mgMsnAuto.dll
C:\Program Files\Macrogaming\SweetIM\mgMsnMessengerAdapter.dll
C:\Program Files\Macrogaming\SweetIM\mgMsnProt.dll
C:\Program Files\Macrogaming\SweetIM\mgSweetIM.dll
C:\Program Files\Macrogaming\SweetIM\mgUpdateSupport.dll
C:\Program Files\Macrogaming\SweetIM\mgxml_wrapper.dll
C:\Program Files\Macrogaming\SweetIM\resources
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Macrogaming\SweetIM\update
C:\Program Files\Macrogaming\SweetIM\conf\adapter.xml
C:\Program Files\Macrogaming\SweetIM\conf\logger.xml
C:\Program Files\Macrogaming\SweetIM\conf\messages.xml
C:\Program Files\Macrogaming\SweetIM\conf\sweetim.xml
C:\Program Files\Macrogaming\SweetIM\conf\sweetimapp.xml
C:\Program Files\Macrogaming\SweetIM\conf\users
C:\Program Files\Macrogaming\SweetIM\conf\users\denislucie@live.fr
C:\Program Files\Macrogaming\SweetIM\conf\users\doune85@msn.com
C:\Program Files\Macrogaming\SweetIM\conf\users\luluce85@msn.com
C:\Program Files\Macrogaming\SweetIM\conf\users\main_user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\denislucie@live.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\denislucie@live.fr\lastuse_Winks.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\denislucie@live.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\doune85@msn.com\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\doune85@msn.com\lastuse_DisplayPictures.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\doune85@msn.com\lastuse_Emoticons.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\doune85@msn.com\lastuse_SoundFX.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\doune85@msn.com\lastuse_Winks.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\doune85@msn.com\user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\luluce85@msn.com\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\luluce85@msn.com\lastuse_Audibles.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\luluce85@msn.com\lastuse_Emoticons.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\luluce85@msn.com\lastuse_Winks.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\luluce85@msn.com\user_config.xml
C:\Program Files\Macrogaming\SweetIM\data\contentdb
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100AA.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100AB.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100AC.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100AE.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100AF.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B1.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B2.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B3.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B4.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B5.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B6.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B7.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B9.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100BA.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100BE.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C0.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C1.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C4.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C5.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C6.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C7.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C8.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C9.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CB.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CC.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CF.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D0.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D1.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D2.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D3.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D4.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D5.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D8.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D9.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100DA.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100DD.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100DE.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100DF.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100E8.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100F7.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100F9.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100FA.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100FD.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100FE.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100FF.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010100.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010101.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010104.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010106.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010107.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010108.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010109.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001010F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010111.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010118.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010119.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001011B.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001011D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001011E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001011F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010120.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010122.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010123.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010124.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010814.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010816.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010818.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001081A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001081B.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001081C.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001081D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001081E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001083F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010840.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010841.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010844.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010845.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010847.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001084A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001084B.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001084C.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001084D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001084E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010850.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010852.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010853.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010856.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010857.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010859.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001085C.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001085D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001085E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001085F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010860.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010861.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010862.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010863.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010864.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010865.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010866.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010867.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010868.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010869.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001086B.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001086C.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001086D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001086E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001086F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010871.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010879.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010883.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010889.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088C.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010890.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010893.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010894.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010895.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010896.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010897.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010898.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089B.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089C.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A0.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A1.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A3.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A5.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A7.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A8.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A9.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108AA.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108AC.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002005C.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020066.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020069.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006C.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020071.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020072.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020073.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020074.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020075.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020076.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020077.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020079.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020085.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002008A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002009C.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200A9.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200B2.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200B8.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200C0.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200C6.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200D8.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020109.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002010E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020115.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020121.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020129.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020132.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020185.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020239.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000202BA.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000202C4.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002030B.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030001.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030005.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030007.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003000D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003000F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030011.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030013.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030017.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030019.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003001B.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003001F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030023.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030025.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030027.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003003B.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030041.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030045.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003004F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030059.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040015.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004001F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040022.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040024.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040028.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040029.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004002B.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040036.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040039.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004003E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004003F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004004F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040052.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040059.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004005E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040062.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040063.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040064.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040065.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040068.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004006A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004006B.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004006C.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004006D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040073.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040082.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400A3.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400B5.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400B6.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400C6.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400D2.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050002.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050005.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060030.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006006A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006006B.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006006E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060075.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060076.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060078.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006007A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006007C.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006007D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060084.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060087.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006008F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006009E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000600DA.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000601A6.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000601C3.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000601C6.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060235.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050001.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050002.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat
C:\Program Files\Macrogaming\SweetIM\resources\gdiplus.dll
C:\Program Files\Macrogaming\SweetIM\resources\ImageOle.dll
C:\Program Files\Macrogaming\SweetIM\update\lastversioninfo.xml
C:\Program Files\Macrogaming
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb127\res
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
C:\Program Files\Search Settings\kb127\temp
C:\Program Files\Search Settings
C:\WINDOWS\Installer\15759a.msi
C:\WINDOWS\Installer\1e87a21.msi
C:\WINDOWS\Installer\1e87a27.msi

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.

