Ordinateur infecté de virus !!! [ Resolu ]

xixi31800

12 Août 2010 12:19:56

Bonjours, voila mon problème avec malware je trouve pas mal de virus que avast ne trouve pas mais la aucun des 2 ne trouves quelque chose...
Mon problème est le suivant j'ai plein de page internet qui s'ouvre non stop j'en est 15 par minute environs puis elle se ferme toute seule car elle s'ouvre avec internet explorer or j'ai quitté internet explorer pour mozilla enfin de contrer ces pages... mais elle s'ouvre encore et toujours !!!

Voila j'en viens donc à me remettre a votre savoir pour espérer un peu d'aide

Merci,

Autres pages sur : ordinateur infecte virus resolu

| Etre averti des réponses
| Alerter

Répondre à xixi31800

OmaR

14 Août 2010 12:01:05

Salut,

Désolé pour le retard, avec les vacances on est un peu moins pour aider.
On va essayer de voir ça.

Télécharge OTL (de OldTimer) sur ton Bureau.

Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.

Dans la section "Analyse des fichiers", "Âge du fichier", met 30 jours

Coche également les cases à côté de Recherche Lop et Recherche Purity.

Enfin, clique sur le bouton Analyse. Le scan ne prendra pas beaucoup de temps.

Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).

Pour me transmettre les rapports :

Clique sur ce lien : http://www.cijoint.fr/

Clique sur Parcourir... et cherche le fichier du rapport que tu souhaites me transmettre.

Clique sur Ouvrir.

Clique sur Cliquez ici pour déposer le fichier.

Un lien de cette forme, hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt, est ajouté dans la page.

Copie-colle ce lien dans ta réponse.

| Alerter

Répondre à OmaR

xixi31800

15 Août 2010 15:36:38

Bonjour,

Moi aussi désolé du retard ^^ et pour le retard c'est tout à fait normal et je trouve déjà super sympa de votre part que vous preniez un peu de votre temps !!

Donc voici ci dessous les rapports :

http://www.cijoint.fr/cjlink.php?file=cj201008/cijqrueE...
http://www.cijoint.fr/cjlink.php?file=cj201008/cijWTFiS...

| Alerter

Répondre à xixi31800

OmaR

15 Août 2010 22:46:23

Bonsoir,

Tu es super infecté !!

1)
Relance OTL.exe.

Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant (Ne le modifie pas):

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\All Users\Application Data\ZinkSeek\zinkseek125.exe ()
PRC - C:\Program Files\ZinkSeek\zinkseek.exe ()
MOD - C:\Program Files\ZinkSeek\zinkseek.dll ()
SRV - (toyylzvo) -- C:\WINDOWS\System32\jkuuprd.dll File not found
SRV - (ZinkSeek Service) -- C:\Documents and Settings\All Users\Application Data\ZinkSeek\zinkseek125.exe ()
FF - prefs.js..keyword.URL: "http://search.search-click.com/?sid=10101019100&s="
FF - user.js..keyword.URL: "http://search.search-click.com/?sid=10101019100&s="
[2010/08/11 15:38:04 | 000,000,000 | ---D | M] (ZinkSeek) -- C:\Program Files\Mozilla Firefox\extensions\{5625662B-83FA-4E4C-9A5D-9833DD2B31A3}
O2 - BHO: (adfauohnpr Object) - {9F36F993-803C-4D8A-B748-ED4740B49163} - C:\WINDOWS\system32\kngcq.dll ()
O2 - BHO: (no name) - {9FCC5E78-3F60-1DC5-4DF5-6BA5AEA1DAE6} - No CLSID value found.
O2 - BHO: (brumauohngrm Object) - {CD0AD3C2-B691-47CA-A57A-B2CBDA4F2BD9} - C:\WINDOWS\system32\gngcq.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O4 - HKLM..\Run: [bipro] C:\WINDOWS\System32\kngcq.dll ()
O4 - HKLM..\Run: [eorezo] File not found
O4 - HKLM..\Run: [MChk] C:\WINDOWS\system32\xngcq.exe ()
O4 - HKLM..\Run: [skb] File not found
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [Kkevapoyowu] C:\WINDOWS\wcdsfv.DLL (CyberLink Corp.)
O15 - HKCU\..Trusted Domains: //@signup.mar@ ([]money in My Computer)
O15 - HKCU\..Trusted Domains: //@surf.mar@ ([]money in Local intranet)
[2010/08/01 14:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Street-Ads
[2010/08/01 14:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sky-Banners
[2010/07/21 18:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\Street-Ads
[2010/07/21 18:35:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\Sky-Banners
[2010/07/21 18:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\ZinkSeek
[2010/07/21 18:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ZinkSeek
[2010/08/15 16:17:09 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat
[2010/08/15 16:17:08 | 000,072,706 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe
[2010/08/15 14:13:47 | 000,072,706 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe_
[2010/08/04 07:00:16 | 000,247,296 | ---- | M] () -- C:\WINDOWS\System32\gngcq.dll
[2010/08/04 06:59:58 | 000,294,912 | ---- | M] () -- C:\WINDOWS\System32\kngcq.dll
[2010/07/30 18:45:05 | 000,000,228 | ---- | M] () -- C:\WINDOWS\System32\winset.ini
[2010/07/21 18:36:20 | 000,049,639 | ---- | M] () -- C:\WINDOWS\System32\lxpkxvvgjepsnuf.exe
[2010/07/30 18:35:25 | 000,000,228 | ---- | C] () -- C:\WINDOWS\System32\winset.ini
[2010/07/21 18:34:50 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\Updater.job
[2010/07/21 18:34:28 | 000,049,639 | ---- | C] () -- C:\WINDOWS\System32\lxpkxvvgjepsnuf.exe
[2010/07/16 19:12:10 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2010/06/17 07:56:14 | 000,310,784 | ---- | C] () -- C:\WINDOWS\System32\gnfiv.dll
[2010/05/25 07:40:14 | 000,309,248 | ---- | C] () -- C:\WINDOWS\System32\sjyebahf.dll
[2010/07/21 18:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZinkSeek
[2010/03/07 14:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\eoRezo
[2010/07/21 18:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Sky-Banners
[2010/07/21 18:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Street-Ads

:Services
SRV - (toyylzvo) -- C:\WINDOWS\System32\jkuuprd.dll File not found
toyylzvo
SRV - (ZinkSeek Service) -- C:\Documents and Settings\All Users\Application Data\ZinkSeek\zinkseek125.exe ()
ZinkSeek Service

:Reg

:Files
C:\Program Files\ZinkSeek\
C:\Documents and Settings\All Users\Application Data\ZinkSeek\
C:\WINDOWS\tasks\At????.job

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Puis clique sur le bouton Correction en haut de la fenêtre.

Laisse le programme travailler, redémarre une fois le fix terminé.

Enfin, poste un nouveau log OTL (cette fois, ne coche pas les cases LOP Check et Purity).

Note : Tu verras peut-être un log s'ouvrir après le fix (c'est le log qui montre si la suppression a réussi). Sauvegarde-le sur ton Bureau et poste-le avec le nouveau log OTL

| Alerter

Répondre à OmaR

xixi31800

16 Août 2010 11:27:59

Oui avec tous les problèmes que j'ai avec cet ordinateur j'imagine bien^^

Voila ci dessous le log OTL :

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named zinkseek125.exe was found!
No active process named zinkseek.exe was found!
Service toyylzvo stopped successfully!
Service toyylzvo deleted successfully!
File C:\WINDOWS\System32\jkuuprd.dll File not found not found.
Service ZinkSeek Service stopped successfully!
Service ZinkSeek Service deleted successfully!
C:\Documents and Settings\All Users\Application Data\ZinkSeek\zinkseek125.exe moved successfully.
Prefs.js: "http://search.search-click.com/?sid=10101019100&s=" removed from keyword.URL
C:\Documents and Settings\Raymond\Application Data\Mozilla\FireFox\Profiles\2xggzj84.default\user.js moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{5625662B-83FA-4E4C-9A5D-9833DD2B31A3}\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{5625662B-83FA-4E4C-9A5D-9833DD2B31A3}\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{5625662B-83FA-4E4C-9A5D-9833DD2B31A3}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{5625662B-83FA-4E4C-9A5D-9833DD2B31A3} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F36F993-803C-4D8A-B748-ED4740B49163}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F36F993-803C-4D8A-B748-ED4740B49163}\ deleted successfully.
C:\WINDOWS\system32\kngcq.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FCC5E78-3F60-1DC5-4DF5-6BA5AEA1DAE6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FCC5E78-3F60-1DC5-4DF5-6BA5AEA1DAE6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD0AD3C2-B691-47CA-A57A-B2CBDA4F2BD9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD0AD3C2-B691-47CA-A57A-B2CBDA4F2BD9}\ deleted successfully.
C:\WINDOWS\system32\gngcq.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bipro deleted successfully.
File C:\WINDOWS\System32\kngcq.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eorezo deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MChk deleted successfully.
C:\WINDOWS\system32\xngcq.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\skb deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Kkevapoyowu deleted successfully.
C:\WINDOWS\wcdsfv.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//@signup.mar@\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//@surf.mar@\ deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\Street-Ads\sta folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Street-Ads folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Sky-Banners\skb folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Sky-Banners folder moved successfully.
C:\Documents and Settings\Raymond\Application Data\Street-Ads\sta folder moved successfully.
C:\Documents and Settings\Raymond\Application Data\Street-Ads folder moved successfully.
C:\Documents and Settings\Raymond\Application Data\Sky-Banners\skb folder moved successfully.
C:\Documents and Settings\Raymond\Application Data\Sky-Banners folder moved successfully.
C:\Program Files\ZinkSeek folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ZinkSeek folder moved successfully.
C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe moved successfully.
File C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe_ not found.
File C:\WINDOWS\System32\gngcq.dll not found.
File C:\WINDOWS\System32\kngcq.dll not found.
C:\WINDOWS\system32\winset.ini moved successfully.
C:\WINDOWS\system32\lxpkxvvgjepsnuf.exe moved successfully.
File C:\WINDOWS\System32\winset.ini not found.
C:\WINDOWS\tasks\Updater.job moved successfully.
File C:\WINDOWS\System32\lxpkxvvgjepsnuf.exe not found.
C:\WINDOWS\system32\iyvu9_32.dll moved successfully.
C:\WINDOWS\system32\gnfiv.dll moved successfully.
C:\WINDOWS\system32\sjyebahf.dll moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\ZinkSeek\ not found.
C:\Documents and Settings\Raymond\Application Data\eoRezo\SoftwareUpdate\Software\itsTV\3.0.1.121 folder moved successfully.
C:\Documents and Settings\Raymond\Application Data\eoRezo\SoftwareUpdate\Software\itsTV folder moved successfully.
C:\Documents and Settings\Raymond\Application Data\eoRezo\SoftwareUpdate\Software folder moved successfully.
C:\Documents and Settings\Raymond\Application Data\eoRezo\SoftwareUpdate\Download folder moved successfully.
C:\Documents and Settings\Raymond\Application Data\eoRezo\SoftwareUpdate folder moved successfully.
C:\Documents and Settings\Raymond\Application Data\eoRezo folder moved successfully.
Folder C:\Documents and Settings\Raymond\Application Data\Sky-Banners\ not found.
Folder C:\Documents and Settings\Raymond\Application Data\Street-Ads\ not found.
========== SERVICES/DRIVERS ==========
Error: No service named SRV - (toyylzvo) -- C:\WINDOWS\System32\jkuuprd.dll File not found was found to stop!
Service\Driver key SRV - (toyylzvo) -- C:\WINDOWS\System32\jkuuprd.dll File not found not found.
Error: No service named toyylzvo was found to stop!
Service\Driver key toyylzvo not found.
Error: No service named SRV - (ZinkSeek Service) -- C:\Documents and Settings\All Users\Application Data\ZinkSeek\zinkseek125.exe () was found to stop!
Service\Driver key SRV - (ZinkSeek Service) -- C:\Documents and Settings\All Users\Application Data\ZinkSeek\zinkseek125.exe () not found.
Error: No service named ZinkSeek Service was found to stop!
Service\Driver key ZinkSeek Service not found.
========== REGISTRY ==========
========== FILES ==========
Folder C:\Program Files\ZinkSeek not found.
Folder C:\Documents and Settings\All Users\Application Data\ZinkSeek not found.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At100.job moved successfully.
C:\WINDOWS\tasks\At1000.job moved successfully.
C:\WINDOWS\tasks\At1001.job moved successfully.
C:\WINDOWS\tasks\At1002.job moved successfully.
C:\WINDOWS\tasks\At1003.job moved successfully.
C:\WINDOWS\tasks\At1004.job moved successfully.
C:\WINDOWS\tasks\At1005.job moved successfully.
C:\WINDOWS\tasks\At1006.job moved successfully.
C:\WINDOWS\tasks\At1007.job moved successfully.
C:\WINDOWS\tasks\At1008.job moved successfully.
C:\WINDOWS\tasks\At1009.job moved successfully.
C:\WINDOWS\tasks\At101.job moved successfully.
C:\WINDOWS\tasks\At1010.job moved successfully.
C:\WINDOWS\tasks\At1011.job moved successfully.
C:\WINDOWS\tasks\At1012.job moved successfully.
C:\WINDOWS\tasks\At1013.job moved successfully.
C:\WINDOWS\tasks\At1014.job moved successfully.
C:\WINDOWS\tasks\At1015.job moved successfully.
C:\WINDOWS\tasks\At1016.job moved successfully.
C:\WINDOWS\tasks\At1017.job moved successfully.
C:\WINDOWS\tasks\At1018.job moved successfully.
C:\WINDOWS\tasks\At1019.job moved successfully.
C:\WINDOWS\tasks\At102.job moved successfully.
C:\WINDOWS\tasks\At1020.job moved successfully.
C:\WINDOWS\tasks\At1021.job moved successfully.
C:\WINDOWS\tasks\At1022.job moved successfully.
C:\WINDOWS\tasks\At1023.job moved successfully.
C:\WINDOWS\tasks\At1024.job moved successfully.
C:\WINDOWS\tasks\At1025.job moved successfully.
C:\WINDOWS\tasks\At1026.job moved successfully.
C:\WINDOWS\tasks\At1027.job moved successfully.
C:\WINDOWS\tasks\At1028.job moved successfully.
C:\WINDOWS\tasks\At1029.job moved successfully.
C:\WINDOWS\tasks\At103.job moved successfully.
C:\WINDOWS\tasks\At1030.job moved successfully.
C:\WINDOWS\tasks\At1031.job moved successfully.
C:\WINDOWS\tasks\At1032.job moved successfully.
C:\WINDOWS\tasks\At1033.job moved successfully.
C:\WINDOWS\tasks\At1034.job moved successfully.
C:\WINDOWS\tasks\At1035.job moved successfully.
C:\WINDOWS\tasks\At1036.job moved successfully.
C:\WINDOWS\tasks\At1037.job moved successfully.
C:\WINDOWS\tasks\At1038.job moved successfully.
C:\WINDOWS\tasks\At1039.job moved successfully.
C:\WINDOWS\tasks\At104.job moved successfully.
C:\WINDOWS\tasks\At1040.job moved successfully.
C:\WINDOWS\tasks\At1041.job moved successfully.
C:\WINDOWS\tasks\At1042.job moved successfully.
C:\WINDOWS\tasks\At1043.job moved successfully.
C:\WINDOWS\tasks\At1044.job moved successfully.
C:\WINDOWS\tasks\At1045.job moved successfully.
C:\WINDOWS\tasks\At1046.job moved successfully.
C:\WINDOWS\tasks\At1047.job moved successfully.
C:\WINDOWS\tasks\At1048.job moved successfully.
C:\WINDOWS\tasks\At1049.job moved successfully.
C:\WINDOWS\tasks\At105.job moved successfully.
C:\WINDOWS\tasks\At1050.job moved successfully.
C:\WINDOWS\tasks\At1051.job moved successfully.
C:\WINDOWS\tasks\At1052.job moved successfully.
C:\WINDOWS\tasks\At1053.job moved successfully.
C:\WINDOWS\tasks\At1054.job moved successfully.
C:\WINDOWS\tasks\At1055.job moved successfully.
C:\WINDOWS\tasks\At1056.job moved successfully.
C:\WINDOWS\tasks\At1057.job moved successfully.
C:\WINDOWS\tasks\At1058.job moved successfully.
C:\WINDOWS\tasks\At1059.job moved successfully.
C:\WINDOWS\tasks\At106.job moved successfully.
C:\WINDOWS\tasks\At1060.job moved successfully.
C:\WINDOWS\tasks\At1061.job moved successfully.
C:\WINDOWS\tasks\At1062.job moved successfully.
C:\WINDOWS\tasks\At1063.job moved successfully.
C:\WINDOWS\tasks\At1064.job moved successfully.
C:\WINDOWS\tasks\At1065.job moved successfully.
C:\WINDOWS\tasks\At1066.job moved successfully.
C:\WINDOWS\tasks\At1067.job moved successfully.
C:\WINDOWS\tasks\At1068.job moved successfully.
C:\WINDOWS\tasks\At1069.job moved successfully.
C:\WINDOWS\tasks\At107.job moved successfully.
C:\WINDOWS\tasks\At1070.job moved successfully.
C:\WINDOWS\tasks\At1071.job moved successfully.
C:\WINDOWS\tasks\At1072.job moved successfully.
C:\WINDOWS\tasks\At1073.job moved successfully.
C:\WINDOWS\tasks\At1074.job moved successfully.
C:\WINDOWS\tasks\At1075.job moved successfully.
C:\WINDOWS\tasks\At1076.job moved successfully.
C:\WINDOWS\tasks\At1077.job moved successfully.
C:\WINDOWS\tasks\At1078.job moved successfully.
C:\WINDOWS\tasks\At1079.job moved successfully.
C:\WINDOWS\tasks\At108.job moved successfully.
C:\WINDOWS\tasks\At1080.job moved successfully.
C:\WINDOWS\tasks\At1081.job moved successfully.
C:\WINDOWS\tasks\At1082.job moved successfully.
C:\WINDOWS\tasks\At1083.job moved successfully.
C:\WINDOWS\tasks\At1084.job moved successfully.
C:\WINDOWS\tasks\At1085.job moved successfully.
C:\WINDOWS\tasks\At1086.job moved successfully.
C:\WINDOWS\tasks\At1087.job moved successfully.
C:\WINDOWS\tasks\At1088.job moved successfully.
C:\WINDOWS\tasks\At1089.job moved successfully.
C:\WINDOWS\tasks\At109.job moved successfully.
C:\WINDOWS\tasks\At1090.job moved successfully.
C:\WINDOWS\tasks\At1091.job moved successfully.
C:\WINDOWS\tasks\At1092.job moved successfully.
C:\WINDOWS\tasks\At1093.job moved successfully.
C:\WINDOWS\tasks\At1094.job moved successfully.
C:\WINDOWS\tasks\At1095.job moved successfully.
C:\WINDOWS\tasks\At1096.job moved successfully.
C:\WINDOWS\tasks\At1097.job moved successfully.
C:\WINDOWS\tasks\At1098.job moved successfully.
C:\WINDOWS\tasks\At1099.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At110.job moved successfully.
C:\WINDOWS\tasks\At1100.job moved successfully.
C:\WINDOWS\tasks\At1101.job moved successfully.
C:\WINDOWS\tasks\At1102.job moved successfully.
C:\WINDOWS\tasks\At1103.job moved successfully.
C:\WINDOWS\tasks\At1104.job moved successfully.
C:\WINDOWS\tasks\At1105.job moved successfully.
C:\WINDOWS\tasks\At1106.job moved successfully.
C:\WINDOWS\tasks\At1107.job moved successfully.
C:\WINDOWS\tasks\At1108.job moved successfully.
C:\WINDOWS\tasks\At1109.job moved successfully.
C:\WINDOWS\tasks\At111.job moved successfully.
C:\WINDOWS\tasks\At1110.job moved successfully.
C:\WINDOWS\tasks\At1111.job moved successfully.
C:\WINDOWS\tasks\At1112.job moved successfully.
C:\WINDOWS\tasks\At1113.job moved successfully.
C:\WINDOWS\tasks\At1114.job moved successfully.
C:\WINDOWS\tasks\At1115.job moved successfully.
C:\WINDOWS\tasks\At1116.job moved successfully.
C:\WINDOWS\tasks\At1117.job moved successfully.
C:\WINDOWS\tasks\At1118.job moved successfully.
C:\WINDOWS\tasks\At1119.job moved successfully.
C:\WINDOWS\tasks\At112.job moved successfully.
C:\WINDOWS\tasks\At1120.job moved successfully.
C:\WINDOWS\tasks\At1121.job moved successfully.
C:\WINDOWS\tasks\At1122.job moved successfully.
C:\WINDOWS\tasks\At1123.job moved successfully.
C:\WINDOWS\tasks\At1124.job moved successfully.
C:\WINDOWS\tasks\At1125.job moved successfully.
C:\WINDOWS\tasks\At1126.job moved successfully.
C:\WINDOWS\tasks\At1127.job moved successfully.
C:\WINDOWS\tasks\At1128.job moved successfully.
C:\WINDOWS\tasks\At1129.job moved successfully.
C:\WINDOWS\tasks\At113.job moved successfully.
C:\WINDOWS\tasks\At1130.job moved successfully.
C:\WINDOWS\tasks\At1131.job moved successfully.
C:\WINDOWS\tasks\At1132.job moved successfully.
C:\WINDOWS\tasks\At1133.job moved successfully.
C:\WINDOWS\tasks\At1134.job moved successfully.
C:\WINDOWS\tasks\At1135.job moved successfully.
C:\WINDOWS\tasks\At1136.job moved successfully.
C:\WINDOWS\tasks\At1137.job moved successfully.
C:\WINDOWS\tasks\At1138.job moved successfully.
C:\WINDOWS\tasks\At1139.job moved successfully.
C:\WINDOWS\tasks\At114.job moved successfully.
C:\WINDOWS\tasks\At1140.job moved successfully.
C:\WINDOWS\tasks\At1141.job moved successfully.
C:\WINDOWS\tasks\At1142.job moved successfully.
C:\WINDOWS\tasks\At1143.job moved successfully.
C:\WINDOWS\tasks\At1144.job moved successfully.
C:\WINDOWS\tasks\At1145.job moved successfully.
C:\WINDOWS\tasks\At1146.job moved successfully.
C:\WINDOWS\tasks\At1147.job moved successfully.
C:\WINDOWS\tasks\At1148.job moved successfully.
C:\WINDOWS\tasks\At1149.job moved successfully.
C:\WINDOWS\tasks\At115.job moved successfully.
C:\WINDOWS\tasks\At1150.job moved successfully.
C:\WINDOWS\tasks\At1151.job moved successfully.
C:\WINDOWS\tasks\At1152.job moved successfully.
C:\WINDOWS\tasks\At1153.job moved successfully.
C:\WINDOWS\tasks\At1154.job moved successfully.
C:\WINDOWS\tasks\At1155.job moved successfully.
C:\WINDOWS\tasks\At1156.job moved successfully.
C:\WINDOWS\tasks\At1157.job moved successfully.
C:\WINDOWS\tasks\At1158.job moved successfully.
C:\WINDOWS\tasks\At1159.job moved successfully.
C:\WINDOWS\tasks\At116.job moved successfully.
C:\WINDOWS\tasks\At1160.job moved successfully.
C:\WINDOWS\tasks\At1161.job moved successfully.
C:\WINDOWS\tasks\At1162.job moved successfully.
C:\WINDOWS\tasks\At1163.job moved successfully.
C:\WINDOWS\tasks\At1164.job moved successfully.
C:\WINDOWS\tasks\At1165.job moved successfully.
C:\WINDOWS\tasks\At1166.job moved successfully.
C:\WINDOWS\tasks\At1167.job moved successfully.
C:\WINDOWS\tasks\At1168.job moved successfully.
C:\WINDOWS\tasks\At1169.job moved successfully.
C:\WINDOWS\tasks\At117.job moved successfully.
C:\WINDOWS\tasks\At1170.job moved successfully.
C:\WINDOWS\tasks\At1171.job moved successfully.
C:\WINDOWS\tasks\At1172.job moved successfully.
C:\WINDOWS\tasks\At1173.job moved successfully.
C:\WINDOWS\tasks\At1174.job moved successfully.
C:\WINDOWS\tasks\At1175.job moved successfully.
C:\WINDOWS\tasks\At1176.job moved successfully.
C:\WINDOWS\tasks\At1177.job moved successfully.
C:\WINDOWS\tasks\At1178.job moved successfully.
C:\WINDOWS\tasks\At1179.job moved successfully.
C:\WINDOWS\tasks\At118.job moved successfully.
C:\WINDOWS\tasks\At1180.job moved successfully.
C:\WINDOWS\tasks\At1181.job moved successfully.
C:\WINDOWS\tasks\At1182.job moved successfully.
C:\WINDOWS\tasks\At1183.job moved successfully.
C:\WINDOWS\tasks\At1184.job moved successfully.
C:\WINDOWS\tasks\At1185.job moved successfully.
C:\WINDOWS\tasks\At1186.job moved successfully.
C:\WINDOWS\tasks\At1187.job moved successfully.
C:\WINDOWS\tasks\At1188.job moved successfully.
C:\WINDOWS\tasks\At1189.job moved successfully.
C:\WINDOWS\tasks\At119.job moved successfully.
C:\WINDOWS\tasks\At1190.job moved successfully.
C:\WINDOWS\tasks\At1191.job moved successfully.
C:\WINDOWS\tasks\At1192.job moved successfully.
C:\WINDOWS\tasks\At1193.job moved successfully.
C:\WINDOWS\tasks\At1194.job moved successfully.
C:\WINDOWS\tasks\At1195.job moved successfully.
C:\WINDOWS\tasks\At1196.job moved successfully.
C:\WINDOWS\tasks\At1197.job moved successfully.
C:\WINDOWS\tasks\At1198.job moved successfully.
C:\WINDOWS\tasks\At1199.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At120.job moved successfully.
C:\WINDOWS\tasks\At1200.job moved successfully.
C:\WINDOWS\tasks\At1201.job moved successfully.
C:\WINDOWS\tasks\At1202.job moved successfully.
C:\WINDOWS\tasks\At1203.job moved successfully.
C:\WINDOWS\tasks\At1204.job moved successfully.
C:\WINDOWS\tasks\At1205.job moved successfully.
C:\WINDOWS\tasks\At1206.job moved successfully.
C:\WINDOWS\tasks\At1207.job moved successfully.
C:\WINDOWS\tasks\At1208.job moved successfully.
C:\WINDOWS\tasks\At1209.job moved successfully.
C:\WINDOWS\tasks\At121.job moved successfully.
C:\WINDOWS\tasks\At1210.job moved successfully.
C:\WINDOWS\tasks\At1211.job moved successfully.
C:\WINDOWS\tasks\At1212.job moved successfully.
C:\WINDOWS\tasks\At1213.job moved successfully.
C:\WINDOWS\tasks\At1214.job moved successfully.
C:\WINDOWS\tasks\At1215.job moved successfully.
C:\WINDOWS\tasks\At1216.job moved successfully.
C:\WINDOWS\tasks\At1217.job moved successfully.
C:\WINDOWS\tasks\At1218.job moved successfully.
C:\WINDOWS\tasks\At1219.job moved successfully.
C:\WINDOWS\tasks\At122.job moved successfully.
C:\WINDOWS\tasks\At1220.job moved successfully.
C:\WINDOWS\tasks\At1221.job moved successfully.
C:\WINDOWS\tasks\At1222.job moved successfully.
C:\WINDOWS\tasks\At1223.job moved successfully.
C:\WINDOWS\tasks\At1224.job moved successfully.
C:\WINDOWS\tasks\At1225.job moved successfully.
C:\WINDOWS\tasks\At1226.job moved successfully.
C:\WINDOWS\tasks\At1227.job moved successfully.
C:\WINDOWS\tasks\At1228.job moved successfully.
C:\WINDOWS\tasks\At1229.job moved successfully.
C:\WINDOWS\tasks\At123.job moved successfully.
C:\WINDOWS\tasks\At1230.job moved successfully.
C:\WINDOWS\tasks\At1231.job moved successfully.
C:\WINDOWS\tasks\At1232.job moved successfully.
C:\WINDOWS\tasks\At1233.job moved successfully.
C:\WINDOWS\tasks\At1234.job moved successfully.
C:\WINDOWS\tasks\At1235.job moved successfully.
C:\WINDOWS\tasks\At1236.job moved successfully.
C:\WINDOWS\tasks\At1237.job moved successfully.
C:\WINDOWS\tasks\At1238.job moved successfully.
C:\WINDOWS\tasks\At1239.job moved successfully.
C:\WINDOWS\tasks\At124.job moved successfully.
C:\WINDOWS\tasks\At1240.job moved successfully.
C:\WINDOWS\tasks\At1241.job moved successfully.
C:\WINDOWS\tasks\At1242.job moved successfully.
C:\WINDOWS\tasks\At1243.job moved successfully.
C:\WINDOWS\tasks\At1244.job moved successfully.
C:\WINDOWS\tasks\At1245.job moved successfully.
C:\WINDOWS\tasks\At1246.job moved successfully.
C:\WINDOWS\tasks\At1247.job moved successfully.
C:\WINDOWS\tasks\At1248.job moved successfully.
C:\WINDOWS\tasks\At1249.job moved successfully.
C:\WINDOWS\tasks\At125.job moved successfully.
C:\WINDOWS\tasks\At1250.job moved successfully.
C:\WINDOWS\tasks\At1251.job moved successfully.
C:\WINDOWS\tasks\At1252.job moved successfully.
C:\WINDOWS\tasks\At1253.job moved successfully.
C:\WINDOWS\tasks\At1254.job moved successfully.
C:\WINDOWS\tasks\At1255.job moved successfully.
C:\WINDOWS\tasks\At1256.job moved successfully.
C:\WINDOWS\tasks\At1257.job moved successfully.
C:\WINDOWS\tasks\At1258.job moved successfully.
C:\WINDOWS\tasks\At1259.job moved successfully.
C:\WINDOWS\tasks\At126.job moved successfully.
C:\WINDOWS\tasks\At1260.job moved successfully.
C:\WINDOWS\tasks\At1261.job moved successfully.
C:\WINDOWS\tasks\At1262.job moved successfully.
C:\WINDOWS\tasks\At1263.job moved successfully.
C:\WINDOWS\tasks\At1264.job moved successfully.
C:\WINDOWS\tasks\At1265.job moved successfully.
C:\WINDOWS\tasks\At1266.job moved successfully.
C:\WINDOWS\tasks\At1267.job moved successfully.
C:\WINDOWS\tasks\At1268.job moved successfully.
C:\WINDOWS\tasks\At1269.job moved successfully.
C:\WINDOWS\tasks\At127.job moved successfully.
C:\WINDOWS\tasks\At1270.job moved successfully.
C:\WINDOWS\tasks\At1271.job moved successfully.
C:\WINDOWS\tasks\At1272.job moved successfully.
C:\WINDOWS\tasks\At1273.job moved successfully.
C:\WINDOWS\tasks\At1274.job moved successfully.
C:\WINDOWS\tasks\At1275.job moved successfully.
C:\WINDOWS\tasks\At1276.job moved successfully.
C:\WINDOWS\tasks\At1277.job moved successfully.
C:\WINDOWS\tasks\At1278.job moved successfully.
C:\WINDOWS\tasks\At1279.job moved successfully.
C:\WINDOWS\tasks\At128.job moved successfully.
C:\WINDOWS\tasks\At1280.job moved successfully.
C:\WINDOWS\tasks\At1281.job moved successfully.
C:\WINDOWS\tasks\At1282.job moved successfully.
C:\WINDOWS\tasks\At1283.job moved successfully.
C:\WINDOWS\tasks\At1284.job moved successfully.
C:\WINDOWS\tasks\At1285.job moved successfully.
C:\WINDOWS\tasks\At1286.job moved successfully.
C:\WINDOWS\tasks\At1287.job moved successfully.
C:\WINDOWS\tasks\At1288.job moved successfully.
C:\WINDOWS\tasks\At1289.job moved successfully.
C:\WINDOWS\tasks\At129.job moved successfully.
C:\WINDOWS\tasks\At1290.job moved successfully.
C:\WINDOWS\tasks\At1291.job moved successfully.
C:\WINDOWS\tasks\At1292.job moved successfully.
C:\WINDOWS\tasks\At1293.job moved successfully.
C:\WINDOWS\tasks\At1294.job moved successfully.
C:\WINDOWS\tasks\At1295.job moved successfully.
C:\WINDOWS\tasks\At1296.job moved successfully.
C:\WINDOWS\tasks\At1297.job moved successfully.
C:\WINDOWS\tasks\At1298.job moved successfully.
C:\WINDOWS\tasks\At1299.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At130.job moved successfully.
C:\WINDOWS\tasks\At1300.job moved successfully.
C:\WINDOWS\tasks\At1301.job moved successfully.
C:\WINDOWS\tasks\At1302.job moved successfully.
C:\WINDOWS\tasks\At1303.job moved successfully.
C:\WINDOWS\tasks\At1304.job moved successfully.
C:\WINDOWS\tasks\At1305.job moved successfully.
C:\WINDOWS\tasks\At1306.job moved successfully.
C:\WINDOWS\tasks\At1307.job moved successfully.
C:\WINDOWS\tasks\At1308.job moved successfully.
C:\WINDOWS\tasks\At1309.job moved successfully.
C:\WINDOWS\tasks\At131.job moved successfully.
C:\WINDOWS\tasks\At1310.job moved successfully.
C:\WINDOWS\tasks\At1311.job moved successfully.
C:\WINDOWS\tasks\At1312.job moved successfully.
C:\WINDOWS\tasks\At1313.job moved successfully.
C:\WINDOWS\tasks\At1314.job moved successfully.
C:\WINDOWS\tasks\At1315.job moved successfully.
C:\WINDOWS\tasks\At1316.job moved successfully.
C:\WINDOWS\tasks\At1317.job moved successfully.
C:\WINDOWS\tasks\At1318.job moved successfully.
C:\WINDOWS\tasks\At1319.job moved successfully.
C:\WINDOWS\tasks\At132.job moved successfully.
C:\WINDOWS\tasks\At1320.job moved successfully.
C:\WINDOWS\tasks\At1321.job moved successfully.
C:\WINDOWS\tasks\At1322.job moved successfully.
C:\WINDOWS\tasks\At1323.job moved successfully.
C:\WINDOWS\tasks\At1324.job moved successfully.
C:\WINDOWS\tasks\At1325.job moved successfully.
C:\WINDOWS\tasks\At1326.job moved successfully.
C:\WINDOWS\tasks\At1327.job moved successfully.
C:\WINDOWS\tasks\At1328.job moved successfully.
C:\WINDOWS\tasks\At1329.job moved successfully.
C:\WINDOWS\tasks\At133.job moved successfully.
C:\WINDOWS\tasks\At1330.job moved successfully.
C:\WINDOWS\tasks\At1331.job moved successfully.
C:\WINDOWS\tasks\At1332.job moved successfully.
C:\WINDOWS\tasks\At1333.job moved successfully.
C:\WINDOWS\tasks\At1334.job moved successfully.
C:\WINDOWS\tasks\At1335.job moved successfully.
C:\WINDOWS\tasks\At1336.job moved successfully.
C:\WINDOWS\tasks\At1337.job moved successfully.
C:\WINDOWS\tasks\At1338.job moved successfully.
C:\WINDOWS\tasks\At1339.job moved successfully.
C:\WINDOWS\tasks\At134.job moved successfully.
C:\WINDOWS\tasks\At1340.job moved successfully.
C:\WINDOWS\tasks\At1341.job moved successfully.
C:\WINDOWS\tasks\At1342.job moved successfully.
C:\WINDOWS\tasks\At1343.job moved successfully.
C:\WINDOWS\tasks\At1344.job moved successfully.
C:\WINDOWS\tasks\At1345.job moved successfully.
C:\WINDOWS\tasks\At1346.job moved successfully.
C:\WINDOWS\tasks\At1347.job moved successfully.
C:\WINDOWS\tasks\At1348.job moved successfully.
C:\WINDOWS\tasks\At1349.job moved successfully.
C:\WINDOWS\tasks\At135.job moved successfully.
C:\WINDOWS\tasks\At1350.job moved successfully.
C:\WINDOWS\tasks\At1351.job moved successfully.
C:\WINDOWS\tasks\At1352.job moved successfully.
C:\WINDOWS\tasks\At1353.job moved successfully.
C:\WINDOWS\tasks\At1354.job moved successfully.
C:\WINDOWS\tasks\At1355.job moved successfully.
C:\WINDOWS\tasks\At1356.job moved successfully.
C:\WINDOWS\tasks\At1357.job moved successfully.
C:\WINDOWS\tasks\At1358.job moved successfully.
C:\WINDOWS\tasks\At1359.job moved successfully.
C:\WINDOWS\tasks\At136.job moved successfully.
C:\WINDOWS\tasks\At1360.job moved successfully.
C:\WINDOWS\tasks\At1361.job moved successfully.
C:\WINDOWS\tasks\At1362.job moved successfully.
C:\WINDOWS\tasks\At1363.job moved successfully.
C:\WINDOWS\tasks\At1364.job moved successfully.
C:\WINDOWS\tasks\At1365.job moved successfully.
C:\WINDOWS\tasks\At1366.job moved successfully.
C:\WINDOWS\tasks\At1367.job moved successfully.
C:\WINDOWS\tasks\At1368.job moved successfully.
C:\WINDOWS\tasks\At1369.job moved successfully.
C:\WINDOWS\tasks\At137.job moved successfully.
C:\WINDOWS\tasks\At1370.job moved successfully.
C:\WINDOWS\tasks\At1371.job moved successfully.
C:\WINDOWS\tasks\At1372.job moved successfully.
C:\WINDOWS\tasks\At1373.job moved successfully.
C:\WINDOWS\tasks\At1374.job moved successfully.
C:\WINDOWS\tasks\At1375.job moved successfully.
C:\WINDOWS\tasks\At1376.job moved successfully.
C:\WINDOWS\tasks\At1377.job moved successfully.
C:\WINDOWS\tasks\At1378.job moved successfully.
C:\WINDOWS\tasks\At1379.job moved successfully.
C:\WINDOWS\tasks\At138.job moved successfully.
C:\WINDOWS\tasks\At1380.job moved successfully.
C:\WINDOWS\tasks\At1381.job moved successfully.
C:\WINDOWS\tasks\At1382.job moved successfully.
C:\WINDOWS\tasks\At1383.job moved successfully.
C:\WINDOWS\tasks\At1384.job moved successfully.
C:\WINDOWS\tasks\At1385.job moved successfully.
C:\WINDOWS\tasks\At1386.job moved successfully.
C:\WINDOWS\tasks\At1387.job moved successfully.
C:\WINDOWS\tasks\At1388.job moved successfully.
C:\WINDOWS\tasks\At1389.job moved successfully.
C:\WINDOWS\tasks\At139.job moved successfully.
C:\WINDOWS\tasks\At1390.job moved successfully.
C:\WINDOWS\tasks\At1391.job moved successfully.
C:\WINDOWS\tasks\At1392.job moved successfully.
C:\WINDOWS\tasks\At1393.job moved successfully.
C:\WINDOWS\tasks\At1394.job moved successfully.
C:\WINDOWS\tasks\At1395.job moved successfully.
C:\WINDOWS\tasks\At1396.job moved successfully.
C:\WINDOWS\tasks\At1397.job moved successfully.
C:\WINDOWS\tasks\At1398.job moved successfully.
C:\WINDOWS\tasks\At1399.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At140.job moved successfully.
C:\WINDOWS\tasks\At1400.job moved successfully.
C:\WINDOWS\tasks\At1401.job moved successfully.
C:\WINDOWS\tasks\At1402.job moved successfully.
C:\WINDOWS\tasks\At1403.job moved successfully.
C:\WINDOWS\tasks\At1404.job moved successfully.
C:\WINDOWS\tasks\At1405.job moved successfully.
C:\WINDOWS\tasks\At1406.job moved successfully.
C:\WINDOWS\tasks\At1407.job moved successfully.
C:\WINDOWS\tasks\At1408.job moved successfully.
C:\WINDOWS\tasks\At1409.job moved successfully.
C:\WINDOWS\tasks\At141.job moved successfully.
C:\WINDOWS\tasks\At1410.job moved successfully.
C:\WINDOWS\tasks\At1411.job moved successfully.
C:\WINDOWS\tasks\At1412.job moved successfully.
C:\WINDOWS\tasks\At1413.job moved successfully.
C:\WINDOWS\tasks\At1414.job moved successfully.
C:\WINDOWS\tasks\At1415.job moved successfully.
C:\WINDOWS\tasks\At1416.job moved successfully.
C:\WINDOWS\tasks\At1417.job moved successfully.
C:\WINDOWS\tasks\At1418.job moved successfully.
C:\WINDOWS\tasks\At1419.job moved successfully.
C:\WINDOWS\tasks\At142.job moved successfully.
C:\WINDOWS\tasks\At1420.job moved successfully.
C:\WINDOWS\tasks\At1421.job moved successfully.
C:\WINDOWS\tasks\At1422.job moved successfully.
C:\WINDOWS\tasks\At1423.job moved successfully.
C:\WINDOWS\tasks\At1424.job moved successfully.
C:\WINDOWS\tasks\At1425.job moved successfully.
C:\WINDOWS\tasks\At1426.job moved successfully.
C:\WINDOWS\tasks\At1427.job moved successfully.
C:\WINDOWS\tasks\At1428.job moved successfully.
C:\WINDOWS\tasks\At1429.job moved successfully.
C:\WINDOWS\tasks\At143.job moved successfully.
C:\WINDOWS\tasks\At1430.job moved successfully.
C:\WINDOWS\tasks\At1431.job moved successfully.
C:\WINDOWS\tasks\At1432.job moved successfully.
C:\WINDOWS\tasks\At1433.job moved successfully.
C:\WINDOWS\tasks\At1434.job moved successfully.
C:\WINDOWS\tasks\At1435.job moved successfully.
C:\WINDOWS\tasks\At1436.job moved successfully.
C:\WINDOWS\tasks\At1437.job moved successfully.
C:\WINDOWS\tasks\At1438.job moved successfully.
C:\WINDOWS\tasks\At1439.job moved successfully.
C:\WINDOWS\tasks\At144.job moved successfully.
C:\WINDOWS\tasks\At1440.job moved successfully.
C:\WINDOWS\tasks\At1441.job moved successfully.
C:\WINDOWS\tasks\At1442.job moved successfully.
C:\WINDOWS\tasks\At1443.job moved successfully.
C:\WINDOWS\tasks\At1444.job moved successfully.
C:\WINDOWS\tasks\At1445.job moved successfully.
C:\WINDOWS\tasks\At1446.job moved successfully.
C:\WINDOWS\tasks\At1447.job moved successfully.
C:\WINDOWS\tasks\At1448.job moved successfully.
C:\WINDOWS\tasks\At1449.job moved successfully.
C:\WINDOWS\tasks\At145.job moved successfully.
C:\WINDOWS\tasks\At1450.job moved successfully.
C:\WINDOWS\tasks\At1451.job moved successfully.
C:\WINDOWS\tasks\At1452.job moved successfully.
C:\WINDOWS\tasks\At1453.job moved successfully.
C:\WINDOWS\tasks\At1454.job moved successfully.
C:\WINDOWS\tasks\At1455.job moved successfully.
C:\WINDOWS\tasks\At1456.job moved successfully.
C:\WINDOWS\tasks\At1457.job moved successfully.
C:\WINDOWS\tasks\At1458.job moved successfully.
C:\WINDOWS\tasks\At1459.job moved successfully.
C:\WINDOWS\tasks\At146.job moved successfully.
C:\WINDOWS\tasks\At1460.job moved successfully.
C:\WINDOWS\tasks\At1461.job moved successfully.
C:\WINDOWS\tasks\At1462.job moved successfully.
C:\WINDOWS\tasks\At1463.job moved successfully.
C:\WINDOWS\tasks\At1464.job moved successfully.
C:\WINDOWS\tasks\At1465.job moved successfully.
C:\WINDOWS\tasks\At1466.job moved successfully.
C:\WINDOWS\tasks\At1467.job moved successfully.
C:\WINDOWS\tasks\At1468.job moved successfully.
C:\WINDOWS\tasks\At1469.job moved successfully.
C:\WINDOWS\tasks\At147.job moved successfully.
C:\WINDOWS\tasks\At1470.job moved successfully.
C:\WINDOWS\tasks\At1471.job moved successfully.
C:\WINDOWS\tasks\At1472.job moved successfully.
C:\WINDOWS\tasks\At1473.job moved successfully.
C:\WINDOWS\tasks\At1474.job moved successfully.
C:\WINDOWS\tasks\At1475.job moved successfully.
C:\WINDOWS\tasks\At1476.job moved successfully.
C:\WINDOWS\tasks\At1477.job moved successfully.