* Mozilla FireFox Version 3.0.12 *

Nom du profil: fqaghp26.default (denis)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Google" );
(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search" );
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" );
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:frfficial" );
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.12" );
.
.

* Internet Explorer Version 6.0.2900.5512 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchAssistant: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.google.com
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchAssistant: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

.
============== Processus Caches/Bloque ==============
.
PID: 1464 [LOCKED] vsmon.exe
PID: 500 [LOCKED] zlclient.exe
.

============== Suspect (Cracks, Serials ... ) ==============

.
C:\Documents and Settings\denis\Bureau\a trier bureau\ET_Patch_2_60.exe
C:\Documents and Settings\denis\Bureau\a trier bureau\nerovision-express_patch_francais_3.1.0.25_francais_10914.exe
C:\Documents and Settings\denis\Bureau\JEUX divers\Grid\#readme#\GRIDPatch2.exe
C:\Documents and Settings\denis\Mes documents\Fichiers p2p\FILMS\GTR.2-RELOADED\Crack\GTR2 v1.1 no-cd.rar
C:\Documents and Settings\denis\Mes documents\Fichiers p2p\FILMS\GTR.2-RELOADED\Crack\GTR2.exe
C:\Documents and Settings\denis\Mes documents\Fichiers p2p\Lavalys.EVEREST.Ultimate.Edition.v4.60.1500.Multilingual.Incl.Keygen-BRD\brd.nfo
C:\Documents and Settings\denis\Mes documents\Fichiers p2p\Lavalys.EVEREST.Ultimate.Edition.v4.60.1500.Multilingual.Incl.Keygen-BRD\Lavalys.EVEREST.Ultimate.Edition.v4.60.1500.Multilingual.Incl.Keygen-BRD.rar
C:\Documents and Settings\denis\Mes documents\Fichiers p2p\Uniblue.DriverScanner 2009 2.0.0.47.Inc Keygen-lz0{DEMONOID}{JOHNCANADUDE}\driverscanner.exe
C:\Documents and Settings\denis\Mes documents\Fichiers p2p\Uniblue.DriverScanner 2009 2.0.0.47.Inc Keygen-lz0{DEMONOID}{JOHNCANADUDE}\Un

voila :


Logfile of random's system information tool 1.06 (written by random/random)
Run by denis at 2009-08-04 01:33:18
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 6 GB (4%) free of 131 GB
Total RAM: 1023 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:33:19, on 04/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\denis\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\denis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [E06FXLRD_92935046] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [symws] C:\WINDOWS\defragnt.exe
O4 - HKLM\..\Policies\Explorer\Run: [Joomlab] C:\WINDOWS\defragnt.exe
O4 - HKCU\..\Policies\Explorer\Run: [Joomlab] C:\WINDOWS\defragnt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\denis\Application Data\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{02FA14D5-68BF-4D7A-AF4A-98C27BBF4CF9}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{02FA14D5-68BF-4D7A-AF4A-98C27BBF4CF9}: NameServer = 192.168.1.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7944 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HPpromotions journeysoftware.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_LifeExp_exe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{955BE0B8-BC85-4CAF-856E-8E0D8B610560}]
BHO pour Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-04 228048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{147D6308-0614-4112-89B1-31402F9B82C4} - Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-04 228048]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-12-13 919016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-18 13574144]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Joomlab"=C:\WINDOWS\defragnt.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"MsgCenterExe"=C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe -osboot []
"E06FXLRD_92935046"=C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"symws"=C:\WINDOWS\defragnt.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Joomlab"=C:\WINDOWS\defragnt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
C:\Program Files\Dealio\DealioAU.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_1024515]
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_34222078]
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_366718]
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_456015]
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_51534937]
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_6466781]
-m []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_7249859]
C:\Program Files\Microsoft Encarta\Microsoft Encarta Junior 2006\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_812437]
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HiYo]
C:\Program Files\HiYo\bin\HiYo.exe [2009-01-11 300336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-02-16 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
C:\Program Files\Microsoft LifeCam\LifeExp.exe [2008-08-04 160800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\DOCUME~1\denis\MENUDM~1\PROGRA~1\NEROBA~1\NBJ.exe [2005-06-02 1957888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-09-18 13574144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-09-18 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
C:\WINDOWS\system32\nvraidservice.exe [2008-08-18 203296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\Search Settings\SearchSettings.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2008-10-08 1410296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Store 'n' Go]
C:\Documents and Settings\denis\Application Data\Verbatim Software\V-Key.exe [2005-11-29 2297856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2005-10-27 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
C:\WINDOWS\vVX3000.exe [2008-08-04 721936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-11-04 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^denis^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-09-12 384000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-10-09 79408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"EditLevel"=0
"NoRun"=0
"NoClose"=0
"NoCommonGroups"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\CodeRED Alien Arena\crx.exe"="C:\CodeRED Alien Arena\crx.exe:*isabled:crx"
"C:\nexuiz\nexuiz.exe"="C:\nexuiz\nexuiz.exe:*:EnabledarkPlaces Game Engine"
"C:\Sauerbraten\sauerbraten\bin\sauerbraten.exe"="C:\Sauerbraten\sauerbraten\bin\sauerbraten.exe:*:Enabled:sauerbraten"
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Sierra\FEARCombat\fpupdate.exe"="C:\Program Files\Sierra\FEARCombat\fpupdate.exe:*isabled:fpupdate"
"C:\Program Files\Sierra\FEARCombat\FEARMP.exe"="C:\Program Files\Sierra\FEARCombat\FEARMP.exe:*:Enabled:FEAR Combat"
"C:\Program Files\GameSpy\Comrade\Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe"="C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe"
"C:\Program Files\Microsoft LifeCam\LifeTray.exe"="C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a26c6c7-c5f6-11dd-a8e5-00148524342d}]
shell\AutoRun\command - I:\setupSNK.exe