C:\WINDOWS\tasks\At1478.job moved successfully.
C:\WINDOWS\tasks\At1479.job moved successfully.
C:\WINDOWS\tasks\At148.job moved successfully.
C:\WINDOWS\tasks\At1480.job moved successfully.
C:\WINDOWS\tasks\At1481.job moved successfully.
C:\WINDOWS\tasks\At1482.job moved successfully.
C:\WINDOWS\tasks\At1483.job moved successfully.
C:\WINDOWS\tasks\At1484.job moved successfully.
C:\WINDOWS\tasks\At1485.job moved successfully.
C:\WINDOWS\tasks\At1486.job moved successfully.
C:\WINDOWS\tasks\At1487.job moved successfully.
C:\WINDOWS\tasks\At1488.job moved successfully.
C:\WINDOWS\tasks\At1489.job moved successfully.
C:\WINDOWS\tasks\At149.job moved successfully.
C:\WINDOWS\tasks\At1490.job moved successfully.
C:\WINDOWS\tasks\At1491.job moved successfully.
C:\WINDOWS\tasks\At1492.job moved successfully.
C:\WINDOWS\tasks\At1493.job moved successfully.
C:\WINDOWS\tasks\At1494.job moved successfully.
C:\WINDOWS\tasks\At1495.job moved successfully.
C:\WINDOWS\tasks\At1496.job moved successfully.
C:\WINDOWS\tasks\At1497.job moved successfully.
C:\WINDOWS\tasks\At1498.job moved successfully.
C:\WINDOWS\tasks\At1499.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At150.job moved successfully.
C:\WINDOWS\tasks\At1500.job moved successfully.
C:\WINDOWS\tasks\At1501.job moved successfully.
C:\WINDOWS\tasks\At1502.job moved successfully.
C:\WINDOWS\tasks\At1503.job moved successfully.
C:\WINDOWS\tasks\At1504.job moved successfully.
C:\WINDOWS\tasks\At1505.job moved successfully.
C:\WINDOWS\tasks\At1506.job moved successfully.
C:\WINDOWS\tasks\At1507.job moved successfully.
C:\WINDOWS\tasks\At1508.job moved successfully.
C:\WINDOWS\tasks\At1509.job moved successfully.
C:\WINDOWS\tasks\At151.job moved successfully.
C:\WINDOWS\tasks\At1510.job moved successfully.
C:\WINDOWS\tasks\At1511.job moved successfully.
C:\WINDOWS\tasks\At1512.job moved successfully.
C:\WINDOWS\tasks\At1513.job moved successfully.
C:\WINDOWS\tasks\At1514.job moved successfully.
C:\WINDOWS\tasks\At1515.job moved successfully.
C:\WINDOWS\tasks\At1516.job moved successfully.
C:\WINDOWS\tasks\At1517.job moved successfully.
C:\WINDOWS\tasks\At1518.job moved successfully.
C:\WINDOWS\tasks\At1519.job moved successfully.
C:\WINDOWS\tasks\At152.job moved successfully.
C:\WINDOWS\tasks\At1520.job moved successfully.
C:\WINDOWS\tasks\At1521.job moved successfully.
C:\WINDOWS\tasks\At1522.job moved successfully.
C:\WINDOWS\tasks\At1523.job moved successfully.
C:\WINDOWS\tasks\At1524.job moved successfully.
C:\WINDOWS\tasks\At1525.job moved successfully.
C:\WINDOWS\tasks\At1526.job moved successfully.
C:\WINDOWS\tasks\At1527.job moved successfully.
C:\WINDOWS\tasks\At1528.job moved successfully.
C:\WINDOWS\tasks\At1529.job moved successfully.
C:\WINDOWS\tasks\At153.job moved successfully.
C:\WINDOWS\tasks\At1530.job moved successfully.
C:\WINDOWS\tasks\At1531.job moved successfully.
C:\WINDOWS\tasks\At1532.job moved successfully.
C:\WINDOWS\tasks\At1533.job moved successfully.
C:\WINDOWS\tasks\At1534.job moved successfully.
C:\WINDOWS\tasks\At1535.job moved successfully.
C:\WINDOWS\tasks\At1536.job moved successfully.
C:\WINDOWS\tasks\At1537.job moved successfully.
C:\WINDOWS\tasks\At1538.job moved successfully.
C:\WINDOWS\tasks\At1539.job moved successfully.
C:\WINDOWS\tasks\At154.job moved successfully.
C:\WINDOWS\tasks\At1540.job moved successfully.
C:\WINDOWS\tasks\At1541.job moved successfully.
C:\WINDOWS\tasks\At1542.job moved successfully.
C:\WINDOWS\tasks\At1543.job moved successfully.
C:\WINDOWS\tasks\At1544.job moved successfully.
C:\WINDOWS\tasks\At1545.job moved successfully.
C:\WINDOWS\tasks\At1546.job moved successfully.
C:\WINDOWS\tasks\At1547.job moved successfully.
C:\WINDOWS\tasks\At1548.job moved successfully.
C:\WINDOWS\tasks\At1549.job moved successfully.
C:\WINDOWS\tasks\At155.job moved successfully.
C:\WINDOWS\tasks\At1550.job moved successfully.
C:\WINDOWS\tasks\At1551.job moved successfully.
C:\WINDOWS\tasks\At1552.job moved successfully.
C:\WINDOWS\tasks\At1553.job moved successfully.
C:\WINDOWS\tasks\At1554.job moved successfully.
C:\WINDOWS\tasks\At1555.job moved successfully.
C:\WINDOWS\tasks\At1556.job moved successfully.
C:\WINDOWS\tasks\At1557.job moved successfully.
C:\WINDOWS\tasks\At1558.job moved successfully.
C:\WINDOWS\tasks\At1559.job moved successfully.
C:\WINDOWS\tasks\At156.job moved successfully.
C:\WINDOWS\tasks\At1560.job moved successfully.
C:\WINDOWS\tasks\At1561.job moved successfully.
C:\WINDOWS\tasks\At1562.job moved successfully.
C:\WINDOWS\tasks\At1563.job moved successfully.
C:\WINDOWS\tasks\At1564.job moved successfully.
C:\WINDOWS\tasks\At1565.job moved successfully.
C:\WINDOWS\tasks\At1566.job moved successfully.
C:\WINDOWS\tasks\At1567.job moved successfully.
C:\WINDOWS\tasks\At1568.job moved successfully.
C:\WINDOWS\tasks\At1569.job moved successfully.
C:\WINDOWS\tasks\At157.job moved successfully.
C:\WINDOWS\tasks\At1570.job moved successfully.
C:\WINDOWS\tasks\At1571.job moved successfully.
C:\WINDOWS\tasks\At1572.job moved successfully.
C:\WINDOWS\tasks\At1573.job moved successfully.
C:\WINDOWS\tasks\At1574.job moved successfully.
C:\WINDOWS\tasks\At1575.job moved successfully.
C:\WINDOWS\tasks\At1576.job moved successfully.
C:\WINDOWS\tasks\At1577.job moved successfully.
C:\WINDOWS\tasks\At1578.job moved successfully.
C:\WINDOWS\tasks\At1579.job moved successfully.
C:\WINDOWS\tasks\At158.job moved successfully.
C:\WINDOWS\tasks\At1580.job moved successfully.
C:\WINDOWS\tasks\At1581.job moved successfully.
C:\WINDOWS\tasks\At1582.job moved successfully.
C:\WINDOWS\tasks\At1583.job moved successfully.
C:\WINDOWS\tasks\At1584.job moved successfully.
C:\WINDOWS\tasks\At1585.job moved successfully.
C:\WINDOWS\tasks\At1586.job moved successfully.
C:\WINDOWS\tasks\At1587.job moved successfully.
C:\WINDOWS\tasks\At1588.job moved successfully.
C:\WINDOWS\tasks\At1589.job moved successfully.
C:\WINDOWS\tasks\At159.job moved successfully.
C:\WINDOWS\tasks\At1590.job moved successfully.
C:\WINDOWS\tasks\At1591.job moved successfully.
C:\WINDOWS\tasks\At1592.job moved successfully.
C:\WINDOWS\tasks\At1593.job moved successfully.
C:\WINDOWS\tasks\At1594.job moved successfully.
C:\WINDOWS\tasks\At1595.job moved successfully.
C:\WINDOWS\tasks\At1596.job moved successfully.
C:\WINDOWS\tasks\At1597.job moved successfully.
C:\WINDOWS\tasks\At1598.job moved successfully.
C:\WINDOWS\tasks\At1599.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At160.job moved successfully.
C:\WINDOWS\tasks\At1600.job moved successfully.
C:\WINDOWS\tasks\At1601.job moved successfully.
C:\WINDOWS\tasks\At1602.job moved successfully.
C:\WINDOWS\tasks\At1603.job moved successfully.
C:\WINDOWS\tasks\At1604.job moved successfully.
C:\WINDOWS\tasks\At1605.job moved successfully.
C:\WINDOWS\tasks\At1606.job moved successfully.
C:\WINDOWS\tasks\At1607.job moved successfully.
C:\WINDOWS\tasks\At1608.job moved successfully.
C:\WINDOWS\tasks\At1609.job moved successfully.
C:\WINDOWS\tasks\At161.job moved successfully.
C:\WINDOWS\tasks\At1610.job moved successfully.
C:\WINDOWS\tasks\At1611.job moved successfully.
C:\WINDOWS\tasks\At1612.job moved successfully.
C:\WINDOWS\tasks\At1613.job moved successfully.
C:\WINDOWS\tasks\At1614.job moved successfully.
C:\WINDOWS\tasks\At1615.job moved successfully.
C:\WINDOWS\tasks\At1616.job moved successfully.
C:\WINDOWS\tasks\At1617.job moved successfully.
C:\WINDOWS\tasks\At1618.job moved successfully.
C:\WINDOWS\tasks\At1619.job moved successfully.
C:\WINDOWS\tasks\At162.job moved successfully.
C:\WINDOWS\tasks\At1620.job moved successfully.
C:\WINDOWS\tasks\At1621.job moved successfully.
C:\WINDOWS\tasks\At1622.job moved successfully.
C:\WINDOWS\tasks\At1623.job moved successfully.
C:\WINDOWS\tasks\At1624.job moved successfully.
C:\WINDOWS\tasks\At1625.job moved successfully.
C:\WINDOWS\tasks\At1626.job moved successfully.
C:\WINDOWS\tasks\At1627.job moved successfully.
C:\WINDOWS\tasks\At1628.job moved successfully.
C:\WINDOWS\tasks\At1629.job moved successfully.
C:\WINDOWS\tasks\At163.job moved successfully.
C:\WINDOWS\tasks\At1630.job moved successfully.
C:\WINDOWS\tasks\At1631.job moved successfully.
C:\WINDOWS\tasks\At1632.job moved successfully.
C:\WINDOWS\tasks\At1633.job moved successfully.
C:\WINDOWS\tasks\At1634.job moved successfully.
C:\WINDOWS\tasks\At1635.job moved successfully.
C:\WINDOWS\tasks\At1636.job moved successfully.
C:\WINDOWS\tasks\At1637.job moved successfully.
C:\WINDOWS\tasks\At1638.job moved successfully.
C:\WINDOWS\tasks\At1639.job moved successfully.
C:\WINDOWS\tasks\At164.job moved successfully.
C:\WINDOWS\tasks\At1640.job moved successfully.
C:\WINDOWS\tasks\At1641.job moved successfully.
C:\WINDOWS\tasks\At1642.job moved successfully.
C:\WINDOWS\tasks\At1643.job moved successfully.
C:\WINDOWS\tasks\At1644.job moved successfully.
C:\WINDOWS\tasks\At1645.job moved successfully.
C:\WINDOWS\tasks\At1646.job moved successfully.
C:\WINDOWS\tasks\At1647.job moved successfully.
C:\WINDOWS\tasks\At1648.job moved successfully.
C:\WINDOWS\tasks\At1649.job moved successfully.
C:\WINDOWS\tasks\At165.job moved successfully.
C:\WINDOWS\tasks\At1650.job moved successfully.
C:\WINDOWS\tasks\At1651.job moved successfully.
C:\WINDOWS\tasks\At1652.job moved successfully.
C:\WINDOWS\tasks\At1653.job moved successfully.
C:\WINDOWS\tasks\At1654.job moved successfully.
C:\WINDOWS\tasks\At1655.job moved successfully.
C:\WINDOWS\tasks\At1656.job moved successfully.
C:\WINDOWS\tasks\At1657.job moved successfully.
C:\WINDOWS\tasks\At1658.job moved successfully.
C:\WINDOWS\tasks\At1659.job moved successfully.
C:\WINDOWS\tasks\At166.job moved successfully.
C:\WINDOWS\tasks\At1660.job moved successfully.
C:\WINDOWS\tasks\At1661.job moved successfully.
C:\WINDOWS\tasks\At1662.job moved successfully.
C:\WINDOWS\tasks\At1663.job moved successfully.
C:\WINDOWS\tasks\At1664.job moved successfully.
C:\WINDOWS\tasks\At1665.job moved successfully.
C:\WINDOWS\tasks\At1666.job moved successfully.
C:\WINDOWS\tasks\At1667.job moved successfully.
C:\WINDOWS\tasks\At1668.job moved successfully.
C:\WINDOWS\tasks\At1669.job moved successfully.
C:\WINDOWS\tasks\At167.job moved successfully.
C:\WINDOWS\tasks\At1670.job moved successfully.
C:\WINDOWS\tasks\At1671.job moved successfully.
C:\WINDOWS\tasks\At1672.job moved successfully.
C:\WINDOWS\tasks\At1673.job moved successfully.
C:\WINDOWS\tasks\At1674.job moved successfully.
C:\WINDOWS\tasks\At1675.job moved successfully.
C:\WINDOWS\tasks\At1676.job moved successfully.
C:\WINDOWS\tasks\At1677.job moved successfully.
C:\WINDOWS\tasks\At1678.job moved successfully.
C:\WINDOWS\tasks\At1679.job moved successfully.
C:\WINDOWS\tasks\At168.job moved successfully.
C:\WINDOWS\tasks\At1680.job moved successfully.
C:\WINDOWS\tasks\At1681.job moved successfully.
C:\WINDOWS\tasks\At1682.job moved successfully.
C:\WINDOWS\tasks\At1683.job moved successfully.
C:\WINDOWS\tasks\At1684.job moved successfully.
C:\WINDOWS\tasks\At1685.job moved successfully.
C:\WINDOWS\tasks\At1686.job moved successfully.
C:\WINDOWS\tasks\At1687.job moved successfully.
C:\WINDOWS\tasks\At1688.job moved successfully.
C:\WINDOWS\tasks\At1689.job moved successfully.
C:\WINDOWS\tasks\At169.job moved successfully.
C:\WINDOWS\tasks\At1690.job moved successfully.
C:\WINDOWS\tasks\At1691.job moved successfully.
C:\WINDOWS\tasks\At1692.job moved successfully.
C:\WINDOWS\tasks\At1693.job moved successfully.
C:\WINDOWS\tasks\At1694.job moved successfully.
C:\WINDOWS\tasks\At1695.job moved successfully.
C:\WINDOWS\tasks\At1696.job moved successfully.
C:\WINDOWS\tasks\At1697.job moved successfully.
C:\WINDOWS\tasks\At1698.job moved successfully.
C:\WINDOWS\tasks\At1699.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At170.job moved successfully.
C:\WINDOWS\tasks\At1700.job moved successfully.
C:\WINDOWS\tasks\At1701.job moved successfully.
C:\WINDOWS\tasks\At1702.job moved successfully.
C:\WINDOWS\tasks\At1703.job moved successfully.
C:\WINDOWS\tasks\At1704.job moved successfully.
C:\WINDOWS\tasks\At1705.job moved successfully.
C:\WINDOWS\tasks\At1706.job moved successfully.
C:\WINDOWS\tasks\At1707.job moved successfully.
C:\WINDOWS\tasks\At1708.job moved successfully.
C:\WINDOWS\tasks\At1709.job moved successfully.
C:\WINDOWS\tasks\At171.job moved successfully.
C:\WINDOWS\tasks\At1710.job moved successfully.
C:\WINDOWS\tasks\At1711.job moved successfully.
C:\WINDOWS\tasks\At1712.job moved successfully.
C:\WINDOWS\tasks\At1713.job moved successfully.
C:\WINDOWS\tasks\At1714.job moved successfully.
C:\WINDOWS\tasks\At1715.job moved successfully.
C:\WINDOWS\tasks\At1716.job moved successfully.
C:\WINDOWS\tasks\At1717.job moved successfully.
C:\WINDOWS\tasks\At1718.job moved successfully.
C:\WINDOWS\tasks\At1719.job moved successfully.
C:\WINDOWS\tasks\At172.job moved successfully.
C:\WINDOWS\tasks\At1720.job moved successfully.
C:\WINDOWS\tasks\At1721.job moved successfully.
C:\WINDOWS\tasks\At1722.job moved successfully.
C:\WINDOWS\tasks\At1723.job moved successfully.
C:\WINDOWS\tasks\At1724.job moved successfully.
C:\WINDOWS\tasks\At1725.job moved successfully.
C:\WINDOWS\tasks\At1726.job moved successfully.
C:\WINDOWS\tasks\At1727.job moved successfully.
C:\WINDOWS\tasks\At1728.job moved successfully.
C:\WINDOWS\tasks\At1729.job moved successfully.
C:\WINDOWS\tasks\At173.job moved successfully.
C:\WINDOWS\tasks\At1730.job moved successfully.
C:\WINDOWS\tasks\At1731.job moved successfully.
C:\WINDOWS\tasks\At1732.job moved successfully.
C:\WINDOWS\tasks\At1733.job moved successfully.
C:\WINDOWS\tasks\At1734.job moved successfully.
C:\WINDOWS\tasks\At1735.job moved successfully.
C:\WINDOWS\tasks\At1736.job moved successfully.
C:\WINDOWS\tasks\At1737.job moved successfully.
C:\WINDOWS\tasks\At1738.job moved successfully.
C:\WINDOWS\tasks\At1739.job moved successfully.
C:\WINDOWS\tasks\At174.job moved successfully.
C:\WINDOWS\tasks\At1740.job moved successfully.
C:\WINDOWS\tasks\At1741.job moved successfully.
C:\WINDOWS\tasks\At1742.job moved successfully.
C:\WINDOWS\tasks\At1743.job moved successfully.
C:\WINDOWS\tasks\At1744.job moved successfully.
C:\WINDOWS\tasks\At1745.job moved successfully.
C:\WINDOWS\tasks\At1746.job moved successfully.
C:\WINDOWS\tasks\At1747.job moved successfully.
C:\WINDOWS\tasks\At1748.job moved successfully.
C:\WINDOWS\tasks\At1749.job moved successfully.
C:\WINDOWS\tasks\At175.job moved successfully.
C:\WINDOWS\tasks\At1750.job moved successfully.
C:\WINDOWS\tasks\At1751.job moved successfully.
C:\WINDOWS\tasks\At1752.job moved successfully.
C:\WINDOWS\tasks\At1753.job moved successfully.
C:\WINDOWS\tasks\At1754.job moved successfully.
C:\WINDOWS\tasks\At1755.job moved successfully.
C:\WINDOWS\tasks\At1756.job moved successfully.
C:\WINDOWS\tasks\At1757.job moved successfully.
C:\WINDOWS\tasks\At1758.job moved successfully.
C:\WINDOWS\tasks\At1759.job moved successfully.
C:\WINDOWS\tasks\At176.job moved successfully.
C:\WINDOWS\tasks\At1760.job moved successfully.
C:\WINDOWS\tasks\At1761.job moved successfully.
C:\WINDOWS\tasks\At1762.job moved successfully.
C:\WINDOWS\tasks\At1763.job moved successfully.
C:\WINDOWS\tasks\At1764.job moved successfully.
C:\WINDOWS\tasks\At1765.job moved successfully.
C:\WINDOWS\tasks\At1766.job moved successfully.
C:\WINDOWS\tasks\At1767.job moved successfully.
C:\WINDOWS\tasks\At1768.job moved successfully.
C:\WINDOWS\tasks\At1769.job moved successfully.
C:\WINDOWS\tasks\At177.job moved successfully.
C:\WINDOWS\tasks\At1770.job moved successfully.
C:\WINDOWS\tasks\At1771.job moved successfully.
C:\WINDOWS\tasks\At1772.job moved successfully.
C:\WINDOWS\tasks\At1773.job moved successfully.
C:\WINDOWS\tasks\At1774.job moved successfully.
C:\WINDOWS\tasks\At1775.job moved successfully.
C:\WINDOWS\tasks\At1776.job moved successfully.
C:\WINDOWS\tasks\At1777.job moved successfully.
C:\WINDOWS\tasks\At1778.job moved successfully.
C:\WINDOWS\tasks\At1779.job moved successfully.
C:\WINDOWS\tasks\At178.job moved successfully.
C:\WINDOWS\tasks\At1780.job moved successfully.
C:\WINDOWS\tasks\At1781.job moved successfully.
C:\WINDOWS\tasks\At1782.job moved successfully.
C:\WINDOWS\tasks\At1783.job moved successfully.
C:\WINDOWS\tasks\At1784.job moved successfully.
C:\WINDOWS\tasks\At1785.job moved successfully.
C:\WINDOWS\tasks\At1786.job moved successfully.
C:\WINDOWS\tasks\At1787.job moved successfully.
C:\WINDOWS\tasks\At1788.job moved successfully.
C:\WINDOWS\tasks\At1789.job moved successfully.
C:\WINDOWS\tasks\At179.job moved successfully.
C:\WINDOWS\tasks\At1790.job moved successfully.
C:\WINDOWS\tasks\At1791.job moved successfully.
C:\WINDOWS\tasks\At1792.job moved successfully.
C:\WINDOWS\tasks\At1793.job moved successfully.
C:\WINDOWS\tasks\At1794.job moved successfully.
C:\WINDOWS\tasks\At1795.job moved successfully.
C:\WINDOWS\tasks\At1796.job moved successfully.
C:\WINDOWS\tasks\At1797.job moved successfully.
C:\WINDOWS\tasks\At1798.job moved successfully.
C:\WINDOWS\tasks\At1799.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At180.job moved successfully.
C:\WINDOWS\tasks\At1800.job moved successfully.
C:\WINDOWS\tasks\At1801.job moved successfully.
C:\WINDOWS\tasks\At1802.job moved successfully.
C:\WINDOWS\tasks\At1803.job moved successfully.
C:\WINDOWS\tasks\At1804.job moved successfully.
C:\WINDOWS\tasks\At1805.job moved successfully.
C:\WINDOWS\tasks\At1806.job moved successfully.
C:\WINDOWS\tasks\At1807.job moved successfully.
C:\WINDOWS\tasks\At1808.job moved successfully.
C:\WINDOWS\tasks\At1809.job moved successfully.
C:\WINDOWS\tasks\At181.job moved successfully.
C:\WINDOWS\tasks\At1810.job moved successfully.
C:\WINDOWS\tasks\At1811.job moved successfully.
C:\WINDOWS\tasks\At1812.job moved successfully.
C:\WINDOWS\tasks\At1813.job moved successfully.
C:\WINDOWS\tasks\At1814.job moved successfully.
C:\WINDOWS\tasks\At1815.job moved successfully.
C:\WINDOWS\tasks\At1816.job moved successfully.
C:\WINDOWS\tasks\At1817.job moved successfully.
C:\WINDOWS\tasks\At1818.job moved successfully.
C:\WINDOWS\tasks\At1819.job moved successfully.
C:\WINDOWS\tasks\At182.job moved successfully.
C:\WINDOWS\tasks\At1820.job moved successfully.
C:\WINDOWS\tasks\At1821.job moved successfully.
C:\WINDOWS\tasks\At1822.job moved successfully.
C:\WINDOWS\tasks\At1823.job moved successfully.
C:\WINDOWS\tasks\At1824.job moved successfully.
C:\WINDOWS\tasks\At1825.job moved successfully.
C:\WINDOWS\tasks\At1826.job moved successfully.
C:\WINDOWS\tasks\At1827.job moved successfully.
C:\WINDOWS\tasks\At1828.job moved successfully.
C:\WINDOWS\tasks\At1829.job moved successfully.
C:\WINDOWS\tasks\At183.job moved successfully.
C:\WINDOWS\tasks\At1830.job moved successfully.
C:\WINDOWS\tasks\At1831.job moved successfully.
C:\WINDOWS\tasks\At1832.job moved successfully.
C:\WINDOWS\tasks\At1833.job moved successfully.
C:\WINDOWS\tasks\At1834.job moved successfully.
C:\WINDOWS\tasks\At1835.job moved successfully.
C:\WINDOWS\tasks\At1836.job moved successfully.
C:\WINDOWS\tasks\At1837.job moved successfully.
C:\WINDOWS\tasks\At1838.job moved successfully.
C:\WINDOWS\tasks\At1839.job moved successfully.
C:\WINDOWS\tasks\At184.job moved successfully.
C:\WINDOWS\tasks\At1840.job moved successfully.
C:\WINDOWS\tasks\At1841.job moved successfully.
C:\WINDOWS\tasks\At1842.job moved successfully.
C:\WINDOWS\tasks\At1843.job moved successfully.
C:\WINDOWS\tasks\At1844.job moved successfully.
C:\WINDOWS\tasks\At1845.job moved successfully.
C:\WINDOWS\tasks\At1846.job moved successfully.
C:\WINDOWS\tasks\At1847.job moved successfully.
C:\WINDOWS\tasks\At1848.job moved successfully.
C:\WINDOWS\tasks\At1849.job moved successfully.
C:\WINDOWS\tasks\At185.job moved successfully.
C:\WINDOWS\tasks\At1850.job moved successfully.
C:\WINDOWS\tasks\At1851.job moved successfully.
C:\WINDOWS\tasks\At1852.job moved successfully.
C:\WINDOWS\tasks\At1853.job moved successfully.
C:\WINDOWS\tasks\At1854.job moved successfully.
C:\WINDOWS\tasks\At1855.job moved successfully.
C:\WINDOWS\tasks\At1856.job moved successfully.
C:\WINDOWS\tasks\At1857.job moved successfully.
C:\WINDOWS\tasks\At1858.job moved successfully.
C:\WINDOWS\tasks\At1859.job moved successfully.
C:\WINDOWS\tasks\At186.job moved successfully.
C:\WINDOWS\tasks\At1860.job moved successfully.
C:\WINDOWS\tasks\At1861.job moved successfully.
C:\WINDOWS\tasks\At1862.job moved successfully.
C:\WINDOWS\tasks\At1863.job moved successfully.
C:\WINDOWS\tasks\At1864.job moved successfully.
C:\WINDOWS\tasks\At1865.job moved successfully.
C:\WINDOWS\tasks\At1866.job moved successfully.
C:\WINDOWS\tasks\At1867.job moved successfully.
C:\WINDOWS\tasks\At1868.job moved successfully.
C:\WINDOWS\tasks\At1869.job moved successfully.
C:\WINDOWS\tasks\At187.job moved successfully.
C:\WINDOWS\tasks\At1870.job moved successfully.
C:\WINDOWS\tasks\At1871.job moved successfully.
C:\WINDOWS\tasks\At1872.job moved successfully.
C:\WINDOWS\tasks\At188.job moved successfully.
C:\WINDOWS\tasks\At189.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At190.job moved successfully.
C:\WINDOWS\tasks\At191.job moved successfully.
C:\WINDOWS\tasks\At192.job moved successfully.
C:\WINDOWS\tasks\At193.job moved successfully.
C:\WINDOWS\tasks\At194.job moved successfully.
C:\WINDOWS\tasks\At195.job moved successfully.
C:\WINDOWS\tasks\At196.job moved successfully.
C:\WINDOWS\tasks\At197.job moved successfully.
C:\WINDOWS\tasks\At198.job moved successfully.
C:\WINDOWS\tasks\At199.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At200.job moved successfully.
C:\WINDOWS\tasks\At201.job moved successfully.
C:\WINDOWS\tasks\At202.job moved successfully.
C:\WINDOWS\tasks\At203.job moved successfully.
C:\WINDOWS\tasks\At204.job moved successfully.
C:\WINDOWS\tasks\At205.job moved successfully.
C:\WINDOWS\tasks\At206.job moved successfully.
C:\WINDOWS\tasks\At207.job moved successfully.
C:\WINDOWS\tasks\At208.job moved successfully.
C:\WINDOWS\tasks\At209.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At210.job moved successfully.
C:\WINDOWS\tasks\At211.job moved successfully.
C:\WINDOWS\tasks\At212.job moved successfully.
C:\WINDOWS\tasks\At213.job moved successfully.
C:\WINDOWS\tasks\At214.job moved successfully.
C:\WINDOWS\tasks\At215.job moved successfully.
C:\WINDOWS\tasks\At216.job moved successfully.
C:\WINDOWS\tasks\At217.job moved successfully.
C:\WINDOWS\tasks\At218.job moved successfully.
C:\WINDOWS\tasks\At219.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At220.job moved successfully.
C:\WINDOWS\tasks\At221.job moved successfully.
C:\WINDOWS\tasks\At222.job moved successfully.
C:\WINDOWS\tasks\At223.job moved successfully.
C:\WINDOWS\tasks\At224.job moved successfully.
C:\WINDOWS\tasks\At225.job moved successfully.
C:\WINDOWS\tasks\At226.job moved successfully.
C:\WINDOWS\tasks\At227.job moved successfully.
C:\WINDOWS\tasks\At228.job moved successfully.
C:\WINDOWS\tasks\At229.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At230.job moved successfully.
C:\WINDOWS\tasks\At231.job moved successfully.
C:\WINDOWS\tasks\At232.job moved successfully.
C:\WINDOWS\tasks\At233.job moved successfully.
C:\WINDOWS\tasks\At234.job moved successfully.
C:\WINDOWS\tasks\At235.job moved successfully.
C:\WINDOWS\tasks\At236.job moved successfully.
C:\WINDOWS\tasks\At237.job moved successfully.
C:\WINDOWS\tasks\At238.job moved successfully.
C:\WINDOWS\tasks\At239.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At240.job moved successfully.
C:\WINDOWS\tasks\At241.job moved successfully.
C:\WINDOWS\tasks\At242.job moved successfully.
C:\WINDOWS\tasks\At243.job moved successfully.
C:\WINDOWS\tasks\At244.job moved successfully.
C:\WINDOWS\tasks\At245.job moved successfully.
C:\WINDOWS\tasks\At246.job moved successfully.
C:\WINDOWS\tasks\At247.job moved successfully.
C:\WINDOWS\tasks\At248.job moved successfully.
C:\WINDOWS\tasks\At249.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At250.job moved successfully.
C:\WINDOWS\tasks\At251.job moved successfully.
C:\WINDOWS\tasks\At252.job moved successfully.
C:\WINDOWS\tasks\At253.job moved successfully.
C:\WINDOWS\tasks\At254.job moved successfully.
C:\WINDOWS\tasks\At255.job moved successfully.
C:\WINDOWS\tasks\At256.job moved successfully.
C:\WINDOWS\tasks\At257.job moved successfully.
C:\WINDOWS\tasks\At258.job moved successfully.
C:\WINDOWS\tasks\At259.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At260.job moved successfully.
C:\WINDOWS\tasks\At261.job moved successfully.
C:\WINDOWS\tasks\At262.job moved successfully.
C:\WINDOWS\tasks\At263.job moved successfully.
C:\WINDOWS\tasks\At264.job moved successfully.
C:\WINDOWS\tasks\At265.job moved successfully.
C:\WINDOWS\tasks\At266.job moved successfully.
C:\WINDOWS\tasks\At267.job moved successfully.
C:\WINDOWS\tasks\At268.job moved successfully.
C:\WINDOWS\tasks\At269.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At270.job moved successfully.
C:\WINDOWS\tasks\At271.job moved successfully.
C:\WINDOWS\tasks\At272.job moved successfully.
C:\WINDOWS\tasks\At273.job moved successfully.
C:\WINDOWS\tasks\At274.job moved successfully.
C:\WINDOWS\tasks\At275.job moved successfully.
C:\WINDOWS\tasks\At276.job moved successfully.
C:\WINDOWS\tasks\At277.job moved successfully.
C:\WINDOWS\tasks\At278.job moved successfully.
C:\WINDOWS\tasks\At279.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At280.job moved successfully.
C:\WINDOWS\tasks\At281.job moved successfully.
C:\WINDOWS\tasks\At282.job moved successfully.
C:\WINDOWS\tasks\At283.job moved successfully.
C:\WINDOWS\tasks\At284.job moved successfully.
C:\WINDOWS\tasks\At285.job moved successfully.
C:\WINDOWS\tasks\At286.job moved successfully.
C:\WINDOWS\tasks\At287.job moved successfully.
C:\WINDOWS\tasks\At288.job moved successfully.
C:\WINDOWS\tasks\At289.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At290.job moved successfully.
C:\WINDOWS\tasks\At291.job moved successfully.
C:\WINDOWS\tasks\At292.job moved successfully.
C:\WINDOWS\tasks\At293.job moved successfully.
C:\WINDOWS\tasks\At294.job moved successfully.
C:\WINDOWS\tasks\At295.job moved successfully.
C:\WINDOWS\tasks\At296.job moved successfully.
C:\WINDOWS\tasks\At297.job moved successfully.
C:\WINDOWS\tasks\At298.job moved successfully.
C:\WINDOWS\tasks\At299.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At300.job moved successfully.
C:\WINDOWS\tasks\At301.job moved successfully.
C:\WINDOWS\tasks\At302.job moved successfully.
C:\WINDOWS\tasks\At303.job moved successfully.
C:\WINDOWS\tasks\At304.job moved successfully.
C:\WINDOWS\tasks\At305.job moved successfully.
C:\WINDOWS\tasks\At306.job moved successfully.
C:\WINDOWS\tasks\At307.job moved successfully.
C:\WINDOWS\tasks\At308.job moved successfully.
C:\WINDOWS\tasks\At309.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At310.job moved successfully.
C:\WINDOWS\tasks\At311.job moved successfully.
C:\WINDOWS\tasks\At312.job moved successfully.
C:\WINDOWS\tasks\At313.job moved successfully.
C:\WINDOWS\tasks\At314.job moved successfully.
C:\WINDOWS\tasks\At315.job moved successfully.
C:\WINDOWS\tasks\At316.job moved successfully.
C:\WINDOWS\tasks\At317.job moved successfully.
C:\WINDOWS\tasks\At318.job moved successfully.
C:\WINDOWS\tasks\At319.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At320.job moved successfully.
C:\WINDOWS\tasks\At321.job moved successfully.
C:\WINDOWS\tasks\At322.job moved successfully.
C:\WINDOWS\tasks\At323.job moved successfully.
C:\WINDOWS\tasks\At324.job moved successfully.
C:\WINDOWS\tasks\At325.job moved successfully.
C:\WINDOWS\tasks\At326.job moved successfully.
C:\WINDOWS\tasks\At327.job moved successfully.
C:\WINDOWS\tasks\At328.job moved successfully.
C:\WINDOWS\tasks\At329.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At330.job moved successfully.
C:\WINDOWS\tasks\At331.job moved successfully.
C:\WINDOWS\tasks\At332.job moved successfully.
C:\WINDOWS\tasks\At333.job moved successfully.
C:\WINDOWS\tasks\At334.job moved successfully.
C:\WINDOWS\tasks\At335.job moved successfully.
C:\WINDOWS\tasks\At336.job moved successfully.
C:\WINDOWS\tasks\At337.job moved successfully.
C:\WINDOWS\tasks\At338.job moved successfully.
C:\WINDOWS\tasks\At339.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At340.job moved successfully.
C:\WINDOWS\tasks\At341.job moved successfully.
C:\WINDOWS\tasks\At342.job moved successfully.
C:\WINDOWS\tasks\At343.job moved successfully.
C:\WINDOWS\tasks\At344.job moved successfully.
C:\WINDOWS\tasks\At345.job moved successfully.
C:\WINDOWS\tasks\At346.job moved successfully.
C:\WINDOWS\tasks\At347.job moved successfully.
C:\WINDOWS\tasks\At348.job moved successfully.
C:\WINDOWS\tasks\At349.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At350.job moved successfully.
C:\WINDOWS\tasks\At351.job moved successfully.
C:\WINDOWS\tasks\At352.job moved successfully.
C:\WINDOWS\tasks\At353.job moved successfully.
C:\WINDOWS\tasks\At354.job moved successfully.
C:\WINDOWS\tasks\At355.job moved successfully.
C:\WINDOWS\tasks\At356.job moved successfully.
C:\WINDOWS\tasks\At357.job moved successfully.
C:\WINDOWS\tasks\At358.job moved successfully.
C:\WINDOWS\tasks\At359.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At360.job moved successfully.
C:\WINDOWS\tasks\At361.job moved successfully.
C:\WINDOWS\tasks\At362.job moved successfully.
C:\WINDOWS\tasks\At363.job moved successfully.
C:\WINDOWS\tasks\At364.job moved successfully.
C:\WINDOWS\tasks\At365.job moved successfully.
C:\WINDOWS\tasks\At366.job moved successfully.
C:\WINDOWS\tasks\At367.job moved successfully.
C:\WINDOWS\tasks\At368.job moved successfully.
C:\WINDOWS\tasks\At369.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At370.job moved successfully.
C:\WINDOWS\tasks\At371.job moved successfully.
C:\WINDOWS\tasks\At372.job moved successfully.
C:\WINDOWS\tasks\At373.job moved successfully.
C:\WINDOWS\tasks\At374.job moved successfully.
C:\WINDOWS\tasks\At375.job moved successfully.
C:\WINDOWS\tasks\At376.job moved successfully.
C:\WINDOWS\tasks\At377.job moved successfully.
C:\WINDOWS\tasks\At378.job moved successfully.
C:\WINDOWS\tasks\At379.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At380.job moved successfully.
C:\WINDOWS\tasks\At381.job moved successfully.
C:\WINDOWS\tasks\At382.job moved successfully.
C:\WINDOWS\tasks\At383.job moved successfully.
C:\WINDOWS\tasks\At384.job moved successfully.
C:\WINDOWS\tasks\At385.job moved successfully.
C:\WINDOWS\tasks\At386.job moved successfully.
C:\WINDOWS\tasks\At387.job moved successfully.
C:\WINDOWS\tasks\At388.job moved successfully.
C:\WINDOWS\tasks\At389.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At390.job moved successfully.
C:\WINDOWS\tasks\At391.job moved successfully.
C:\WINDOWS\tas

| Alerter

Répondre à xixi31800

OmaR

16 Août 2010 12:26:06

Bonjour,

1)

Télécharge Ad-Remover (C_XX) sur ton Bureau.
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
Double-cliquez sur AD-R présent sur ton bureau. (Clic droit -> "Exécuter en tant qu'administrateur" pour VISTA)
Patiente jusqu'à l'apparition du menu principale. A partir de là, clique sur Scanner. Ont te demandera de confirmer, clique sur Oui et patiente jusqu'à la fin du scan.
!! Laisse Travailler l'outil !!
Une fenêtre contenant le rapport va s'ouvrir, poste moi le rapport dans ta prochaine réponse.
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
Ensuite clique sur Quitter pour fermer Ad-Remover.

Note : Le rapport que Ad-Remover viens de générer se trouve ici : C:\Ad-Report-SCAN

2)

Télécharge UsbFix (de El desaparecido & C_XX) sur ton bureau.
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées, sans les ouvrir

Double-clique sur "USBFix.exe" pour lancer l'outil.

Au menu choisis principal, clique sur Recherche.

Puis laisse travailler l'outil ...

Une fois terminé, poste le rapport USBFix.txt qui est généré ...

Note : le rapport est sauvegardé à la racine du disque. (C:\USBFix.txt)

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

| Alerter

Répondre à OmaR

xixi31800

17 Août 2010 11:23:50

############################## | UsbFix 7.020 | [Recherche]

Utilisateur: Raymond (Administrateur) # TOULOUSE-5FEBB6 [ ]
Mis à jour le 12/08/10 par El Desaparecido / C_XX
Lancé à 13:02:33 | 17/08/2010
Site Web: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: AMD Athlon(tm) 64 Processor 4000+
Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 6.0.2900.2180

Antivirus: avast! antivirus 4.8.1229 [VPS 081231-1] 4.8.1229 [Enabled | (!) Outdated]
RAM -> 1022 Mo
C:\ (%systemdrive%) -> Disque fixe # 49 Go (7 Go libre(s) - 13%) [] # NTFS
D:\ -> Disque fixe # 100 Go (25 Go libre(s) - 25%) [Sauvegardes] # NTFS
I:\ -> CD-ROM

################## | Éléments infectieux |

======= RAPPORT D'AD-REMOVER 2.0.0.1,D | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par C_XX le 26/07/10 à 12:00
Contact: AdRemover.contact[AT]gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 12:54:04 le 17/08/2010, Mode normal

Microsoft Windows XP Professionnel Service Pack 2 (X86)
Raymond@TOULOUSE-5FEBB6 ( )

============== RECHERCHE ==============

0,Dossier trouvé: C:\Documents and Settings\Raymond\Application Data\Search Settings
0,Dossier trouvé: C:\WINDOWS\$NtUninstallMTF1011$
3,Fichier trouvé: C:\WINDOWS\Installer\5fb8ee.msi

1,Clé trouvée: HKLM\Software\Classes\CLSID\{91805898-B638-43EB-9ADB-C7925BBB95F6}
1,Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{91805898-B638-43EB-9ADB-C7925BBB95F6}
1,Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91805898-B638-43EB-9ADB-C7925BBB95F6}
1,Clé trouvée: HKLM\Software\Classes\CLSID\{EF2DCAD4-43C5-4488-A7CD-6274814BE5E0}
1,Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF2DCAD4-43C5-4488-A7CD-6274814BE5E0}
1,Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF2DCAD4-43C5-4488-A7CD-6274814BE5E0}
0,Clé trouvée: HKLM\Software\Classes\adgj.agHlp
0,Clé trouvée: HKLM\Software\Classes\adgj.agHlp.1
0,Clé trouvée: HKLM\Software\Classes\adShotHlpr.adShotHlpr
0,Clé trouvée: HKLM\Software\Classes\adShotHlpr.adShotHlpr.1.0
0,Clé trouvée: HKLM\Software\Search Settings
0,Clé trouvée: HKLM\Software\Sky-Banners
0,Clé trouvée: HKLM\Software\Street-Ads
0,Clé trouvée: HKCU\Software\EoRezo
0,Clé trouvée: HKCU\Software\Search Settings
0,Clé trouvée: HKCU\Software\Sky-Banners
0,Clé trouvée: HKCU\Software\Street-Ads
0,Clé trouvée: HKU\.DEFAULT\Software\Sky-Banners
0,Clé trouvée: HKU\.DEFAULT\Software\Street-Ads
0,Clé trouvée: HKU\S-1-5-18\Software\Sky-Banners
0,Clé trouvée: HKU\S-1-5-18\Software\Street-Ads
0,Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
0,Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
0,Clé trouvée: HKLM\Software\Classes\AppID\{38061EDC-40BB-4618-A8DA-E56353347E6D}
0,Clé trouvée: HKLM\Software\Classes\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B}
0,Clé trouvée: HKLM\Software\Classes\AppID\{7B6A2552-E65B-4A9E-ADD4-C45577FFD8FD}

============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.6.8 (fr)] **

-- C:\Documents and Settings\Raymond\Application Data\Mozilla\FireFox\Profiles\2xggzj84.default\Prefs.js --
browser.search.selectedEngine, Google (Language: FR)
browser.startup.homepage, hxxp://www.sfr.fr/
browser.startup.homepage_override.mstone, rv:1.9.2.8
privacy.popups.showBrowserMessage, false

========================================

** Internet Explorer Version [6.0.2900.2180] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://fr.msn.com/
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://www.google.com
Show_ToolBar: yes
Start Page: hxxp://www.sfr.fr/
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://www.google.com/ie
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 17/08/2010 (2412 Octet(s))

Fin à: 12:56:43, 17/08/2010

============== E.O.F ==============

################## | Registre |

Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{5f7a8793-2885-11df-8243-0019dbab8d94}
Shell\AutoRun\Command = EmDesk.exe
Shell\EmDesk\Command = EmDesk.exe

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F |

| Alerter

Répondre à xixi31800

OmaR

17 Août 2010 12:48:59

Bonjour,

Tu m'as copié le rapport Ad-Remover au milieu de celui d'UsbFix, mais c'est pas grave

1)

/!\ Déconnecte toi et ferme toutes applications en cours /!\
Relance AD-R à partir de ton bureau. (Clic droit -> "Exécuter en tant qu'administrateur" pour VISTA)
Patiente jusqu'à l'apparition du menu principale. A partir de là, clique sur Nettoyer. On te demandera de confirmer, clique sur Oui et patiente jusqu'à la fin du scan.
!! Laisse Travailler l'outil !!
A la fin du scan on te propose de redémarrer, accepte en cliquant sur oui. Ton PC va redémarrer.
Une fois ton PC rallumé, rend toi ici : C:\ et ouvre le fichier nommé Ad-Report-CLEAN.
Poste moi dans ta prochaine réponse le contenu de Ad-Report-CLEAN.
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

2)
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées, sans les ouvrir

Double clic sur le raccourci UsbFix présent sur ton bureau.

Au menu principal clique sur Suppression.

Il est possible que ton bureau disparaisse et que le pc redémarre.

Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

Ensuite postes le rapport UsbFix.txt qui apparaitra avec le bureau .

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

| Alerter

Répondre à OmaR

xixi31800

17 Août 2010 16:19:33

Bonjour désole pour la petite erreur et de mon impolitesse :sweat:

voila ci dessous les rapports :

======= RAPPORT D'AD-REMOVER 2.0.0.1,D | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par C_XX le 26/07/10 à 12:00
Contact: AdRemover.contact[AT]gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 17:52:59 le 17/08/2010, Mode normal

Microsoft Windows XP Professionnel Service Pack 2 (X86)
Raymond@TOULOUSE-5FEBB6 ( )

============== ACTION(S) ==============

0,Dossier supprimé: C:\Documents and Settings\Raymond\Application Data\Search Settings
0,Dossier supprimé: C:\WINDOWS\$NtUninstallMTF1011$
3,Fichier supprimé: C:\WINDOWS\Installer\5fb8ee.msi

(!) -- Fichiers temporaires supprimés.