======List of files/folders created in the last 1 months======

2009-08-03 21:02:21 ----D---- C:\Program Files\Ad-remover
2009-08-03 17:53:29 ----D---- C:\rsit
2009-07-30 02:57:37 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-07-21 21:36:27 ----D---- C:\Program Files\QuickMediaConverter
2009-07-21 00:27:49 ----A---- C:\version.txt
2009-07-16 09:03:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-16 09:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-16 03:01:12 ----A---- C:\WINDOWS\imsins.BAK
2009-07-16 03:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

======List of files/folders modified in the last 1 months======

2009-08-04 01:32:09 ----D---- C:\Program Files\Mozilla Firefox
2009-08-04 01:31:37 ----D---- C:\WINDOWS\Temp
2009-08-04 01:13:18 ----SHD---- C:\WINDOWS\Installer
2009-08-04 01:11:12 ----AD---- C:\Program Files
2009-08-04 01:09:18 ----D---- C:\WINDOWS\Prefetch
2009-08-03 23:22:22 ----D---- C:\WINDOWS\Internet Logs
2009-08-03 23:04:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-03 23:04:18 ----ASH---- C:\boot.ini
2009-08-03 23:04:18 ----A---- C:\WINDOWS\win.ini
2009-08-03 23:04:18 ----A---- C:\WINDOWS\system.ini
2009-08-03 20:29:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-03 20:29:19 ----D---- C:\WINDOWS\system32\drivers
2009-08-03 15:19:02 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-03 15:18:21 ----D---- C:\WINDOWS
2009-07-31 19:05:05 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-31 18:58:34 ----HD---- C:\Config.Msi
2009-07-30 12:53:23 ----D---- C:\WINDOWS\system32
2009-07-30 02:57:49 ----HD---- C:\WINDOWS\inf
2009-07-30 02:57:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-30 02:56:53 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-29 11:57:33 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-22 23:55:13 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-22 15:13:54 ----D---- C:\Documents and Settings\denis\Application Data\AdobeUM
2009-07-21 22:12:33 ----D---- C:\Documents and Settings\denis\Application Data\uTorrent
2009-07-18 18:03:49 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-07-18 18:03:49 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-16 09:30:48 ----D---- C:\WINDOWS\system32\LogFiles
2009-07-16 09:02:58 ----D---- C:\WINDOWS\Debug
2009-07-11 01:55:13 ----D---- C:\Documents and Settings\denis\Application Data\Vso
2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 43008]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-05 3968]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-27 75096]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-10-02 5632]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2007-12-13 394952]
R2 irda;Protocole IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [1996-12-12 64512]
R2 X4HSX32;X4HSX32; \??\C:\Program Files\Player Metaboli\X4HSX32.Sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 irsir;Pilote série infrarouge Microsoft; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-18 6132576]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-14 47360]
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2008-08-04 1964816]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2002-05-06 24511]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-24 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-11-11 9856]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-10-09 312880]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2008-08-04 164896]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-18 163908]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-10-12 66872]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2007-12-13 75304]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-10-25 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 InstallShield Licensing Service;InstallShield Licensing Service; C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe [2006-02-28 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-12-19 195752]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

salut destrio,

Déjà je voudrais te dire un grand merci pour hier et ta rapidité de réponse.