1,Clé supprimée: HKLM\Software\Classes\CLSID\{91805898-B638-43EB-9ADB-C7925BBB95F6}
1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{91805898-B638-43EB-9ADB-C7925BBB95F6}
1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91805898-B638-43EB-9ADB-C7925BBB95F6}
1,Clé supprimée: HKLM\Software\Classes\CLSID\{EF2DCAD4-43C5-4488-A7CD-6274814BE5E0}
1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF2DCAD4-43C5-4488-A7CD-6274814BE5E0}
1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF2DCAD4-43C5-4488-A7CD-6274814BE5E0}
0,Clé supprimée: HKLM\Software\Classes\adgj.agHlp
0,Clé supprimée: HKLM\Software\Classes\adgj.agHlp.1
0,Clé supprimée: HKLM\Software\Classes\adShotHlpr.adShotHlpr
0,Clé supprimée: HKLM\Software\Classes\adShotHlpr.adShotHlpr.1.0
0,Clé supprimée: HKLM\Software\Search Settings
0,Clé supprimée: HKLM\Software\Sky-Banners
0,Clé supprimée: HKLM\Software\Street-Ads
0,Clé supprimée: HKCU\Software\EoRezo
0,Clé supprimée: HKCU\Software\Search Settings
0,Clé supprimée: HKCU\Software\Sky-Banners
0,Clé supprimée: HKCU\Software\Street-Ads
0,Clé supprimée: HKU\.DEFAULT\Software\Sky-Banners
0,Clé supprimée: HKU\.DEFAULT\Software\Street-Ads
0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
0,Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
0,Clé supprimée: HKLM\Software\Classes\AppID\{38061EDC-40BB-4618-A8DA-E56353347E6D}
0,Clé supprimée: HKLM\Software\Classes\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B}
0,Clé supprimée: HKLM\Software\Classes\AppID\{7B6A2552-E65B-4A9E-ADD4-C45577FFD8FD}

============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.6.8 (fr)] **

-- C:\Documents and Settings\Raymond\Application Data\Mozilla\FireFox\Profiles\2xggzj84.default\Prefs.js --
browser.search.selectedEngine, Google (Language: FR)
browser.startup.homepage, hxxp://www.sfr.fr/
browser.startup.homepage_override.mstone, rv:1.9.2.8
privacy.popups.showBrowserMessage, false

========================================

** Internet Explorer Version [6.0.2900.2180] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 7 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 17/08/2010 (2412 Octet(s))
C:\Ad-Report-SCAN[1].txt - 17/08/2010 (3992 Octet(s))
C:\Ad-Report-SCAN[2].txt - 17/08/2010 (4048 Octet(s))

Fin à: 17:55:45, 17/08/2010

============== E.O.F ==============
############################## | UsbFix 7.020 | [Suppression]

Utilisateur: Raymond (Administrateur) # TOULOUSE-5FEBB6 [ ]
Mis à jour le 12/08/10 par El Desaparecido / C_XX
Lancé à 18:03:25 | 17/08/2010
Site Web: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: AMD Athlon(tm) 64 Processor 4000+
Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 6.0.2900.2180

Antivirus: avast! antivirus 4.8.1229 [VPS 081231-1] 4.8.1229 [Enabled | (!) Outdated]
RAM -> 1022 Mo
C:\ (%systemdrive%) -> Disque fixe # 49 Go (7 Go libre(s) - 13%) [] # NTFS
D:\ -> Disque fixe # 100 Go (26 Go libre(s) - 26%) [Sauvegardes] # NTFS
I:\ -> CD-ROM

################## | Éléments infectieux |

################## | Registre |

Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |

################## | Listing |

[06/06/2010 - 14:58:05 | D ] C:\accuse reception impot 2009
[17/08/2010 - 17:55:45 | A | 4316] C:\Ad-Report-CLEAN[1].txt
[17/08/2010 - 13:01:00 | A | 3992] C:\Ad-Report-SCAN[1].txt
[17/08/2010 - 13:22:44 | A | 4048] C:\Ad-Report-SCAN[2].txt
[17/10/2007 - 18:55:00 | A | 0] C:\AUTOEXEC.BAT
[26/02/2010 - 16:26:49 | RASH | 294] C:\boot.ini
[28/08/2001 - 12:00:00 | RASH | 4952] C:\Bootfont.bin
[30/04/2010 - 22:22:19 | D ] C:\chaine hi-fi
[26/02/2010 - 16:26:48 | RASHD ] C:\cmdcons
[04/08/2004 - 00:00:08 | A | 263488] C:\cmldr
[03/08/2010 - 00:26:35 | D ] C:\Config.Msi
[17/10/2007 - 18:55:00 | A | 0] C:\CONFIG.SYS
[26/04/2010 - 18:07:04 | D ] C:\declaration entreprise
[09/03/2010 - 21:32:22 | D ] C:\DEPANNAGE
[25/04/2010 - 09:53:54 | D ] C:\diams
[26/02/2010 - 12:35:17 | D ] C:\Documents and Settings
[13/05/2010 - 09:47:17 | A | 26624] C:\FACTURE AUBERDIAC.XLS
[14/03/2010 - 18:20:58 | D ] C:\factures
[30/04/2010 - 20:57:15 | D ] C:\ff
[17/08/2010 - 17:59:52 | ASH | 1072222208] C:\hiberfil.sys
[17/10/2007 - 20:14:31 | D ] C:\HP
[17/10/2007 - 18:55:00 | RASH | 0] C:\IO.SYS
[16/06/2010 - 18:12:00 | D ] C:\LimeWire
[13/05/2010 - 09:35:50 | A | 27136] C:\modele-facture-auto-entrepreneur.xls
[17/10/2007 - 18:55:00 | RASH | 0] C:\MSDOS.SYS
[18/10/2007 - 14:09:27 | RD ] C:\MSOCache
[03/08/2004 - 22:38:34 | RASH | 47564] C:\NTDETECT.COM
[03/08/2004 - 22:59:44 | RASH | 251712] C:\ntldr
[18/10/2007 - 14:27:43 | D ] C:\Olifax
[04/03/2008 - 19:10:38 | D ] C:\OLIFAXVX
[17/08/2010 - 17:59:49 | ASH | 1610612736] C:\pagefile.sys
[14/03/2010 - 18:24:11 | D ] C:\PP
[17/08/2010 - 12:54:02 | RD ] C:\Program Files
[17/08/2010 - 18:06:17 | SHD ] C:\RECYCLER
[04/04/2008 - 17:38:51 | D ] C:\shareaza
[27/06/2008 - 21:49:05 | AH | 268] C:\sqmdata00.sqm
[11/03/2009 - 19:13:56 | AH | 268] C:\sqmdata01.sqm
[13/03/2009 - 19:36:21 | AH | 232] C:\sqmdata02.sqm
[13/03/2009 - 19:39:39 | AH | 232] C:\sqmdata03.sqm
[13/03/2009 - 19:43:05 | AH | 232] C:\sqmdata04.sqm
[11/04/2009 - 14:02:26 | AH | 268] C:\sqmdata05.sqm
[25/04/2009 - 15:36:06 | AH | 268] C:\sqmdata06.sqm
[23/05/2009 - 22:55:14 | AH | 268] C:\sqmdata07.sqm
[13/05/2008 - 22:00:55 | AH | 268] C:\sqmdata08.sqm
[14/05/2008 - 20:33:50 | AH | 268] C:\sqmdata09.sqm
[14/05/2008 - 22:05:48 | AH | 268] C:\sqmdata10.sqm
[15/05/2008 - 12:58:51 | AH | 268] C:\sqmdata11.sqm
[15/05/2008 - 16:07:33 | AH | 268] C:\sqmdata12.sqm
[15/05/2008 - 17:12:58 | AH | 268] C:\sqmdata13.sqm
[29/05/2008 - 20:58:32 | AH | 268] C:\sqmdata14.sqm
[30/05/2008 - 12:38:23 | AH | 268] C:\sqmdata15.sqm
[30/05/2008 - 17:51:49 | AH | 268] C:\sqmdata16.sqm
[30/05/2008 - 19:06:49 | AH | 268] C:\sqmdata17.sqm
[30/05/2008 - 21:59:04 | AH | 268] C:\sqmdata18.sqm
[19/06/2008 - 18:47:48 | AH | 268] C:\sqmdata19.sqm
[27/06/2008 - 21:49:05 | AH | 244] C:\sqmnoopt00.sqm
[11/03/2009 - 19:13:56 | AH | 244] C:\sqmnoopt01.sqm
[13/03/2009 - 19:36:21 | AH | 244] C:\sqmnoopt02.sqm
[13/03/2009 - 19:39:39 | AH | 244] C:\sqmnoopt03.sqm
[13/03/2009 - 19:43:05 | AH | 244] C:\sqmnoopt04.sqm
[11/04/2009 - 14:02:26 | AH | 244] C:\sqmnoopt05.sqm
[25/04/2009 - 15:36:06 | AH | 244] C:\sqmnoopt06.sqm
[23/05/2009 - 22:55:14 | AH | 244] C:\sqmnoopt07.sqm
[13/05/2008 - 22:00:55 | AH | 244] C:\sqmnoopt08.sqm
[14/05/2008 - 20:33:50 | AH | 244] C:\sqmnoopt09.sqm
[14/05/2008 - 22:05:48 | AH | 244] C:\sqmnoopt10.sqm
[15/05/2008 - 12:58:51 | AH | 244] C:\sqmnoopt11.sqm
[15/05/2008 - 16:07:33 | AH | 244] C:\sqmnoopt12.sqm
[15/05/2008 - 17:12:57 | AH | 244] C:\sqmnoopt13.sqm
[29/05/2008 - 20:58:32 | AH | 244] C:\sqmnoopt14.sqm
[30/05/2008 - 12:38:22 | AH | 244] C:\sqmnoopt15.sqm
[30/05/2008 - 17:51:49 | AH | 244] C:\sqmnoopt16.sqm
[30/05/2008 - 19:06:49 | AH | 244] C:\sqmnoopt17.sqm
[30/05/2008 - 21:59:03 | AH | 244] C:\sqmnoopt18.sqm
[19/06/2008 - 18:47:48 | AH | 244] C:\sqmnoopt19.sqm
[30/07/2010 - 18:59:08 | SHD ] C:\System Volume Information
[20/01/2009 - 22:39:48 | D ] C:\temp
[28/10/2009 - 15:45:18 | D ] C:\tomtom
[17/10/2007 - 20:04:26 | D ] C:\totalcmd
[17/08/2010 - 18:06:17 | D ] C:\UsbFix
[17/08/2010 - 18:06:21 | A | 1071] C:\UsbFix.txt
[07/08/2008 - 20:53:52 | D ] C:\WESTWOOD
[17/08/2010 - 18:00:22 | D ] C:\WINDOWS
[06/07/2008 - 21:51:55 | D ] C:\winrar
[12/08/2010 - 20:10:49 | D ] C:\xavier
[04/03/2010 - 16:23:35 | A | 57] C:\xcrashdump.dat
[26/05/2008 - 15:42:14 | D ] C:\µtorrent
[28/03/2009 - 12:55:08 | D ] D:\camescope gravage
[28/03/2009 - 14:24:46 | D ] D:\Camescope Sony
[27/05/2009 - 18:41:14 | D ] D:\Chantal
[08/03/2010 - 18:23:14 | D ] D:\cv chantal et raymond
[28/10/2009 - 15:51:55 | D ] D:\Disque C Sauvegarde 28-10-09
[21/07/2010 - 18:34:42 | D ] D:\Documents and Settings
[15/08/2010 - 17:05:26 | D ] D:\essai money sauve
[28/10/2009 - 15:55:20 | D ] D:\formation
[02/01/2009 - 19:46:39 | D ] D:\hand
[03/03/2010 - 21:11:19 | D ] D:\Impot
[05/10/2009 - 17:48:12 | D ] D:\Impot handball
[22/10/2007 - 20:06:50 | D ] D:\imprimante F2180
[08/03/2008 - 19:20:25 | D ] D:\karting
[30/10/2007 - 13:34:57 | D ] D:\la poste
[26/04/2010 - 18:27:54 | D ] D:\labo
[28/10/2009 - 15:54:24 | D ] D:\laville
[11/08/2010 - 15:40:00 | RD ] D:\Mes documents
[19/04/2009 - 16:34:15 | D ] D:\Photos
[30/08/2008 - 13:28:28 | D ] D:\photos motocluteur
[25/05/2009 - 19:43:24 | D ] D:\photos remorque
[10/12/2007 - 21:38:08 | D ] D:\pneu
[05/12/2009 - 14:58:40 | D ] D:\raymond
[28/01/2008 - 13:59:29 | D ] D:\Record NOW
[17/08/2010 - 18:06:17 | SHD ] D:\RECYCLER
[19/04/2009 - 18:23:10 | D ] D:\router
[27/12/2007 - 19:31:50 | D ] D:\Sauves du 17-10-07
[30/07/2010 - 18:53:51 | SHD ] D:\System Volume Information
[10/01/2010 - 19:32:27 | D ] D:\tomtom
[28/10/2009 - 16:13:51 | D ] D:\tour
[31/07/2010 - 15:41:21 | D ] D:\xavier
[28/10/2009 - 12:46:16 | D ] D:\xavier essai musique
[11/03/2008 - 19:04:04 | D ] D:\xavier2
[16/08/2010 - 13:18:45 | D ] D:\_OTL

################## | Vaccin |

C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

################## | E.O.F |

| Alerter

Répondre à xixi31800

OmaR

17 Août 2010 18:31:18

Très bien.
Est-ce que tu peux refaire un log OTL ?

Et puis, comment se comporte ton PC à présent ?

| Alerter

Répondre à OmaR

xixi31800

17 Août 2010 19:17:37

j'ai toujours le même problème des fenêtres internet explorer qui s'ouvrent puis se referment... Sinon avant j'avais un message d'erreur avec un fichier "kvndll" (je crois qu'il s'appelait comme sa) qui été supprimé et bé ce message n'est plus !! Sinon j'ai toujours le probleme des pages internet explorer qui ouvre sur des pubs ou des fois rien (pages blanches "about blank")

OTL logfile created on: 17/08/2010 21:05:52 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = D:\Mes documents\Téléchargements
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 022,00 Mb Total Physical Memory | 500,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,82 Gb Total Space | 6,50 Gb Free Space | 13,31% Space Free | Partition Type: NTFS
Drive D: | 100,22 Gb Total Space | 26,03 Gb Free Space | 25,97% Space Free | Partition Type: NTFS
Drive E: | 7,24 Gb Total Space | 6,01 Gb Free Space | 83,07% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOULOUSE-5FEBB6
Current User Name: Raymond
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe ()
PRC - D:\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - D:\xavier\Ipod\Ipodd\iTunesHelper .exe (Apple Inc.)
PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr .exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\tomtom\TomTom HOME 2\HOMERunner .exe (TomTom)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe (Hewlett-Packard)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - D:\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (SetupNTGLM7X) -- I:\NTGLM7X.sys File not found
DRV - (NTACCESS) -- I:\NTACCESS.sys File not found
DRV - (GMSIPCI) -- I:\INSTALL\GMSIPCI.SYS File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (Daemon) -- C:\WINDOWS\System32\drivers\daemon.sys File not found
DRV - (catchme) -- C:\DOCUME~1\Raymond\LOCALS~1\Temp\catchme.sys File not found
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (xfilt) -- C:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (hcwPVRP2) Hauppauge WinTV-PVR PCI II (Encoder-16) -- C:\WINDOWS\system32\drivers\hcwPVRP2.sys (Hauppauge Computer Works, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google (Language: FR)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.sfr.fr/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/10 20:11:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 15:38:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/11 15:37:58 | 000,000,000 | ---D | M]

[2010/08/11 15:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Extensions
[2010/03/03 18:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/11 15:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\2xggzj84.default\extensions
[2010/08/12 13:47:17 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\2xggzj84.default\searchplugins\google-language-fr.xml
[2010/08/16 13:24:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/23 02:44:11 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/07/23 02:44:11 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/07/23 02:44:11 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/07/14 21:01:18 | 000,002,077 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml
[2010/07/23 02:44:11 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/07/23 02:44:11 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/02/26 17:58:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe ()
O4 - HKLM..\Run: [iTunesHelper] D:\xavier\Ipod\Ipodd\iTunesHelper.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [Kkevapoyowu] C:\WINDOWS\wcdsfv.DLL (CyberLink Corp.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\tomtom\TomTom HOME 2\HOMERunner.exe ()
O4 - Startup: C:\Documents and Settings\Raymond\Menu Démarrer\Programmes\Démarrage\LimeWire On Startup.lnk = C:\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Contro... (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c... (HP Download Manager)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/fichiers/hardwaredet... (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash... (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/17 18:55:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/17 18:06:21 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/08/17 18:06:21 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/09/30 21:42:50 | 000,000,130 | ---- | M] () - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/17 18:06:21 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2010/08/17 16:30:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Raymond\Recent
[2010/08/17 13:01:14 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010/08/17 12:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2010/08/11 15:40:00 | 000,000,000 | ---D | C] -- D:\Mes documents\Téléchargements
[2010/08/08 15:19:20 | 000,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
[2010/08/06 17:31:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\Settings
[2010/08/06 15:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Malwarebytes
[2010/08/05 09:45:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/08/05 09:45:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/08/03 01:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2010/08/03 00:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/03 00:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/03 00:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/03 00:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/01 14:46:16 | 000,000,000 | ---D | C] -- C:\xavier
[2010/08/01 14:30:04 | 000,000,000 | ---D | C] -- D:\Mes documents\Money sauvegarde
[2010/08/01 14:29:12 | 000,000,000 | ---D | C] -- D:\Mes documents\WORD et autres documents textes
[2010/08/01 14:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/08/01 14:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\HPAppData
[2010/07/30 18:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/30 18:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/30 18:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\AVS4YOU
[2010/07/30 18:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\AVSMedia
[2010/07/30 18:18:26 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2010/07/30 18:18:26 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2010/07/30 18:18:25 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010/07/30 18:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/07/30 18:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/07/29 01:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Local Settings\Application Data\WinAVI
[2010/07/28 12:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\Apowersoft
[2010/07/25 18:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\vlc
[2010/07/25 18:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/07/21 18:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/21 18:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\$NtUninstallWTF1012$
[2006/08/11 14:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2016.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2015.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2014.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2013.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2012.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2011.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2010.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2009.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2008.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2007.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2006.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2005.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2004.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2003.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2002.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2001.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2000.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1999.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1998.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1997.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1996.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1995.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1994.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1993.job
[2010/08/17 21:03:52 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat
[2010/08/17 21:03:51 | 000,072,706 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe
[2010/08/17 21:00:11 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/17 21:00:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/17 21:00:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/17 21:00:01 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/17 19:17:13 | 009,961,472 | -H-- | M] () -- C:\Documents and Settings\Raymond\NTUSER.DAT
[2010/08/17 19:17:13 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Raymond\ntuser.ini
[2010/08/17 19:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1988.job
[2010/08/17 19:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1964.job
[2010/08/17 19:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1940.job
[2010/08/17 19:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1916.job
[2010/08/17 19:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1892.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1992.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1991.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1990.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1989.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1987.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1986.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1985.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1984.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1983.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1982.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1981.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1980.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1979.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1978.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1977.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1976.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1975.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1974.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1973.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1972.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1971.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1970.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1969.job
[2010/08/17 18:00:04 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1963.job
[2010/08/17 18:00:04 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1939.job
[2010/08/17 18:00:04 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1915.job
[2010/08/17 18:00:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1891.job
[2010/08/17 17:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1962.job
[2010/08/17 17:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1938.job
[2010/08/17 17:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1914.job
[2010/08/17 17:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1890.job
[2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1968.job
[2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1967.job
[2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1966.job
[2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1965.job
[2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1961.job
[2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1960.job
[2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1959.job
[2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1958.job
[2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1957.job
[2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1956.job
[2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1955.job
[2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1954.job
[2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1953.job
[2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1952.job
[2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1951.job
[2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1950.job
[2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1949.job
[2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1948.job
[2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1947.job
[2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1946.job
[2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1945.job
[2010/08/17 16:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1937.job
[2010/08/17 16:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1913.job
[2010/08/17 16:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1889.job
[2010/08/17 15:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1936.job
[2010/08/17 15:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1912.job
[2010/08/17 15:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1888.job
[2010/08/17 14:53:35 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Raymond\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1944.job
[2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1943.job
[2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1942.job
[2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1941.job
[2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1935.job
[2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1934.job
[2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1933.job
[2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1932.job
[2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1931.job
[2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1930.job
[2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1929.job
[2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1928.job
[2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1927.job
[2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1926.job
[2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1925.job
[2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1924.job
[2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1923.job
[2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1922.job
[2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1921.job
[2010/08/17 14:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At879.job
[2010/08/17 14:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1911.job
[2010/08/17 14:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1887.job
[2010/08/17 13:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1910.job
[2010/08/17 13:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1886.job
[2010/08/17 13:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1454.job
[2010/08/17 12:54:02 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Raymond\Bureau\AD-R.lnk
[2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1920.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1919.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1918.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1917.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1909.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1908.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1907.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1906.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1905.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1904.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1903.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1902.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1901.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1900.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1899.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1898.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1897.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1896.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1895.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1894.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1893.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1885.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1884.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1883.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1882.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1881.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1880.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1879.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1878.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1877.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1876.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1875.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1874.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1873.job
[2010/08/15 21:04:14 | 000,003,096 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010/08/15 20:00:25 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At333.job
[2010/08/15 14:09:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/11 15:43:45 | 000,458,230 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/08/11 15:43:45 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/11 15:43:45 | 000,071,248 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/08/11 15:43:45 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/11 15:43:44 | 000,989,618 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/11 15:38:01 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/11 15:38:01 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2010/08/10 19:25:37 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/10 12:33:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/08 20:05:13 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/02 19:41:09 | 000,002,591 | ---- | M] () -- C:\Documents and Settings\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/08/01 12:13:10 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\Raymond\Bureau\CCleaner.lnk
[2010/07/30 19:32:21 | 000,000,651 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/30 02:03:58 | 004,812,972 | -H-- | M] () -- C:\Documents and Settings\Raymond\Local Settings\Application Data\IconCache.db
[2010/07/25 18:24:21 | 000,069,568 | ---- | M] () -- C:\Documents and Settings\Raymond\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

========== Files Created - No Company Name ==========

[2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2016.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2015.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2014.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2013.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2012.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2011.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2010.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2009.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2008.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2007.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2006.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2005.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2004.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2003.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2002.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2001.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2000.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1999.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1998.job
[2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1997.job
[2010/08/17 21:03:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1996.job
[2010/08/17 21:03:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1995.job
[2010/08/17 21:03:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1994.job
[2010/08/17 21:03:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1993.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1992.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1991.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1990.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1989.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1988.job
[2010/08/17 18:11:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1987.job
[2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1986.job
[2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1985.job
[2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1984.job
[2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1983.job
[2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1982.job
[2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1981.job
[2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1980.job
[2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1979.job
[2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1978.job
[2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1977.job
[2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1976.job
[2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1975.job
[2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1974.job
[2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1973.job
[2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1972.job
[2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1971.job
[2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1970.job
[2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1969.job
[2010/08/17 16:12:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1968.job
[2010/08/17 16:12:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1967.job
[2010/08/17 16:12:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1966.job
[2010/08/17 16:12:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1965.job
[2010/08/17 16:12:39 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1964.job
[2010/08/17 16:12:39 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1963.job
[2010/08/17 16:12:39 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1962.job
[2010/08/17 16:12:39 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1961.job
[2010/08/17 16:12:39 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1960.job
[2010/08/17 16:12:39 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1959.job
[2010/08/17 16:12:39 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1958.job
[2010/08/17 16:12:39 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1957.job
[2010/08/17 16:12:39 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1956.job
[2010/08/17 16:12:39 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1955.job
[2010/08/17 16:12:38 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1954.job
[2010/08/17 16:12:38 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1953.job
[2010/08/17 16:12:38 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1952.job
[2010/08/17 16:12:38 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1951.job
[2010/08/17 16:12:37 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1950.job
[2010/08/17 16:12:37 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1949.job
[2010/08/17 16:12:37 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1948.job
[2010/08/17 16:12:37 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1947.job
[2010/08/17 16:12:36 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1946.job
[2010/08/17 16:12:36 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1945.job
[2010/08/17 14:07:58 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1944.job
[2010/08/17 14:07:58 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1943.job
[2010/08/17 14:07:58 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1942.job
[2010/08/17 14:07:58 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1941.job
[2010/08/17 14:07:58 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1940.job
[2010/08/17 14:07:58 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1939.job
[2010/08/17 14:07:58 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1938.job
[2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1937.job
[2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1936.job
[2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1935.job
[2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1934.job
[2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1933.job
[2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1932.job
[2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1931.job
[2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1930.job
[2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1929.job
[2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1928.job
[2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1927.job
[2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1926.job
[2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1925.job
[2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1924.job
[2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1923.job
[2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1922.job
[2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1921.job
[2010/08/17 12:54:02 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Raymond\Bureau\AD-R.lnk
[2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1920.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1919.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1918.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1917.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1916.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1915.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1914.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1913.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1912.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1911.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1910.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1909.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1908.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1907.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1906.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1905.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1904.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1903.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1902.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1901.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1900.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1899.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1898.job
[2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1897.job
[2010/08/16 15:27:33 | 000,072,706 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe
[2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1896.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1895.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1894.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1893.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1892.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1891.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1890.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1889.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1888.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1887.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1886.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1885.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1884.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1883.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1882.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1881.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1880.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1879.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1878.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1877.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1876.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1875.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1874.job
[2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1873.job
[2010/08/16 15:27:32 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat
[2010/08/11 15:38:01 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/11 15:38:01 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2010/08/10 17:09:16 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1454.job
[2010/08/06 13:22:29 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At879.job
[2010/08/05 09:45:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/02 19:01:45 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At333.job
[2010/08/01 12:13:10 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\Raymond\Bureau\CCleaner.lnk
[2009/03/13 13:25:40 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/01/20 22:52:37 | 000,552,960 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2009/01/20 22:39:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/05/03 05:46:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/03 05:46:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/03 05:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/03 05:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/03 05:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/05 19:21:24 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/04/05 18:19:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/04/05 18:19:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/03/22 20:44:38 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/10/26 16:08:18 | 000,000,440 | ---- | C] () -- C:\WINDOWS\pcvideo.ini
[2007/10/26 16:08:17 | 000,010,513 | ---- | C] () -- C:\WINDOWS\Wintvstr.ini
[2007/10/26 16:08:02 | 000,002,637 | ---- | C] () -- C:\WINDOWS\setupwtv.ini
[2007/10/19 19:17:06 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/18 14:34:21 | 000,001,208 | ---- | C] () -- C:\WINDOWS\Radio_Fr.ini
[2007/10/18 14:13:28 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/18 12:29:58 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/10/18 12:29:50 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2007/10/17 21:02:23 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/10/17 21:02:23 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIFRN.DLL
[2007/10/17 21:02:23 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/10/17 20:04:07 | 000,003,096 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2006/08/11 14:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/05/23 12:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/06/16 18:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2005/05/03 18:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/10/27 00:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP

1B5B4F1
< End of report >

| Alerter

Répondre à xixi31800

OmaR

17 Août 2010 21:45:02

En effet, il y a plein de choses qui ont apparu entre temps...