Ce matin le trojan a été repéré par anbtivir en voulant installé un fichier sur mon pc.

J'ai remarqué aussi que j'ai loupé une étape hier lors de ton deuxième message, c'est celui d'effacer les fichiers "dealio" et "search settings".
J'ai essayé mais pas moyen de les supprimer ca me dit que le composant se trouve sur une ressource réseau non disponible.

Le chemin d'accés est : C:\DOCUME~1\denis\LOCALS~1\Temp\_isCA\


Que dois je faire ?

voila le rapport OTM :



All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\Joomlab deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\symws deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\Joomlab deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings\ deleted successfully.
========== FILES ==========
File/Folder C:\Program Files\Dealio not found.
File/Folder C:\Program Files\Search Settings not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chez Luluce

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4538861 bytes

User: denis
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 999424 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53379406 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 2791940 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 28406230 bytes

C:\NV31883724.TMP folder deleted successfully.
%systemdrive% .tmp files removed: 1908736 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 1258087 bytes
%systemroot%\System32 .tmp files removed: 7803180 bytes
File delete failed. C:\WINDOWS\temp\ZLT016a0.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT016a3.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied: 512 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 96,40 mb


OTM by OldTimer - Version 3.0.0.5 log created on 08042009_181110

Files moved on Reboot...
File C:\WINDOWS\temp\ZLT016a0.TMP not found!
File C:\WINDOWS\temp\ZLT016a3.TMP not found!

Registry entries deleted on Reboot...

voila le rapport (il m'a détecté un Dldr.WMA.wima.27) que j'ai mis en quarantaine car non réparable (grisé) :


All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\Joomlab deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\symws deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\Joomlab deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings\ deleted successfully.
========== FILES ==========
File/Folder C:\Program Files\Dealio not found.
File/Folder C:\Program Files\Search Settings not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chez Luluce

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4538861 bytes

User: denis
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 999424 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53379406 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 2791940 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 28406230 bytes

C:\NV31883724.TMP folder deleted successfully.
%systemdrive% .tmp files removed: 1908736 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 1258087 bytes
%systemroot%\System32 .tmp files removed: 7803180 bytes
File delete failed. C:\WINDOWS\temp\ZLT016a0.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT016a3.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied: 512 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 96,40 mb


OTM by OldTimer - Version 3.0.0.5 log created on 08042009_181110

Files moved on Reboot...
File C:\WINDOWS\temp\ZLT016a0.TMP not found!
File C:\WINDOWS\temp\ZLT016a3.TMP not found!

Registry entries deleted on Reboot...

désolé j'ai pas fais gaffe voila :


Avira AntiVir Personal
Report file date: mardi 4 août 2009 19:26

Scanning for 1586197 virus strains and unwanted programs.

Licensed to: Avira AntiVir Personal - FREE Antivirus
Serial number: 0000149996-ADJIE-0000001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DENIS-QIOX3BIL7

Version information:
BUILD.DAT : 8.2.0.353 17048 Bytes 15/05/2009 12:02:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 14:51:00
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 22:12:46
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 10:25:05
ANTIVIR2.VDF : 7.1.4.253 1779200 Bytes 19/07/2009 11:14:01
ANTIVIR3.VDF : 7.1.5.58 466432 Bytes 02/08/2009 19:01:55
Engineversion : 8.2.0.238
AEVDF.DLL : 8.1.1.1 106868 Bytes 01/05/2009 15:39:06
AESCRIPT.DLL : 8.1.2.22 450938 Bytes 30/07/2009 21:13:06
AESCN.DLL : 8.1.2.4 127348 Bytes 23/07/2009 11:14:00
AERDL.DLL : 8.1.2.4 430452 Bytes 15/07/2009 10:55:29
AEPACK.DLL : 8.1.3.18 401783 Bytes 27/05/2009 17:49:01
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 17/06/2009 18:23:43
AEHEUR.DLL : 8.1.0.147 1884536 Bytes 28/07/2009 21:12:58
AEHELP.DLL : 8.1.5.3 233846 Bytes 23/07/2009 11:13:59
AEGEN.DLL : 8.1.1.53 356724 Bytes 02/08/2009 19:01:56
AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 15:29:03
AECORE.DLL : 8.1.7.6 184694 Bytes 23/07/2009 11:13:58
AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 15:29:02
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.3 155688 Bytes 20/04/2009 17:49:52
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 4 août 2009 19:26

Starting search for hidden objects.
'86980' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'EDICT.EXE' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'soundman.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
41 processes with 41 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '46' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\denis\Mes documents\Mes fichiers reçus\prendre un enfant par la main.wma
[DETECTION] Is the TR/Dldr.WMA.Wima.27 Trojan
[NOTE] The file was moved to '4add7d2d.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: mardi 4 août 2009 21:38
Used time: 2:12:12 Hour(s)

The scan has been done completely.

16737 Scanning directories
678352 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
678349 Files not concerned
4793 Archives were scanned
6 Warnings
1 Notes
86980 Objects were scanned with rootkit scan
0 Hidden objects were found

salut Destrio,

Je t'envoie le rapport avec la nouvelle version antivir française :


Avira AntiVir Personal
Date de création du fichier de rapport : vendredi 7 août 2009 15:09

La recherche porte sur 1618172 souches de virus.

Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows XP
Version de Windows : (Service Pack 3) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : DENIS-QIOX3BIL7

Informations de version :
BUILD.DAT : 9.0.0.66 17958 Bytes 17/06/2009 14:44:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 17/06/2009 12:43:57
AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 12:44:05
ANTIVIR2.VDF : 7.1.5.60 2235904 Bytes 03/08/2009 12:45:06
ANTIVIR3.VDF : 7.1.5.84 436224 Bytes 07/08/2009 12:45:17
Version du moteur : 8.2.0.246
AEVDF.DLL : 8.1.1.1 106868 Bytes 30/04/2009 10:52:04
AESCRIPT.DLL : 8.1.2.23 455033 Bytes 07/08/2009 12:46:02
AESCN.DLL : 8.1.2.4 127348 Bytes 07/08/2009 12:45:59
AERDL.DLL : 8.1.2.4 430452 Bytes 07/08/2009 12:45:56
AEPACK.DLL : 8.1.3.18 401783 Bytes 27/05/2009 15:07:20
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 07/08/2009 12:45:49
AEHEUR.DLL : 8.1.0.153 1917303 Bytes 07/08/2009 12:45:46
AEHELP.DLL : 8.1.5.3 233846 Bytes 07/08/2009 12:45:25
AEGEN.DLL : 8.1.1.55 356723 Bytes 07/08/2009 12:45:23
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 07/08/2009 12:45:20
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
AVPREF.DLL : 9.0.0.1 43777 Bytes 03/12/2008 10:39:26
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17/06/2009 12:44:26
RCTEXT.DLL : 9.0.37.0 88321 Bytes 15/04/2009 09:07:05

Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen
Catégories de dangers divergentes.............: +PCK,+SPR,

Début de la recherche : vendredi 7 août 2009 15:09

La recherche d'objets cachés commence.
'79066' objets ont été contrôlés, '0' objets cachés ont été trouvés.

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CALMAIN.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'StarWindServiceAE.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PnkBstrA.exe' - '1' module(s) sont contrôlés
Processus de recherche 'HPZipm12.exe' - '1' module(s) sont contrôlés
Processus de recherche 'nvsvc32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'MSCamS32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'mdm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'guard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'EDICT.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'soundman.exe' - '1' module(s) sont contrôlés
Processus de recherche 'zlclient.exe' - '0' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'vsmon.exe' - '0' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'38' processus ont été contrôlés avec '38' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD1
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD2
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD3
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD4
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '46' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\'
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\Documents and Settings\denis\Bureau\suppression spywares\clean\clean.zip
[0] Type d'archive: ZIP
--> clean/pskill.exe
[1] Type d'archive: RSRC
--> Object
[RESULTAT] Contient le modèle de détection du programme SPR/Remote.CR
C:\Documents and Settings\denis\Bureau\suppression spywares\clean\pskill.exe
[0] Type d'archive: RSRC
--> Object
[RESULTAT] Contient le modèle de détection du programme SPR/Remote.CR
C:\Program Files\IfoEdit\IfoEdit_0.971_Fr.exe
[RESULTAT] Contient le modèle de détection du logiciel espion ou publicitaire ADSPY/Rabio.ES
C:\WINDOWS\system32\drivers\sptd.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !

Début de la désinfection :
C:\Documents and Settings\denis\Bureau\suppression spywares\clean\clean.zip
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4ae13cb9.qua' !
C:\Documents and Settings\denis\Bureau\suppression spywares\clean\pskill.exe
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4ae73cc1.qua' !
C:\Program Files\IfoEdit\IfoEdit_0.971_Fr.exe
[RESULTAT] Contient le modèle de détection du logiciel espion ou publicitaire ADSPY/Rabio.ES
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4aeb3cb4.qua' !