Relance OTL.exe.

Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant (Ne le modifie pas):

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe ()
DRV - (catchme) -- C:\DOCUME~1\Raymond\LOCALS~1\Temp\catchme.sys File not found
[2010/08/17 21:03:52 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat
[2010/08/17 21:03:51 | 000,072,706 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe

:Files
C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe
C:\WINDOWS\tasks\At????.job

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Puis clique sur le bouton Correction en haut de la fenêtre.

Laisse le programme travailler, redémarre une fois le fix terminé.

Enfin, poste un nouveau log OTL (cette fois, ne coche pas les cases LOP Check et Purity).

Note : Tu verras peut-être un log s'ouvrir après le fix (c'est le log qui montre si la suppression a réussi). Si tu veux le poster, sauvegarde-le sur ton Bureau et poste-le avec le nouveau log OTL

| Alerter

Répondre à OmaR

xixi31800

18 Août 2010 11:15:04

Bonjour,
Voila le log OTL après la correction faite et après l'analyse^^

Le problème que je rencontre après tout ceci c'est un message de débogage nom de la fenêtre " débogage juste-à-temps" et l'application qui s'ouvre si je clik sur "utiliser le débogueur sélectionné" c'est "nouvelle instance de Microsoft Script Editor"

OTL logfile created on: 18/08/2010 13:09:15 - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = D:\Mes documents\Téléchargements
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 022,00 Mb Total Physical Memory | 558,00 Mb Available Physical Memory | 55,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,82 Gb Total Space | 6,52 Gb Free Space | 13,35% Space Free | Partition Type: NTFS
Drive D: | 100,22 Gb Total Space | 26,03 Gb Free Space | 25,97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOULOUSE-5FEBB6
Current User Name: Raymond
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - D:\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - D:\xavier\Ipod\Ipodd\iTunesHelper .exe (Apple Inc.)
PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\tomtom\TomTom HOME 2\HOMERunner .exe (TomTom)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe (Hewlett-Packard)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - D:\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (SetupNTGLM7X) -- I:\NTGLM7X.sys File not found
DRV - (NTACCESS) -- I:\NTACCESS.sys File not found
DRV - (GMSIPCI) -- I:\INSTALL\GMSIPCI.SYS File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (Daemon) -- C:\WINDOWS\System32\drivers\daemon.sys File not found
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (xfilt) -- C:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (hcwPVRP2) Hauppauge WinTV-PVR PCI II (Encoder-16) -- C:\WINDOWS\system32\drivers\hcwPVRP2.sys (Hauppauge Computer Works, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google (Language: FR)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.sfr.fr/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/10 20:11:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 15:38:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/11 15:37:58 | 000,000,000 | ---D | M]

[2010/08/11 15:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Extensions
[2010/03/03 18:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/11 15:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\2xggzj84.default\extensions
[2010/08/12 13:47:17 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\2xggzj84.default\searchplugins\google-language-fr.xml
[2010/08/16 13:24:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/23 02:44:11 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/07/23 02:44:11 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/07/23 02:44:11 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/07/14 21:01:18 | 000,002,077 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml
[2010/07/23 02:44:11 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/07/23 02:44:11 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/02/26 17:58:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe ()
O4 - HKLM..\Run: [iTunesHelper] D:\xavier\Ipod\Ipodd\iTunesHelper.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [Kkevapoyowu] C:\WINDOWS\wcdsfv.DLL (CyberLink Corp.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\tomtom\TomTom HOME 2\HOMERunner.exe ()
O4 - Startup: C:\Documents and Settings\Raymond\Menu Démarrer\Programmes\Démarrage\LimeWire On Startup.lnk = C:\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Contro... (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c... (HP Download Manager)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/fichiers/hardwaredet... (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash... (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/17 18:55:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/17 18:06:21 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/08/17 18:06:21 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/17 18:06:21 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2010/08/17 16:30:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Raymond\Recent
[2010/08/17 13:01:14 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010/08/17 12:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2010/08/11 15:40:00 | 000,000,000 | ---D | C] -- D:\Mes documents\Téléchargements
[2010/08/08 15:19:20 | 000,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
[2010/08/06 17:31:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\Settings
[2010/08/06 15:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Malwarebytes
[2010/08/05 09:45:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/08/05 09:45:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/08/03 01:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2010/08/03 00:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/03 00:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/03 00:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/03 00:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/01 14:46:16 | 000,000,000 | ---D | C] -- C:\xavier
[2010/08/01 14:30:04 | 000,000,000 | ---D | C] -- D:\Mes documents\Money sauvegarde
[2010/08/01 14:29:12 | 000,000,000 | ---D | C] -- D:\Mes documents\WORD et autres documents textes
[2010/08/01 14:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/08/01 14:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\HPAppData
[2010/07/30 18:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/30 18:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/30 18:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\AVS4YOU
[2010/07/30 18:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\AVSMedia
[2010/07/30 18:18:26 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2010/07/30 18:18:26 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2010/07/30 18:18:25 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010/07/30 18:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/07/30 18:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/07/29 01:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Local Settings\Application Data\WinAVI
[2010/07/28 12:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\Apowersoft
[2010/07/25 18:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\vlc
[2010/07/25 18:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/07/21 18:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/21 18:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\$NtUninstallWTF1012$
[2006/08/11 14:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/08/18 13:06:52 | 009,961,472 | -H-- | M] () -- C:\Documents and Settings\Raymond\NTUSER.DAT
[2010/08/18 12:41:45 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/18 12:37:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/18 12:37:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/18 12:37:31 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/18 12:36:45 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Raymond\ntuser.ini
[2010/08/17 21:45:11 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Raymond\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/17 12:54:02 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Raymond\Bureau\AD-R.lnk
[2010/08/15 21:04:14 | 000,003,096 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010/08/15 14:09:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/11 15:43:45 | 000,458,230 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/08/11 15:43:45 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/11 15:43:45 | 000,071,248 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/08/11 15:43:45 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/11 15:43:44 | 000,989,618 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/11 15:38:01 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/11 15:38:01 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2010/08/10 19:25:37 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/10 12:33:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/08 20:05:13 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/02 19:41:09 | 000,002,591 | ---- | M] () -- C:\Documents and Settings\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/08/01 12:13:10 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\Raymond\Bureau\CCleaner.lnk
[2010/07/30 19:32:21 | 000,000,651 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/30 02:03:58 | 004,812,972 | -H-- | M] () -- C:\Documents and Settings\Raymond\Local Settings\Application Data\IconCache.db
[2010/07/25 18:24:21 | 000,069,568 | ---- | M] () -- C:\Documents and Settings\Raymond\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

========== Files Created - No Company Name ==========

[2010/08/17 12:54:02 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Raymond\Bureau\AD-R.lnk
[2010/08/11 15:38:01 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/11 15:38:01 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2010/08/05 09:45:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/01 12:13:10 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\Raymond\Bureau\CCleaner.lnk
[2009/03/13 13:25:40 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/01/20 22:52:37 | 000,552,960 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2009/01/20 22:39:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/05/03 05:46:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/03 05:46:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/03 05:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/03 05:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/03 05:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/05 19:21:24 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/04/05 18:19:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/04/05 18:19:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/03/22 20:44:38 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/10/26 16:08:18 | 000,000,440 | ---- | C] () -- C:\WINDOWS\pcvideo.ini
[2007/10/26 16:08:17 | 000,010,513 | ---- | C] () -- C:\WINDOWS\Wintvstr.ini
[2007/10/26 16:08:02 | 000,002,637 | ---- | C] () -- C:\WINDOWS\setupwtv.ini
[2007/10/19 19:17:06 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/18 14:34:21 | 000,001,208 | ---- | C] () -- C:\WINDOWS\Radio_Fr.ini
[2007/10/18 14:13:28 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/18 12:29:58 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/10/18 12:29:50 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2007/10/17 21:02:23 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/10/17 21:02:23 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIFRN.DLL
[2007/10/17 21:02:23 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/10/17 20:04:07 | 000,003,096 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2006/08/11 14:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/05/23 12:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/06/16 18:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2005/05/03 18:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/10/27 00:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP

1B5B4F1
< End of report >

| Alerter

Répondre à xixi31800

OmaR

18 Août 2010 11:33:18

Bonjour,

1)
Relance OTL.exe.

Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant (Ne le modifie pas):

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Kkevapoyowu] C:\WINDOWS\wcdsfv.DLL (CyberLink Corp.)

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Puis clique sur le bouton Correction en haut de la fenêtre.

Laisse le programme travailler, redémarre une fois le fix terminé.

Enfin, poste un nouveau log OTL (cette fois, ne coche pas les cases LOP Check et Purity).

Note : Tu verras peut-être un log s'ouvrir après le fix (c'est le log qui montre si la suppression a réussi). Si tu veux le poster, sauvegarde-le sur ton Bureau et poste-le avec le nouveau log OTL

2)

Télécharge MalwareByte's Anti-Malware sur ton Bureau.

Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Effectue les mises à jour.

Ensuite, déconnecte toi et ferme toutes applications en cours.

Fais un examen dit Rapide.

--> Laisse le programme travailler (et ne rien faire d'autre avec le PC durant le scan).
--> à la fin tu cliques sur Résultat .
--> Vérifie que tous les objets infectés soient validés, puis clique sur Suppression.

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes', le dernier en date) pour analyse ...

| Alerter

Répondre à OmaR

xixi31800

18 Août 2010 12:56:08

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Kkevapoyowu deleted successfully.
C:\WINDOWS\wcdsfv.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 233575 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Raymond
->Temp folder emptied: 17214 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 79923770 bytes
->Flash cache emptied: 1406 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15100 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 37768 bytes

Total Files Cleaned = 77,00 mb

OTL by OldTimer - Version 3.2.9.1 log created on 08182010_143520

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_668.dat not found!

Registry entries deleted on Reboot...

------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

18/08/2010 14:54:52
mbam-log-2010-08-18 (14-54-52).txt

Type de recherche: Examen rapide
Eléments examinés: 114104
Temps écoulé: 3 minute(s), 44 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

| Alerter

Répondre à xixi31800

OmaR

18 Août 2010 14:20:40

Très bien. Est-ce que tu peux refaire un scan avec OTL et l'uploader sur cijoint s'il te plait ?

Comment se comporte ton PC maintenant ? Tu as toujours des problèmes de debugger ? Il te dit quel programme plante ?

| Alerter

Répondre à OmaR

xixi31800

18 Août 2010 18:34:14

http://www.cijoint.fr/cjlink.php?file=cj201008/cij34rWC...

Toujours le même problème avec le débogage !!
Sinon à part sa tout à l'air bien...

| Alerter

Répondre à xixi31800

OmaR

18 Août 2010 20:06:31

Bon, soit tu te fais réinfecter à chaque fois, soit il y a quelque chose que j'ai loupé, parce qu'on a encore un processus et une clé de registre run à supprimer...

On va essayer de voir avec un autre tool :
1)
Les logiciels d'émulation de CD ( comme Daemon Tools et autre ) peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :

Télécharge Defogger (de jpshortstuff) sur ton Bureau
http://www.jpshortstuff.247fixes.com/Defogger.exe

Lance le

Une fenêtre apparait : clique sur "Disable"

Fais redémarrer l'ordinateur si l'outil te le demande

Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"

2)

Désactive bien ton antivirus avant de faire ça, il peut gêner le programme:

Télécharge Gmer. (Przemyslaw Gmerek)

Dézippe-le dans un dossier dédié ou sur ton Bureau.

Déconnecte toi d'Internet puis ferme tous les programmes.

Double-clique sur Gmer.exe.
Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clique sur l'onglet Rootkit.

A droite, coche seulement Files, Services & Registry.

Clique maintenant sur Scan.

Lorsque le scan est terminé, clique sur Copy.

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.

Le rapport doit alors apparaître.

Enregistre le fichier sur ton Bureau et poste le contenu ici.

| Alerter

Répondre à OmaR

xixi31800

18 Août 2010 21:26:53

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-18 23:25:44
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Raymond\LOCALS~1\Temp\kwpyrfoc.sys

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a9416a825
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a9416a825@0012476470cc 0xC7 0x57 0x33 0x42 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x89 0xDF 0x67 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\xavier\jeux\farcast\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBF 0x21 0x61 0xE9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEA 0x86 0x98 0x3F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xEA 0x86 0x98 0x3F ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a9416a825 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a9416a825@0012476470cc 0xC7 0x57 0x33 0x42 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x89 0xDF 0x67 0x94 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\xavier\jeux\farcast\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBF 0x21 0x61 0xE9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEA 0x86 0x98 0x3F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xEA 0x86 0x98 0x3F ...

---- EOF - GMER 1.0.15 ----

| Alerter

Répondre à xixi31800

OmaR

19 Août 2010 07:19:04

Relance OTL.exe.

Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant (Ne le modifie pas):

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe ()
O4 - HKCU..\Run: [Kkevapoyowu] C:\WINDOWS\wcdsfv.DLL (CyberLink Corp.)

:Files
C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe
C:\WINDOWS\wcdsfv.DLL

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Puis clique sur le bouton Correction en haut de la fenêtre.

Laisse le programme travailler, redémarre une fois le fix terminé.

Enfin, poste un nouveau log OTL (cette fois, ne coche pas les cases LOP Check et Purity).

Note : Tu verras peut-être un log s'ouvrir après le fix (c'est le log qui montre si la suppression a réussi). Si tu veux le poster, sauvegarde-le sur ton Bureau et poste-le avec le nouveau log OTL

| Alerter

Répondre à OmaR

xixi31800

19 Août 2010 09:48:46

Bonjour, alors avant que je ne fasse la manip OTL sache que les pubs étaient revenues

mais après la petite manip tous avaient disparus^^

Edit : Le message débogage est revenue est apparemment il veut me corriger ceci "[1028] C:\WINDOWS\system32\svchost.exe"

OTL logfile created on: 19/08/2010 11:43:18 - Run 6
OTL by OldTimer - Version 3.2.9.1 Folder = D:\Mes documents\Téléchargements
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 022,00 Mb Total Physical Memory | 663,00 Mb Available Physical Memory | 65,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,82 Gb Total Space | 6,39 Gb Free Space | 13,10% Space Free | Partition Type: NTFS
Drive D: | 100,22 Gb Total Space | 25,97 Gb Free Space | 25,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOULOUSE-5FEBB6
Current User Name: Raymond
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - D:\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe ()
PRC - D:\xavier\Ipod\Ipodd\iTunesHelper .exe (Apple Inc.)
PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\tomtom\TomTom HOME 2\HOMERunner .exe (TomTom)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe (Hewlett-Packard)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - D:\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (SetupNTGLM7X) -- I:\NTGLM7X.sys File not found
DRV - (NTACCESS) -- I:\NTACCESS.sys File not found
DRV - (GMSIPCI) -- I:\INSTALL\GMSIPCI.SYS File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (Daemon) -- C:\WINDOWS\System32\drivers\daemon.sys File not found
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (xfilt) -- C:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (hcwPVRP2) Hauppauge WinTV-PVR PCI II (Encoder-16) -- C:\WINDOWS\system32\drivers\hcwPVRP2.sys (Hauppauge Computer Works, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php?"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.gopher: "localhost"
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/10 20:11:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/18 20:18:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/18 20:17:39 | 000,000,000 | ---D | M]

[2010/08/18 20:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Extensions
[2010/03/03 18:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/18 20:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\ak387jrk.default\extensions
[2010/08/18 20:17:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/23 02:44:11 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/07/23 02:44:11 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/07/23 02:44:11 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/07/23 02:44:11 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/07/23 02:44:11 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/02/26 17:58:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe ()
O4 - HKLM..\Run: [iTunesHelper] D:\xavier\Ipod\Ipodd\iTunesHelper.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [Kkevapoyowu] C:\WINDOWS\wcdsfv.DLL (CyberLink Corp.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\tomtom\TomTom HOME 2\HOMERunner.exe ()
O4 - Startup: C:\Documents and Settings\Raymond\Menu Démarrer\Programmes\Démarrage\LimeWire On Startup.lnk = C:\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Contro... (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c... (HP Download Manager)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/fichiers/hardwaredet... (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash... (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/17 18:55:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/17 18:06:21 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/08/17 18:06:21 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/18 20:44:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Raymond\Recent
[2010/08/18 15:30:19 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/08/18 15:30:19 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/08/18 15:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Local Settings\Application Data\Deployment
[2010/08/17 18:06:21 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2010/08/17 13:01:14 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010/08/17 12:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2010/08/11 15:40:00 | 000,000,000 | ---D | C] -- D:\Mes documents\Téléchargements
[2010/08/08 15:19:20 | 000,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
[2010/08/06 17:31:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\Settings
[2010/08/06 15:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Malwarebytes
[2010/08/05 09:45:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/08/05 09:45:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/08/03 01:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2010/08/03 00:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/03 00:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/03 00:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/03 00:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/01 14:46:16 | 000,000,000 | ---D | C] -- C:\xavier
[2010/08/01 14:30:04 | 000,000,000 | ---D | C] -- D:\Mes documents\Money sauvegarde
[2010/08/01 14:29:12 | 000,000,000 | ---D | C] -- D:\Mes documents\WORD et autres documents textes
[2010/08/01 14:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/08/01 14:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\HPAppData
[2010/07/30 18:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/30 18:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/30 18:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\AVS4YOU
[2010/07/30 18:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\AVSMedia
[2010/07/30 18:18:26 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2010/07/30 18:18:26 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2010/07/30 18:18:25 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010/07/30 18:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/07/30 18:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/07/29 01:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Local Settings\Application Data\WinAVI
[2010/07/28 12:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\Apowersoft
[2010/07/25 18:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\vlc
[2010/07/25 18:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/07/21 18:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/21 18:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\$NtUninstallWTF1012$
[2006/08/11 14:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/08/19 11:39:14 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/19 11:38:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/19 11:38:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/19 11:38:09 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/19 11:37:26 | 009,961,472 | -H-- | M] () -- C:\Documents and Settings\Raymond\NTUSER.DAT
[2010/08/19 11:37:26 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Raymond\ntuser.ini
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
[2010/08/19 11:33:31 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat
[2010/08/18 23:00:12 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/08/18 23:00:12 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/08/18 23:00:06 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010/08/18 22:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/08/18 22:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/08/18 21:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/08/18 21:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/08/18 20:17:42 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/18 20:17:42 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2010/08/18 20:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/08/18 20:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/08/18 19:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/08/18 18:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/08/18 17:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/08/17 21:45:11 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Raymond\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/17 12:54:02 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Raymond\Bureau\AD-R.lnk
[2010/08/15 21:04:14 | 000,003,096 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010/08/15 14:09:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/11 15:43:45 | 000,458,230 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/08/11 15:43:45 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/11 15:43:45 | 000,071,248 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/08/11 15:43:45 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/11 15:43:44 | 000,989,618 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/10 19:25:37 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/10 12:33:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/08 20:05:13 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/02 19:41:09 | 000,002,591 | ---- | M] () -- C:\Documents and Settings\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/08/01 12:13:10 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\Raymond\Bureau\CCleaner.lnk
[2010/07/30 19:32:21 | 000,000,651 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/30 02:03:58 | 004,812,972 | -H-- | M] () -- C:\Documents and Settings\Raymond\Local Settings\Application Data\IconCache.db
[2010/07/25 18:24:21 | 000,069,568 | ---- | M] () -- C:\Documents and Settings\Raymond\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

========== Files Created - No Company Name ==========

[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At95.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At93.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At91.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At89.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At87.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At85.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At83.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At81.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At79.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At77.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At75.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2010/08/18 20:17:42 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/18 20:17:42 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/08/18 16:57:30 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat
[2010/08/17 12:54:02 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Raymond\Bureau\AD-R.lnk
[2010/08/05 09:45:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/01 12:13:10 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\Raymond\Bureau\CCleaner.lnk
[2009/03/13 13:25:40 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/01/20 22:52:37 | 000,552,960 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2009/01/20 22:39:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/05/03 05:46:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/03 05:46:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/03 05:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/03 05:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/03 05:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/05 19:21:24 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/04/05 18:19:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/04/05 18:19:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/03/22 20:44:38 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/10/26 16:08:18 | 000,000,440 | ---- | C] () -- C:\WINDOWS\pcvideo.ini
[2007/10/26 16:08:17 | 000,010,513 | ---- | C] () -- C:\WINDOWS\Wintvstr.ini
[2007/10/26 16:08:02 | 000,002,637 | ---- | C] () -- C:\WINDOWS\setupwtv.ini
[2007/10/19 19:17:06 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/18 14:34:21 | 000,001,208 | ---- | C] () -- C:\WINDOWS\Radio_Fr.ini
[2007/10/18 14:13:28 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/18 12:29:58 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/10/18 12:29:50 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2007/10/17 21:02:23 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/10/17 21:02:23 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIFRN.DLL
[2007/10/17 21:02:23 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/10/17 20:04:07 | 000,003,096 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2006/08/11 14:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/05/23 12:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/06/16 18:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2005/05/03 18:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/10/27 00:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP

1B5B4F1
< End of report >

| Alerter

Répondre à xixi31800

OmaR

19 Août 2010 11:58:55

Bon, t'es complètement réinfecté là... J'avais peut être oublié quelque chose les 1ères fois.
Si après ça, ça marche pas, on sortira l'artillerie lourde.