Fin de la recherche : vendredi 7 août 2009 16:38
Temps nécessaire: 1:28:24 Heure(s)

La recherche a été effectuée intégralement

16919 Les répertoires ont été contrôlés
682856 Des fichiers ont été contrôlés
3 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
3 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
2 Impossible de contrôler des fichiers
682851 Fichiers non infectés
4809 Les archives ont été contrôlées
2 Avertissements
4 Consignes
79066 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés

voila le rapport log :


Logfile of random's system information tool 1.06 (written by random/random)
Run by denis at 2009-08-07 20:00:31
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 6 GB (5%) free of 131 GB
Total RAM: 1023 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:36, on 07/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\denis\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\denis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [E06FXLRD_92935046] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\denis\Application Data\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{02FA14D5-68BF-4D7A-AF4A-98C27BBF4CF9}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{02FA14D5-68BF-4D7A-AF4A-98C27BBF4CF9}: NameServer = 192.168.1.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8515 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HPpromotions journeysoftware.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_LifeExp_exe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-07-25 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{955BE0B8-BC85-4CAF-856E-8E0D8B610560}]
BHO pour Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-04 228048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{147D6308-0614-4112-89B1-31402F9B82C4} - Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-04 228048]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-12-13 919016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-18 13574144]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"MsgCenterExe"=C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe -osboot []
"E06FXLRD_92935046"=C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_1024515]
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_34222078]
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_366718]
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_456015]
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_51534937]
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_6466781]
-m []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_7249859]
C:\Program Files\Microsoft Encarta\Microsoft Encarta Junior 2006\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_812437]
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HiYo]
C:\Program Files\HiYo\bin\HiYo.exe [2009-01-11 300336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-02-16 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
C:\Program Files\Microsoft LifeCam\LifeExp.exe [2008-08-04 160800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\DOCUME~1\denis\MENUDM~1\PROGRA~1\NEROBA~1\NBJ.exe [2005-06-02 1957888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-09-18 13574144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-09-18 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
C:\WINDOWS\system32\nvraidservice.exe [2008-08-18 203296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2008-10-08 1410296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Store 'n' Go]
C:\Documents and Settings\denis\Application Data\Verbatim Software\V-Key.exe [2005-11-29 2297856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2005-10-27 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
C:\WINDOWS\vVX3000.exe [2008-08-04 721936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-11-04 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^denis^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-09-12 384000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-10-09 79408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"EditLevel"=0
"NoRun"=0
"NoClose"=0
"NoCommonGroups"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\CodeRED Alien Arena\crx.exe"="C:\CodeRED Alien Arena\crx.exe:*isabled:crx"
"C:\nexuiz\nexuiz.exe"="C:\nexuiz\nexuiz.exe:*:EnabledarkPlaces Game Engine"
"C:\Sauerbraten\sauerbraten\bin\sauerbraten.exe"="C:\Sauerbraten\sauerbraten\bin\sauerbraten.exe:*:Enabled:sauerbraten"
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Sierra\FEARCombat\fpupdate.exe"="C:\Program Files\Sierra\FEARCombat\fpupdate.exe:*isabled:fpupdate"
"C:\Program Files\Sierra\FEARCombat\FEARMP.exe"="C:\Program Files\Sierra\FEARCombat\FEARMP.exe:*:Enabled:FEAR Combat"
"C:\Program Files\GameSpy\Comrade\Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe"="C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe"
"C:\Program Files\Microsoft LifeCam\LifeTray.exe"="C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a26c6c7-c5f6-11dd-a8e5-00148524342d}]
shell\AutoRun\command - I:\setupSNK.exe


======List of files/folders created in the last 1 months======

2009-08-07 19:54:00 ----D---- C:\WINDOWS\ie8updates
2009-08-07 19:52:51 ----A---- C:\WINDOWS\imsins.BAK
2009-08-07 19:50:35 ----HDC---- C:\WINDOWS\ie8
2009-08-07 14:33:29 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-08-06 12:42:49 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-06 12:42:49 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-06 12:42:49 ----A---- C:\WINDOWS\system32\java.exe
2009-08-04 18:11:10 ----D---- C:\_OTM
2009-08-03 21:02:21 ----D---- C:\Program Files\Ad-remover
2009-08-03 17:53:29 ----D---- C:\rsit
2009-07-30 02:57:37 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-07-21 21:36:27 ----D---- C:\Program Files\QuickMediaConverter
2009-07-21 00:27:49 ----A---- C:\version.txt
2009-07-16 09:03:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-16 09:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-16 03:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