Relance OTL.exe.

Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant (Ne le modifie pas):

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171
O4 - HKCU..\Run: [Kkevapoyowu] C:\WINDOWS\wcdsfv.DLL (CyberLink Corp.)
[2010/08/19 11:33:31 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat

:Files
C:\WINDOWS\tasks\At????.job
C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat
C:\WINDOWS\wcdsfv.DLL

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Puis clique sur le bouton Correction en haut de la fenêtre.

Laisse le programme travailler, redémarre une fois le fix terminé.

Enfin, poste un nouveau log OTL (cette fois, ne coche pas les cases LOP Check et Purity).

Note : Tu verras peut-être un log s'ouvrir après le fix (c'est le log qui montre si la suppression a réussi). Sauvegarde-le sur ton Bureau et poste-le avec le nouveau log OTL (n'oublie pas de les mettre sur cijoint comme demandé au début)

| Alerter

Répondre à OmaR

xixi31800

19 Août 2010 13:34:14

L'artillerie lourde je crains le pire^^

OTL logfile created on: 19/08/2010 15:28:58 - Run 7
OTL by OldTimer - Version 3.2.9.1 Folder = D:\Mes documents\Téléchargements
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 022,00 Mb Total Physical Memory | 651,00 Mb Available Physical Memory | 64,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,82 Gb Total Space | 6,39 Gb Free Space | 13,08% Space Free | Partition Type: NTFS
Drive D: | 100,22 Gb Total Space | 25,96 Gb Free Space | 25,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOULOUSE-5FEBB6
Current User Name: Raymond
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - D:\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
PRC - D:\xavier\Ipod\Ipodd\iTunesHelper .exe (Apple Inc.)
PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\tomtom\TomTom HOME 2\HOMERunner .exe (TomTom)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe (Hewlett-Packard)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - D:\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (SetupNTGLM7X) -- I:\NTGLM7X.sys File not found
DRV - (NTACCESS) -- I:\NTACCESS.sys File not found
DRV - (GMSIPCI) -- I:\INSTALL\GMSIPCI.SYS File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (Daemon) -- C:\WINDOWS\System32\drivers\daemon.sys File not found
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (xfilt) -- C:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (hcwPVRP2) Hauppauge WinTV-PVR PCI II (Encoder-16) -- C:\WINDOWS\system32\drivers\hcwPVRP2.sys (Hauppauge Computer Works, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php?"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.gopher: "localhost"
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/10 20:11:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/18 20:18:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/18 20:17:39 | 000,000,000 | ---D | M]

[2010/08/18 20:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Extensions
[2010/03/03 18:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/18 20:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\ak387jrk.default\extensions
[2010/08/18 20:17:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/23 02:44:11 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/07/23 02:44:11 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/07/23 02:44:11 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/07/23 02:44:11 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/07/23 02:44:11 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/02/26 17:58:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe ()
O4 - HKLM..\Run: [iTunesHelper] D:\xavier\Ipod\Ipodd\iTunesHelper.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [Kkevapoyowu] C:\WINDOWS\wcdsfv.DLL ()
O4 - HKCU..\Run: [TomTomHOME.exe] C:\tomtom\TomTom HOME 2\HOMERunner.exe ()
O4 - Startup: C:\Documents and Settings\Raymond\Menu Démarrer\Programmes\Démarrage\LimeWire On Startup.lnk = C:\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Contro... (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c... (HP Download Manager)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/fichiers/hardwaredet... (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash... (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/17 18:55:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/17 18:06:21 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/08/17 18:06:21 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/18 20:44:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Raymond\Recent
[2010/08/18 15:30:19 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/08/18 15:30:19 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/08/18 15:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Local Settings\Application Data\Deployment
[2010/08/17 18:06:21 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2010/08/17 13:01:14 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010/08/17 12:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2010/08/11 15:40:00 | 000,000,000 | ---D | C] -- D:\Mes documents\Téléchargements
[2010/08/08 15:19:20 | 000,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
[2010/08/06 17:31:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\Settings
[2010/08/06 15:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Malwarebytes
[2010/08/05 09:45:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/08/05 09:45:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/08/03 01:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2010/08/03 00:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/03 00:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/03 00:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/03 00:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/01 14:46:16 | 000,000,000 | ---D | C] -- C:\xavier
[2010/08/01 14:30:04 | 000,000,000 | ---D | C] -- D:\Mes documents\Money sauvegarde
[2010/08/01 14:29:12 | 000,000,000 | ---D | C] -- D:\Mes documents\WORD et autres documents textes
[2010/08/01 14:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/08/01 14:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\HPAppData
[2010/07/30 18:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/30 18:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/30 18:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\AVS4YOU
[2010/07/30 18:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\AVSMedia
[2010/07/30 18:18:26 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2010/07/30 18:18:26 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2010/07/30 18:18:25 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010/07/30 18:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/07/30 18:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/07/29 01:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Local Settings\Application Data\WinAVI
[2010/07/28 12:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\Apowersoft
[2010/07/25 18:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\vlc
[2010/07/25 18:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/07/21 18:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/21 18:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\$NtUninstallWTF1012$
[2006/08/11 14:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/08/19 15:28:43 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/19 15:26:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/19 15:26:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/19 15:26:35 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/19 15:25:44 | 009,961,472 | -H-- | M] () -- C:\Documents and Settings\Raymond\NTUSER.DAT
[2010/08/19 15:25:44 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Raymond\ntuser.ini
[2010/08/19 15:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
[2010/08/19 15:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/08/19 15:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/08/19 15:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/08/19 15:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At112.job
[2010/08/19 14:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
[2010/08/19 14:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/08/19 14:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/08/19 14:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/08/19 14:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At111.job
[2010/08/19 13:42:48 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At99.job
[2010/08/19 13:42:48 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At98.job
[2010/08/19 13:42:48 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At97.job
[2010/08/19 13:42:48 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At120.job
[2010/08/19 13:42:48 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At119.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At118.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At117.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At116.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At115.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At114.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At113.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At110.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At109.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At108.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At107.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At106.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At105.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At104.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At103.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At102.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At101.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At100.job
[2010/08/19 13:42:46 | 000,072,706 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe
[2010/08/19 13:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
[2010/08/19 13:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/08/19 13:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/08/19 13:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/08/19 12:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
[2010/08/19 12:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/08/19 12:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/08/19 12:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
[2010/08/18 23:00:12 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/08/18 23:00:12 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/08/18 23:00:06 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010/08/18 22:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/08/18 22:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/08/18 21:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/08/18 21:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/08/18 20:17:42 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/18 20:17:42 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2010/08/18 20:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/08/18 20:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/08/18 19:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/08/18 18:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/08/18 17:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/08/17 21:45:11 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Raymond\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/17 12:54:02 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Raymond\Bureau\AD-R.lnk
[2010/08/15 21:04:14 | 000,003,096 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010/08/15 14:09:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/11 15:43:45 | 000,458,230 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/08/11 15:43:45 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/11 15:43:45 | 000,071,248 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/08/11 15:43:45 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/11 15:43:44 | 000,989,618 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/10 19:25:37 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/10 12:33:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/08 20:05:13 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/02 19:41:09 | 000,002,591 | ---- | M] () -- C:\Documents and Settings\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/08/01 12:13:10 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\Raymond\Bureau\CCleaner.lnk
[2010/07/30 19:32:21 | 000,000,651 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/30 02:03:58 | 004,812,972 | -H-- | M] () -- C:\Documents and Settings\Raymond\Local Settings\Application Data\IconCache.db
[2010/07/25 18:24:21 | 000,069,568 | ---- | M] () -- C:\Documents and Settings\Raymond\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

========== Files Created - No Company Name ==========

[2010/08/19 13:42:47 | 000,072,706 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe
[2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At99.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At98.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At97.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At120.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At119.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At118.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At117.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At116.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At115.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At114.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At113.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At112.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At111.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At110.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At109.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At108.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At107.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At106.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At105.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At104.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At103.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At102.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At101.job
[2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At100.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At95.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At93.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At91.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At89.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At87.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At85.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At83.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At81.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At79.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At77.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At75.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
[2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2010/08/18 20:17:42 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/18 20:17:42 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/08/17 12:54:02 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Raymond\Bureau\AD-R.lnk
[2010/08/05 09:45:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/01 12:13:10 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\Raymond\Bureau\CCleaner.lnk
[2009/03/13 13:25:40 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/01/20 22:52:37 | 000,552,960 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2009/01/20 22:39:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/05/03 05:46:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/03 05:46:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/03 05:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/03 05:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/03 05:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/05 19:21:24 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/04/05 18:19:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/04/05 18:19:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/03/22 20:44:38 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/10/26 16:08:18 | 000,000,440 | ---- | C] () -- C:\WINDOWS\pcvideo.ini
[2007/10/26 16:08:17 | 000,010,513 | ---- | C] () -- C:\WINDOWS\Wintvstr.ini
[2007/10/26 16:08:02 | 000,002,637 | ---- | C] () -- C:\WINDOWS\setupwtv.ini
[2007/10/19 19:17:06 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/18 14:34:21 | 000,001,208 | ---- | C] () -- C:\WINDOWS\Radio_Fr.ini
[2007/10/18 14:13:28 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/18 12:29:58 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/10/18 12:29:50 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2007/10/17 21:02:23 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/10/17 21:02:23 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIFRN.DLL
[2007/10/17 21:02:23 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/10/17 20:04:07 | 000,003,096 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2006/08/11 14:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/05/23 12:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/06/16 18:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2005/05/03 18:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/10/27 00:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP

1B5B4F1
< End of report >

| Alerter

Répondre à xixi31800

OmaR

19 Août 2010 16:36:53

Est-ce que tu peux refaire ce que je t'ai dit, mais en sauvegardant bien le log de suppression OTL s'il te plait ?
J'ai pas l'impression que ça ait fait grand chose là.

Et puis, si tu pouvais les mettre sur cijoint aussi... merci

| Alerter

Répondre à OmaR

xixi31800

19 Août 2010 17:06:12

ok ok^^

Voila http://www.cijoint.fr/cjlink.php?file=cj201008/cijIFWvG...

| Alerter

Répondre à xixi31800

OmaR

19 Août 2010 17:16:38

Aaaah, y'a toujours pas le log de suppression, parce que rien n'est supprimé là..

| Alerter

Répondre à OmaR

xixi31800

19 Août 2010 17:28:37

Ah désole j'avais pas compris que je devais le poster !!
Par contre je n'arrive pas à le mettre sur cijoint...

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Process k6ByrXld.exe killed successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Kkevapoyowu deleted successfully.
C:\WINDOWS\wcdsfv.dll moved successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe moved successfully.
C:\WINDOWS\wcdsfv.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 277926 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 824 bytes

User: Raymond
->Temp folder emptied: 1248960 bytes
->Temporary Internet Files folder emptied: 547442 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43474644 bytes
->Flash cache emptied: 646 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 125204 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 732309891 bytes

Total Files Cleaned = 742,00 mb

OTL by OldTimer - Version 3.2.9.1 log created on 08192010_185539

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_648.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

| Alerter

Répondre à xixi31800

OmaR

19 Août 2010 23:06:57

Il a pas tué les tâches planifiés ? *-)

Relance OTL.exe.

Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant (Ne le modifie pas):

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:Files
C:\WINDOWS\tasks\At??.job

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Puis clique sur le bouton Correction en haut de la fenêtre.

Laisse le programme travailler, redémarre une fois le fix terminé.

Enfin, poste un nouveau log OTL (cette fois, ne coche pas les cases LOP Check et Purity).

Note : Tu verras peut-être un log s'ouvrir après le fix (c'est le log qui montre si la suppression a réussi). Si tu veux le poster, sauvegarde-le sur ton Bureau et poste-le avec le nouveau log OTL

Et poste bien les deux logs s'il te plait. (sur cijoint pour le log OTL normal et tu peux copier directement sur le forum celui de suppression)

| Alerter

Répondre à OmaR

xixi31800

20 Août 2010 09:15:28

Voila chef j'espère ne pas avoir ait de bêtise ^^
Apparemment mon PC se comporte super bien !! J'espère que tu pourras confirmer

http://www.cijoint.fr/cjlink.php?file=cj201008/cijTccOp...

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At49.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At50.job moved successfully.
C:\WINDOWS\tasks\At51.job moved successfully.
C:\WINDOWS\tasks\At52.job moved successfully.
C:\WINDOWS\tasks\At53.job moved successfully.
C:\WINDOWS\tasks\At54.job moved successfully.
C:\WINDOWS\tasks\At55.job moved successfully.
C:\WINDOWS\tasks\At56.job moved successfully.
C:\WINDOWS\tasks\At57.job moved successfully.
C:\WINDOWS\tasks\At58.job moved successfully.
C:\WINDOWS\tasks\At59.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At60.job moved successfully.
C:\WINDOWS\tasks\At61.job moved successfully.
C:\WINDOWS\tasks\At62.job moved successfully.
C:\WINDOWS\tasks\At63.job moved successfully.
C:\WINDOWS\tasks\At64.job moved successfully.
C:\WINDOWS\tasks\At65.job moved successfully.
C:\WINDOWS\tasks\At66.job moved successfully.
C:\WINDOWS\tasks\At67.job moved successfully.
C:\WINDOWS\tasks\At68.job moved successfully.
C:\WINDOWS\tasks\At69.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At70.job moved successfully.
C:\WINDOWS\tasks\At71.job moved successfully.
C:\WINDOWS\tasks\At72.job moved successfully.
C:\WINDOWS\tasks\At73.job moved successfully.
C:\WINDOWS\tasks\At74.job moved successfully.
C:\WINDOWS\tasks\At75.job moved successfully.
C:\WINDOWS\tasks\At76.job moved successfully.
C:\WINDOWS\tasks\At77.job moved successfully.
C:\WINDOWS\tasks\At78.job moved successfully.
C:\WINDOWS\tasks\At79.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At80.job moved successfully.
C:\WINDOWS\tasks\At81.job moved successfully.
C:\WINDOWS\tasks\At82.job moved successfully.
C:\WINDOWS\tasks\At83.job moved successfully.
C:\WINDOWS\tasks\At84.job moved successfully.
C:\WINDOWS\tasks\At85.job moved successfully.
C:\WINDOWS\tasks\At86.job moved successfully.
C:\WINDOWS\tasks\At87.job moved successfully.
C:\WINDOWS\tasks\At88.job moved successfully.
C:\WINDOWS\tasks\At89.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At90.job moved successfully.
C:\WINDOWS\tasks\At91.job moved successfully.
C:\WINDOWS\tasks\At92.job moved successfully.
C:\WINDOWS\tasks\At93.job moved successfully.
C:\WINDOWS\tasks\At94.job moved successfully.
C:\WINDOWS\tasks\At95.job moved successfully.
C:\WINDOWS\tasks\At96.job moved successfully.
C:\WINDOWS\tasks\At97.job moved successfully.
C:\WINDOWS\tasks\At98.job moved successfully.
C:\WINDOWS\tasks\At99.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Raymond
->Temp folder emptied: 3144647 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 96478263 bytes
->Flash cache emptied: 1047 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 187126 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 95,00 mb

OTL by OldTimer - Version 3.2.9.1 log created on 08202010_110330

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_62c.dat not found!

Registry entries deleted on Reboot...

| Alerter

Répondre à xixi31800

OmaR

20 Août 2010 11:47:34

Booon, c'est pas encore tout à fait ça.

Relance OTL.exe.

Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant (Ne le modifie pas):

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
[2010/08/19 23:06:14 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat
[2010/08/19 23:06:13 | 000,072,706 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe
O4 - HKCU..\Run: [Kkevapoyowu] C:\WINDOWS\wcdsfv.DLL (CyberLink Corp.)

:Services

:Reg

:Files
C:\WINDOWS\tasks\At????.job
C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat
C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe
C:\WINDOWS\wcdsfv.DLL

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Puis clique sur le bouton Correction en haut de la fenêtre.

Laisse le programme travailler, redémarre une fois le fix terminé.

Enfin, poste un nouveau log OTL (cette fois, ne coche pas les cases LOP Check et Purity).

Note : Tu verras peut-être un log s'ouvrir après le fix (c'est le log qui montre si la suppression a réussi). Si tu veux le poster, sauvegarde-le sur ton Bureau et poste-le avec le nouveau log OTL

Et comme la dernière fois, met bien le rapport OTL sur cijoint et le rapport de suppression sur le forum.

J'espère que ça sera bon cette fois-ci.

| Alerter

Répondre à OmaR

xixi31800

20 Août 2010 12:28:07

EDIT: il faut sortir les artilleries lourdes y a tous qui est revenus....
2 EDIT : Bé en fait j'ai plus rien là... tous marche bien il n'y a pas de soucis !!

http://www.cijoint.fr/cjlink.php?file=cj201008/cijFkK07...

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Kkevapoyowu deleted successfully.
C:\WINDOWS\wcdsfv.dll moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\tasks\At100.job moved successfully.
C:\WINDOWS\tasks\At101.job moved successfully.
C:\WINDOWS\tasks\At102.job moved successfully.
C:\WINDOWS\tasks\At103.job moved successfully.
C:\WINDOWS\tasks\At104.job moved successfully.
C:\WINDOWS\tasks\At105.job moved successfully.
C:\WINDOWS\tasks\At106.job moved successfully.
C:\WINDOWS\tasks\At107.job moved successfully.
C:\WINDOWS\tasks\At108.job moved successfully.
C:\WINDOWS\tasks\At109.job moved successfully.
C:\WINDOWS\tasks\At110.job moved successfully.
C:\WINDOWS\tasks\At111.job moved successfully.
C:\WINDOWS\tasks\At112.job moved successfully.
C:\WINDOWS\tasks\At113.job moved successfully.
C:\WINDOWS\tasks\At114.job moved successfully.
C:\WINDOWS\tasks\At115.job moved successfully.
C:\WINDOWS\tasks\At116.job moved successfully.
C:\WINDOWS\tasks\At117.job moved successfully.
C:\WINDOWS\tasks\At118.job moved successfully.
C:\WINDOWS\tasks\At119.job moved successfully.
C:\WINDOWS\tasks\At120.job moved successfully.
C:\WINDOWS\tasks\At121.job moved successfully.
C:\WINDOWS\tasks\At122.job moved successfully.
C:\WINDOWS\tasks\At123.job moved successfully.
C:\WINDOWS\tasks\At124.job moved successfully.
C:\WINDOWS\tasks\At125.job moved successfully.
C:\WINDOWS\tasks\At126.job moved successfully.
C:\WINDOWS\tasks\At127.job moved successfully.
C:\WINDOWS\tasks\At128.job moved successfully.
C:\WINDOWS\tasks\At129.job moved successfully.
C:\WINDOWS\tasks\At130.job moved successfully.
C:\WINDOWS\tasks\At131.job moved successfully.
C:\WINDOWS\tasks\At132.job moved successfully.
C:\WINDOWS\tasks\At133.job moved successfully.
C:\WINDOWS\tasks\At134.job moved successfully.
C:\WINDOWS\tasks\At135.job moved successfully.
C:\WINDOWS\tasks\At136.job moved successfully.
C:\WINDOWS\tasks\At137.job moved successfully.
C:\WINDOWS\tasks\At138.job moved successfully.
C:\WINDOWS\tasks\At139.job moved successfully.
C:\WINDOWS\tasks\At140.job moved successfully.
C:\WINDOWS\tasks\At141.job moved successfully.
C:\WINDOWS\tasks\At142.job moved successfully.
C:\WINDOWS\tasks\At143.job moved successfully.
C:\WINDOWS\tasks\At144.job moved successfully.
C:\WINDOWS\tasks\At145.job moved successfully.
C:\WINDOWS\tasks\At146.job moved successfully.
C:\WINDOWS\tasks\At147.job moved successfully.
C:\WINDOWS\tasks\At148.job moved successfully.
C:\WINDOWS\tasks\At149.job moved successfully.
C:\WINDOWS\tasks\At150.job moved successfully.
C:\WINDOWS\tasks\At151.job moved successfully.
C:\WINDOWS\tasks\At152.job moved successfully.
C:\WINDOWS\tasks\At153.job moved successfully.
C:\WINDOWS\tasks\At154.job moved successfully.
C:\WINDOWS\tasks\At155.job moved successfully.
C:\WINDOWS\tasks\At156.job moved successfully.
C:\WINDOWS\tasks\At157.job moved successfully.
C:\WINDOWS\tasks\At158.job moved successfully.
C:\WINDOWS\tasks\At159.job moved successfully.
C:\WINDOWS\tasks\At160.job moved successfully.
C:\WINDOWS\tasks\At161.job moved successfully.
C:\WINDOWS\tasks\At162.job moved successfully.
C:\WINDOWS\tasks\At163.job moved successfully.
C:\WINDOWS\tasks\At164.job moved successfully.
C:\WINDOWS\tasks\At165.job moved successfully.
C:\WINDOWS\tasks\At166.job moved successfully.
C:\WINDOWS\tasks\At167.job moved successfully.
C:\WINDOWS\tasks\At168.job moved successfully.
C:\WINDOWS\tasks\At169.job moved successfully.
C:\WINDOWS\tasks\At170.job moved successfully.
C:\WINDOWS\tasks\At171.job moved successfully.
C:\WINDOWS\tasks\At172.job moved successfully.
C:\WINDOWS\tasks\At173.job moved successfully.
C:\WINDOWS\tasks\At174.job moved successfully.
C:\WINDOWS\tasks\At175.job moved successfully.
C:\WINDOWS\tasks\At176.job moved successfully.
C:\WINDOWS\tasks\At177.job moved successfully.
C:\WINDOWS\tasks\At178.job moved successfully.
C:\WINDOWS\tasks\At179.job moved successfully.
C:\WINDOWS\tasks\At180.job moved successfully.
C:\WINDOWS\tasks\At181.job moved successfully.
C:\WINDOWS\tasks\At182.job moved successfully.
C:\WINDOWS\tasks\At183.job moved successfully.
C:\WINDOWS\tasks\At184.job moved successfully.
C:\WINDOWS\tasks\At185.job moved successfully.
C:\WINDOWS\tasks\At186.job moved successfully.
C:\WINDOWS\tasks\At187.job moved successfully.
C:\WINDOWS\tasks\At188.job moved successfully.
C:\WINDOWS\tasks\At189.job moved successfully.
C:\WINDOWS\tasks\At190.job moved successfully.
C:\WINDOWS\tasks\At191.job moved successfully.
C:\WINDOWS\tasks\At192.job moved successfully.
C:\WINDOWS\tasks\At193.job moved successfully.
C:\WINDOWS\tasks\At194.job moved successfully.
C:\WINDOWS\tasks\At195.job moved successfully.
C:\WINDOWS\tasks\At196.job moved successfully.
C:\WINDOWS\tasks\At197.job moved successfully.
C:\WINDOWS\tasks\At198.job moved successfully.
C:\WINDOWS\tasks\At199.job moved successfully.
C:\WINDOWS\tasks\At200.job moved successfully.
C:\WINDOWS\tasks\At201.job moved successfully.
C:\WINDOWS\tasks\At202.job moved successfully.
C:\WINDOWS\tasks\At203.job moved successfully.
C:\WINDOWS\tasks\At204.job moved successfully.
C:\WINDOWS\tasks\At205.job moved successfully.
C:\WINDOWS\tasks\At206.job moved successfully.
C:\WINDOWS\tasks\At207.job moved successfully.
C:\WINDOWS\tasks\At208.job moved successfully.
C:\WINDOWS\tasks\At209.job moved successfully.
C:\WINDOWS\tasks\At210.job moved successfully.
C:\WINDOWS\tasks\At211.job moved successfully.
C:\WINDOWS\tasks\At212.job moved successfully.
C:\WINDOWS\tasks\At213.job moved successfully.
C:\WINDOWS\tasks\At214.job moved successfully.
C:\WINDOWS\tasks\At215.job moved successfully.
C:\WINDOWS\tasks\At216.job moved successfully.
File\Folder C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat not found.
File\Folder C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe not found.
C:\WINDOWS\wcdsfv.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 219983 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 527 bytes

User: Raymond
->Temp folder emptied: 1269170 bytes
->Temporary Internet Files folder emptied: 618940 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 88333578 bytes
->Flash cache emptied: 1843 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 152139 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 459326 bytes

Total Files Cleaned = 87,00 mb

OTL by OldTimer - Version 3.2.9.1 log created on 08202010_140501

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Y5C5E7WB\blackberry-bold-9700[1].mc_id=100001189 not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_630.dat moved successfully.