======List of files/folders modified in the last 1 months======

2009-08-07 20:00:37 ----D---- C:\WINDOWS\Prefetch
2009-08-07 20:00:23 ----D---- C:\WINDOWS\Internet Logs
2009-08-07 19:58:58 ----D---- C:\Program Files\Mozilla Firefox
2009-08-07 19:57:08 ----D---- C:\WINDOWS\Temp
2009-08-07 19:57:06 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-07 19:56:57 ----D---- C:\WINDOWS
2009-08-07 19:56:53 ----D---- C:\WINDOWS\system32
2009-08-07 19:56:02 ----D---- C:\WINDOWS\system32\fr-fr
2009-08-07 19:56:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-07 19:56:01 ----D---- C:\WINDOWS\Help
2009-08-07 19:56:01 ----D---- C:\Program Files\Internet Explorer
2009-08-07 19:55:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-07 19:54:32 ----HD---- C:\WINDOWS\inf
2009-08-07 19:54:13 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-07 19:52:43 ----D---- C:\WINDOWS\WBEM
2009-08-07 19:52:36 ----D---- C:\WINDOWS\Media
2009-08-07 19:49:00 ----D---- C:\WINDOWS\Debug
2009-08-07 19:41:14 ----SHD---- C:\WINDOWS\Installer
2009-08-07 19:39:12 ----HD---- C:\Config.Msi
2009-08-07 19:39:12 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-08-07 19:38:50 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-08-07 19:38:35 ----D---- C:\Program Files\Adobe
2009-08-07 18:35:28 ----D---- C:\Program Files\Java
2009-08-07 18:35:27 ----D---- C:\Program Files\Fichiers communs
2009-08-07 16:38:37 ----D---- C:\Documents and Settings\denis\Application Data\AdobeUM
2009-08-07 16:38:07 ----D---- C:\Program Files\IfoEdit
2009-08-07 14:33:38 ----D---- C:\WINDOWS\system32\drivers
2009-08-07 14:33:29 ----D---- C:\Program Files\Avira
2009-08-07 14:31:59 ----D---- C:\WINDOWS\WinSxS
2009-08-07 14:31:59 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-08-06 15:33:31 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-04 18:12:37 ----D---- C:\WINDOWS\system32\LogFiles
2009-08-04 01:11:12 ----AD---- C:\Program Files
2009-08-03 23:04:18 ----ASH---- C:\boot.ini
2009-08-03 23:04:18 ----A---- C:\WINDOWS\win.ini
2009-08-03 23:04:18 ----A---- C:\WINDOWS\system.ini
2009-08-03 20:29:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-03 15:19:02 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-31 19:05:05 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-25 05:23:00 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-21 22:12:33 ----D---- C:\Documents and Settings\denis\Application Data\uTorrent
2009-07-19 18:45:00 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 15:15:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-18 18:03:49 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-07-11 01:55:13 ----D---- C:\Documents and Settings\denis\Application Data\Vso

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 43008]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-05 3968]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-10-02 5632]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2007-12-13 394952]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 irda;Protocole IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [1996-12-12 64512]
R2 X4HSX32;X4HSX32; \??\C:\Program Files\Player Metaboli\X4HSX32.Sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
R3 irsir;Pilote série infrarouge Microsoft; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-18 6132576]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-14 47360]
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2008-08-04 1964816]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2002-05-06 24511]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-24 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-11-11 9856]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-10-09 312880]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2008-08-04 164896]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-18 163908]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-10-12 66872]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2007-12-13 75304]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-10-25 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 InstallShield Licensing Service;InstallShield Licensing Service; C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe [2006-02-28 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-12-19 195752]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Je suis encore actuellement infecté mon antivirus Antivir me détecte un :

ADSPY/Rabio.ES

dans le rapport j'ai trouvé ces lignes :

C:\Program Files\IfoEdit\IfoEdit_0.971_Fr.exe
[RESULTAT] Contient le modèle de détection du logiciel espion ou publicitaire ADSPY/Rabio.ES
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4aeb3cb4.qua' !

oui c vrai c'est qu'il me la détecté deux fois mais apparemment c'est pas le même :

premier Adware :

'C:\System Volume Information\_restore{CBCDB27E-2EC5-48C8-864C-43C44EED9EE9}\RP621\A0157770.exe'

et le deuxième :

'C:\System Volume Information\_restore{CBCDB27E-2EC5-48C8-864C-43C44EED9EE9}\RP621\A0157771.exe'

je pense qu'il va peut être m'en trouver d'autres je suppose ?

salut Destrio,

je te poste le rapport toolscleaner et celui d'antivir apparemment ça n'a pas l'air trop mal.


[ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\TB.txt: trouvé !
C:\_OTM: trouvé !
C:\Toolbar SD: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\denis\Bureau\OTM.exe: trouvé !
C:\Documents and Settings\denis\Bureau\Rsit.exe: trouvé !
C:\Documents and Settings\denis\Bureau\JEUX divers\hijackthis.log: trouvé !
C:\Documents and Settings\denis\Bureau\suppression spywares\Dss.exe: trouvé !
C:\Documents and Settings\denis\Bureau\suppression spywares\ToolBarSD.exe: trouvé !
C:\Documents and Settings\denis\Bureau\suppression spywares\TB.txt: trouvé !
C:\Documents and Settings\denis\Bureau\suppression spywares\navilog\Navilog1.bat: trouvé !
C:\Program Files\Btfix: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\BTFix\BTFix.txt: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\HJTInstall.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\denis\Bureau\OTM.exe: supprimé !
C:\Documents and Settings\denis\Bureau\suppression spywares\Dss.exe: supprimé !
C:\Documents and Settings\denis\Bureau\suppression spywares\ToolBarSD.exe: supprimé !
C:\Documents and Settings\denis\Bureau\suppression spywares\navilog\Navilog1.bat: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HJTInstall.exe: supprimé !
C:\TB.txt: supprimé !
C:\Documents and Settings\denis\Bureau\Rsit.exe: supprimé !
C:\Documents and Settings\denis\Bureau\JEUX divers\hijackthis.log: supprimé !
C:\Documents and Settings\denis\Bureau\suppression spywares\TB.txt: supprimé !
C:\Program Files\BTFix\BTFix.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\_OTM: supprimé !
C:\Toolbar SD: supprimé !
C:\Rsit: supprimé !
C:\Program Files\Btfix: supprimé !
C:\Program Files\Ad-remover: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Corbeille vidée!
Fichiers temporaires nettoyés !






Avira AntiVir Personal
Date de création du fichier de rapport : samedi 8 août 2009 02:21

La recherche porte sur 1618172 souches de virus.

Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows XP
Version de Windows : (Service Pack 3) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : DENIS-QIOX3BIL7

Informations de version :
BUILD.DAT : 9.0.0.66 17958 Bytes 17/06/2009 14:44:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 17/06/2009 12:43:57
AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 12:44:05
ANTIVIR2.VDF : 7.1.5.60 2235904 Bytes 03/08/2009 12:45:06
ANTIVIR3.VDF : 7.1.5.84 436224 Bytes 07/08/2009 12:45:17
Version du moteur : 8.2.0.246
AEVDF.DLL : 8.1.1.1 106868 Bytes 30/04/2009 10:52:04
AESCRIPT.DLL : 8.1.2.23 455033 Bytes 07/08/2009 12:46:02
AESCN.DLL : 8.1.2.4 127348 Bytes 07/08/2009 12:45:59
AERDL.DLL : 8.1.2.4 430452 Bytes 07/08/2009 12:45:56
AEPACK.DLL : 8.1.3.18 401783 Bytes 27/05/2009 15:07:20
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 07/08/2009 12:45:49
AEHEUR.DLL : 8.1.0.153 1917303 Bytes 07/08/2009 12:45:46
AEHELP.DLL : 8.1.5.3 233846 Bytes 07/08/2009 12:45:25
AEGEN.DLL : 8.1.1.55 356723 Bytes 07/08/2009 12:45:23
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 07/08/2009 12:45:20
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
AVPREF.DLL : 9.0.0.1 43777 Bytes 03/12/2008 10:39:26
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17/06/2009 12:44:26
RCTEXT.DLL : 9.0.37.0 88321 Bytes 15/04/2009 09:07:05

Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen
Catégories de dangers divergentes.............: +PCK,+SPR,

Début de la recherche : samedi 8 août 2009 02:21

La recherche d'objets cachés commence.
'79223' objets ont été contrôlés, '0' objets cachés ont été trouvés.

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmiprvse.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CALMAIN.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'StarWindServiceAE.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PnkBstrA.exe' - '1' module(s) sont contrôlés
Processus de recherche 'HPZipm12.exe' - '1' module(s) sont contrôlés
Processus de recherche 'nvsvc32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'MSCamS32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'mdm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'guard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'EDICT.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'reader_sl.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'soundman.exe' - '1' module(s) sont contrôlés
Processus de recherche 'zlclient.exe' - '0' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'vsmon.exe' - '0' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'39' processus ont été contrôlés avec '39' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD1
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD2
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD3
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD4
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '48' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\'
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\WINDOWS\system32\drivers\sptd.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !


Fin de la recherche : samedi 8 août 2009 03:38
Temps nécessaire: 1:17:32 Heure(s)

La recherche a été effectuée intégralement

16174 Les répertoires ont été contrôlés
514471 Des fichiers ont été contrôlés
0 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
0 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
3 Impossible de contrôler des fichiers
514468 Fichiers non infectés
4196 Les archives ont été contrôlées
3 Avertissements
1 Consignes
79223 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés

ok c'est fait,

je te remercie Destrio pour ton aide à mon pb, et la rapidité pour tes réponses à mes questions.

Bonne soirée a toi