Registry entries deleted on Reboot...

| Alerter

Répondre à xixi31800

OmaR

20 Août 2010 22:37:21

Hop hop hop, artillerie lourde...

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>[ ! ATTENTION ! ]<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

Ferme tes applications en cours ( ainsi que ton navigateur ) .

DÉSACTIVE TOUTES TES DÉFENSES (anti-virus, garde anti spy-ware, pare-feu) le temps de la manipe.
En effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil (voire planter le PC)...Tu les réactiveras donc après !
> Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...

Tuto (aide) ici : http://www.bleepingcomputer.com/combofix/fr/comment-uti...

Note : pour XP, il est IMPÉRATIF d'installer la Console de Récupération de Windows si l'outil le demande (voir tuto ci-dessus).
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>[ ! ATTENTION ! ]<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

Ensuite :
> Clique droit/ "exécuter en tant qu'admin..." sur l'icône "ComboFix.exe" pour lancer l'outil .
> A la fenêtre "DISCLAIMER..." , clique sur "oui" et laisse travailler ...

Notes importantes :
-> Ne rien faire avec le PC pendant le scan !
-> N'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Si l'outil t'annonce qu'un version plus récente de ComboFix est disponible, accepte la mise à jour.
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisse le faire .
-> Si l'outil t'annonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarrer votre machine", tu acceptes .
-> Si après un reboot éventuel , ton antivirus s'affole lorsque travail encore ComboFix , ignore les alertes ! ( ne supprime rien et ne mets rien en quarantaine )

Le rapport sera crée ici : C:\Combofix.txt

Réactive bien tes défenses une fois la procédure terminée.

> Poste le rapport ComboFix pour analyse et attends la suite ...

Note: je pars en vacances demain matin pour une semaine. Il y a Sham_Rock qui devrait passer sur le topic pour prendre la suite, sinon je reviens dans une semaine.

| Alerter

Répondre à OmaR

xixi31800

21 Août 2010 10:45:22

Bonne vacance à toi !!

ComboFix 10-08-20.01 - Raymond 21/08/2010 12:30:48.3.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1022.665 [GMT 2:00]
Lancé depuis: d:\mes documents\Téléchargements\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081231-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.\documents\settings
c:\documents and settings\All Users\Application Data\k6ByrXld.exe
c:\program files\$NtUninstallWTF1012$
c:\program files\$NtUninstallWTF1012$\elUninstall.exe
c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe
c:\program files\HP\HP Software Update\HPWuSchd2.exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\tomtom\TomTom HOME 2\HOMERunner.exe
c:\windows\Tasks\At1.job
c:\windows\wcdsfv.dll
C:\xcrashdump.dat
d:\xavier\Ipod\Ipodd\iTunesHelper.exe

<pre>

c:\program files\Fichiers communs\InstallShield\UpdateService\issch .exe --->c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe

c:\program files\HP\HP Software Update\HPWuSchd2 .exe --->c:\program files\HP\HP Software Update\HPWuSchd2.exe

c:\program files\QuickTime\qttask                                                                                          .exe --->c:\program files\QuickTime\qttask.exe

c:\tomtom\TomTom HOME 2\HOMERunner .exe --->c:\tomtom\TomTom HOME 2\HOMERunner.exe

</pre>

.
Une copie infectée de c:\windows\system32\drivers\ftdisk.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty had a snack

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-07-21 au 2010-08-21 ))))))))))))))))))))))))))))))))))))
.

2010-08-20 19:44 . 2010-08-20 19:44 -------- d--h--w- c:\windows\msdownld.tmp
2010-08-20 19:42 . 2009-02-20 08:31 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-08-20 19:42 . 2009-02-20 08:31 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2010-08-18 13:08 . 2010-08-20 20:05 -------- d-----w- c:\documents and settings\Raymond\Local Settings\Application Data\Deployment
2010-08-17 11:01 . 2010-08-17 16:06 -------- d-----w- C:\UsbFix
2010-08-17 10:54 . 2010-08-17 15:55 -------- d-----w- c:\program files\Ad-Remover
2010-08-08 17:04 . 2010-08-12 11:12 -------- d-----w- c:\documents and settings\NetworkService\Tracing
2010-08-08 13:19 . 2004-08-03 21:10 38016 -c--a-w- c:\windows\system32\dllcache\bthmodem.sys
2010-08-08 13:19 . 2004-08-03 21:10 38016 ----a-w- c:\windows\system32\drivers\bthmodem.sys
2010-08-06 13:12 . 2010-08-06 13:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Malwarebytes
2010-08-05 07:45 . 2010-08-10 10:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-05 07:45 . 2010-08-05 07:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-08-02 23:12 . 2010-08-02 23:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-08-02 22:23 . 2010-08-02 22:23 -------- d-----w- c:\program files\iPod
2010-08-02 22:22 . 2010-08-02 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-02 22:18 . 2010-08-02 22:18 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2010-08-02 22:13 . 2010-08-02 22:13 -------- d-----w- c:\program files\Apple Software Update
2010-08-02 22:09 . 2010-08-02 22:09 -------- d-----w- c:\program files\Bonjour
2010-08-01 12:46 . 2010-08-19 13:56 -------- d-----w- C:\xavier
2010-08-01 12:10 . 2010-08-01 12:10 69568 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-01 12:01 . 2010-08-01 12:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-08-01 12:01 . 2010-08-20 21:23 -------- d-----w- c:\documents and settings\NetworkService\Application Data\HPAppData
2010-08-01 12:01 . 2010-08-01 12:01 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2010-07-30 16:20 . 2010-07-30 16:20 -------- d-----w- c:\documents and settings\Raymond\Application Data\AVS4YOU
2010-07-30 16:19 . 2010-07-30 20:22 -------- d-----w- c:\program files\Fichiers communs\AVSMedia
2010-07-30 16:18 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-07-30 16:18 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-07-30 16:18 . 2010-08-01 10:35 -------- d-----w- c:\program files\AVS4YOU
2010-07-30 16:18 . 2010-07-30 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-07-30 16:18 . 2008-08-13 09:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-07-28 23:13 . 2010-07-28 23:13 -------- d-----w- c:\documents and settings\Raymond\Local Settings\Application Data\WinAVI
2010-07-28 10:20 . 2010-07-28 10:20 -------- d-----w- c:\documents and settings\Raymond\Application Data\Apowersoft
2010-07-25 16:30 . 2010-07-25 16:33 -------- d-----w- c:\documents and settings\Raymond\Application Data\vlc
2010-07-25 16:29 . 2010-07-25 16:29 -------- d-----w- c:\program files\VideoLAN

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 10:36 . 2007-12-23 09:29 -------- d-----w- c:\program files\QuickTime
2010-08-21 10:23 . 2010-03-10 18:23 -------- d-----w- c:\documents and settings\Raymond\Application Data\HPAppData
2010-08-21 09:55 . 2010-08-20 14:12 112 ----a-w- c:\documents and settings\All Users\Application Data\cn1lW7Ms.dat
2010-08-21 09:51 . 2010-03-03 16:42 -------- d-----w- c:\documents and settings\Raymond\Application Data\LimeWire
2010-08-11 13:43 . 2001-08-28 10:00 71248 ----a-w- c:\windows\system32\perfc00C.dat
2010-08-11 13:43 . 2001-08-28 10:00 458230 ----a-w- c:\windows\system32\perfh00C.dat
2010-08-03 10:54 . 2007-12-23 09:30 -------- d-----w- c:\documents and settings\Raymond\Application Data\Apple Computer
2010-08-02 22:23 . 2007-12-23 09:29 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-08-01 12:52 . 2007-10-17 18:06 -------- d-----w- c:\program files\Google
2010-08-01 10:34 . 2007-10-18 11:29 -------- d-----w- c:\program files\PestPatrol
2010-07-30 21:04 . 2007-10-19 17:15 -------- d-----w- c:\program files\Picasa2
2010-07-25 16:24 . 2007-10-19 18:57 69568 ----a-w- c:\documents and settings\Raymond\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-21 14:30 . 2010-07-21 14:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-06-08 14:51 . 2010-06-08 14:51 40629 ----a-w- c:\windows\system32\xnfiv.exe
2010-05-24 16:31 . 2010-05-24 16:31 40633 ----a-w- c:\windows\system32\ulmkyadd.exe
.

<pre>

c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe

c:\program files\PestPatrol\CookiePatrol .exe

c:\program files\PestPatrol\PPControl .exe

c:\program files\PestPatrol\PPMemCheck .exe

c:\program files\Picasa2\PicasaMediaDetector .exe

c:\program files\Windows Live\Messenger\msnmsgr                 .exe

c:\program files\Windows Live\Messenger\msnmsgr                .exe

c:\program files\Windows Live\Messenger\msnmsgr               .exe

c:\program files\Windows Live\Messenger\msnmsgr              .exe

c:\program files\Windows Live\Messenger\msnmsgr             .exe

c:\program files\Windows Live\Messenger\msnmsgr            .exe

c:\program files\Windows Live\Messenger\msnmsgr           .exe

c:\program files\Windows Live\Messenger\msnmsgr          .exe

c:\program files\Windows Live\Messenger\msnmsgr         .exe

c:\program files\Windows Live\Messenger\msnmsgr        .exe

c:\program files\Windows Live\Messenger\msnmsgr       .exe

c:\program files\Windows Live\Messenger\msnmsgr      .exe

c:\program files\Windows Live\Messenger\msnmsgr     .exe

c:\program files\Windows Live\Messenger\msnmsgr    .exe

c:\program files\Windows Live\Messenger\msnmsgr   .exe

c:\program files\Windows Live\Messenger\msnmsgr  .exe

c:\program files\Windows Live\Messenger\msnmsgr .exe

</pre>

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\tomtom\TomTom HOME 2\HOMERunner.exe" [2008-02-18 206184]
"Kkevapoyowu"="c:\windows\wcdsfv.dll" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 110592]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"iTunesHelper"="d:\xavier\Ipod\Ipodd\iTunesHelper.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2010-07-30 36868]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr .exe" [2009-07-26 3883856]

c:\documents and settings\Raymond\Menu D‚marrer\Programmes\D‚marrage\
LimeWire On Startup.lnk - c:\limewire\LimeWire.exe [2010-2-19 503808]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Raymond^Menu Démarrer^Programmes^Démarrage^Moniteur Fax-Voix.lnk]
path=c:\documents and settings\Raymond\Menu Démarrer\Programmes\Démarrage\Moniteur Fax-Voix.lnk
backup=c:\windows\pss\Moniteur Fax-Voix.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-08-11 12:56 17920 ----a-w- c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-08-11 12:56 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13/04/2008 21:21 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/04/2008 21:21 20560]
S0 Daemon;Daemon;c:\windows\system32\drivers\daemon.sys --> c:\windows\system32\drivers\daemon.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\i:\ntglm7x.sys --> i:\NTGLM7X.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22/05/2008 16:24 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
toyylzvo
.
Contenu du dossier 'Tâches planifiées'

2010-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = localhost
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Raymond\Application Data\Mozilla\Firefox\Profiles\ak387jrk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?
FF - prefs.js: network.proxy.ftp - localhost
FF - prefs.js: network.proxy.gopher - localhost
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: d:\xavier\Ipod\Ipodd\Mozilla Plugins\npitunes.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

AddRemove-$NtUninstallWTF1012$ - c:\program files\$NtUninstallWTF1012$\elUninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-21 12:36
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Heure de fin: 2010-08-21 12:38:40
ComboFix-quarantined-files.txt 2010-08-21 10:38

Avant-CF: 5 003 202 560 octets libres
Après-CF: 5 053 050 880 octets libres

- - End Of File - - 87306FD1B57D306ABD25B969E6426553

| Alerter

Répondre à xixi31800

Sham_Rock

21 Août 2010 21:51:50

Bonsoir
A la demande d'Omar, je termine ta désinfection.

Télécharge le fichier CFScript en cliquant le lien ci-dessous et met-le sur ton bureau.
http://www.sendspace.com/file/p2j6en

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

Combofix se lance, laisse toi guider..

Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

| Alerter

Répondre à Sham_Rock

xixi31800

22 Août 2010 10:29:52

Bonjours, merci de prendre la relève^^

ComboFix 10-08-21.06 - Raymond 22/08/2010 12:15:02.4.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1022.617 [GMT 2:00]
Lancé depuis: d:\mes documents\Téléchargements\ComboFix.exe
Commutateurs utilisés :: d:\mes documents\Téléchargements\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 081231-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\ulmkyadd.exe"
"c:\windows\system32\xnfiv.exe"
"c:\windows\wcdsfv.dll"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\k6ByrXld.exe
c:\documents and settings\Raymond\Favoris\PRONOTE, Logiciel de gestion de vie scolaire..url
c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe
c:\program files\HP\HP Software Update\HPWuSchd2.exe
c:\program files\QuickTime\qttask.exe
c:\tomtom\TomTom HOME 2\HOMERunner.exe
c:\windows\system32\ulmkyadd.exe
c:\windows\system32\xnfiv.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At19.job

<pre>

c:\program files\Fichiers communs\InstallShield\UpdateService\issch .exe --->c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe

c:\program files\HP\HP Software Update\HPWuSchd2 .exe --->c:\program files\HP\HP Software Update\HPWuSchd2.exe

c:\program files\QuickTime\qttask .exe --->c:\program files\QuickTime\qttask.exe

c:\tomtom\TomTom HOME 2\HOMERunner .exe --->c:\tomtom\TomTom HOME 2\HOMERunner.exe

</pre>

.
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-07-22 au 2010-08-22 ))))))))))))))))))))))))))))))))))))
.

2010-08-22 10:09 . 2010-08-22 10:10 -------- d-----w- c:\documents and settings\Raymond\Application Data\OfferBox
2010-08-22 10:09 . 2010-08-22 10:09 -------- d-----w- c:\program files\OfferBox
2010-08-20 19:44 . 2010-08-20 19:44 -------- d--h--w- c:\windows\msdownld.tmp
2010-08-20 19:42 . 2009-02-20 08:31 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-08-20 19:42 . 2009-02-20 08:31 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2010-08-18 13:08 . 2010-08-20 20:05 -------- d-----w- c:\documents and settings\Raymond\Local Settings\Application Data\Deployment
2010-08-17 11:01 . 2010-08-17 16:06 -------- d-----w- C:\UsbFix
2010-08-17 10:54 . 2010-08-17 15:55 -------- d-----w- c:\program files\Ad-Remover
2010-08-08 17:04 . 2010-08-12 11:12 -------- d-----w- c:\documents and settings\NetworkService\Tracing
2010-08-08 13:19 . 2004-08-03 21:10 38016 -c--a-w- c:\windows\system32\dllcache\bthmodem.sys
2010-08-08 13:19 . 2004-08-03 21:10 38016 ----a-w- c:\windows\system32\drivers\bthmodem.sys
2010-08-06 13:12 . 2010-08-06 13:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Malwarebytes
2010-08-05 07:45 . 2010-08-10 10:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-05 07:45 . 2010-08-05 07:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-08-02 23:12 . 2010-08-02 23:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-08-02 22:23 . 2010-08-02 22:23 -------- d-----w- c:\program files\iPod
2010-08-02 22:22 . 2010-08-02 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-02 22:18 . 2010-08-02 22:18 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2010-08-02 22:13 . 2010-08-02 22:13 -------- d-----w- c:\program files\Apple Software Update
2010-08-02 22:09 . 2010-08-02 22:09 -------- d-----w- c:\program files\Bonjour
2010-08-01 12:46 . 2010-08-19 13:56 -------- d-----w- C:\xavier
2010-08-01 12:10 . 2010-08-01 12:10 69568 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-01 12:01 . 2010-08-01 12:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-08-01 12:01 . 2010-08-20 21:23 -------- d-----w- c:\documents and settings\NetworkService\Application Data\HPAppData
2010-08-01 12:01 . 2010-08-01 12:01 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2010-07-30 16:20 . 2010-07-30 16:20 -------- d-----w- c:\documents and settings\Raymond\Application Data\AVS4YOU
2010-07-30 16:19 . 2010-07-30 20:22 -------- d-----w- c:\program files\Fichiers communs\AVSMedia
2010-07-30 16:18 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-07-30 16:18 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-07-30 16:18 . 2010-08-01 10:35 -------- d-----w- c:\program files\AVS4YOU
2010-07-30 16:18 . 2010-07-30 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-07-30 16:18 . 2008-08-13 09:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-07-28 23:13 . 2010-07-28 23:13 -------- d-----w- c:\documents and settings\Raymond\Local Settings\Application Data\WinAVI
2010-07-28 10:20 . 2010-07-28 10:20 -------- d-----w- c:\documents and settings\Raymond\Application Data\Apowersoft
2010-07-25 16:30 . 2010-07-25 16:33 -------- d-----w- c:\documents and settings\Raymond\Application Data\vlc
2010-07-25 16:29 . 2010-07-25 16:29 -------- d-----w- c:\program files\VideoLAN

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-22 10:20 . 2007-12-23 09:29 -------- d-----w- c:\program files\QuickTime
2010-08-22 10:15 . 2007-10-19 17:15 -------- d-----w- c:\program files\Picasa2
2010-08-22 10:15 . 2007-10-18 11:29 -------- d-----w- c:\program files\PestPatrol
2010-08-22 10:06 . 2010-03-10 18:23 -------- d-----w- c:\documents and settings\Raymond\Application Data\HPAppData
2010-08-22 10:04 . 2010-08-20 14:12 112 ----a-w- c:\documents and settings\All Users\Application Data\cn1lW7Ms.dat
2010-08-22 10:00 . 2010-03-03 16:42 -------- d-----w- c:\documents and settings\Raymond\Application Data\LimeWire
2010-08-21 10:50 . 2001-08-28 10:00 71248 ----a-w- c:\windows\system32\perfc00C.dat
2010-08-21 10:50 . 2001-08-28 10:00 458230 ----a-w- c:\windows\system32\perfh00C.dat
2010-08-03 10:54 . 2007-12-23 09:30 -------- d-----w- c:\documents and settings\Raymond\Application Data\Apple Computer
2010-08-02 22:23 . 2007-12-23 09:29 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-08-01 12:52 . 2007-10-17 18:06 -------- d-----w- c:\program files\Google
2010-07-25 16:24 . 2007-10-19 18:57 69568 ----a-w- c:\documents and settings\Raymond\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-21 14:30 . 2010-07-21 14:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-08-21_10.36.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-22 10:00 . 2010-08-22 10:00 16384 c:\windows\Temp\Perflib_Perfdata_64c.dat
+ 2010-08-22 10:00 . 2010-08-22 10:00 16384 c:\windows\Temp\Perflib_Perfdata_54c.dat
+ 2010-04-16 20:12 . 2010-04-16 20:12 48464 c:\windows\system32\sirenacm.dll
+ 2001-08-28 10:00 . 2010-08-21 10:50 58596 c:\windows\system32\perfc009.dat
- 2001-08-28 10:00 . 2010-08-11 13:43 58596 c:\windows\system32\perfc009.dat
+ 2010-08-21 18:24 . 2010-08-21 18:24 22016 c:\windows\Installer\12b6c0.msi
+ 2010-08-21 18:23 . 2010-08-21 18:23 27136 c:\windows\Installer\12b691.msi
+ 2010-08-21 18:23 . 2010-08-21 18:23 58880 c:\windows\Installer\12b673.msi
+ 2010-08-21 18:23 . 2010-08-21 18:23 61272 c:\windows\Installer\{B3B487E7-6171-4376-9074-B28082CEB504}\IconWlc.exe
+ 2010-08-21 18:24 . 2010-08-21 18:24 58945 c:\windows\Installer\{5DD76286-9BE7-4894-A990-E905E91AC818}\wlmail.exe
- 2010-03-07 17:16 . 2010-03-07 17:16 58945 c:\windows\Installer\{5DD76286-9BE7-4894-A990-E905E91AC818}\wlmail.exe
+ 2010-08-21 18:24 . 2010-08-21 18:24 80395 c:\windows\Installer\{445B183D-F4F1-45C8-B9DB-F11355CA657B}\MsblIco.Exe
+ 2010-08-22 10:10 . 2010-08-22 10:10 57344 c:\windows\Installer\{2C8574B5-6935-4FCE-860E-F4E8602378FF}\NewShortcut21_959384787AC44F138BCCCA5B34AD4C4A.exe
+ 2010-08-22 10:10 . 2010-08-22 10:10 57344 c:\windows\Installer\{2C8574B5-6935-4FCE-860E-F4E8602378FF}\NewShortcut16_787B0DAD05DC46CC91305506DB2ABE18.exe
+ 2010-08-22 10:10 . 2010-08-22 10:10 57344 c:\windows\Installer\{2C8574B5-6935-4FCE-860E-F4E8602378FF}\NewShortcut11_9F3781393181404B950072B4018B7795.exe
+ 2010-08-22 10:10 . 2010-08-22 10:10 57344 c:\windows\Installer\{2C8574B5-6935-4FCE-860E-F4E8602378FF}\NewShortcut10_DB289C76EE574969ACAC0FCD904E9997.exe
+ 2010-08-22 10:10 . 2010-08-22 10:10 57344 c:\windows\Installer\{2C8574B5-6935-4FCE-860E-F4E8602378FF}\NewShortcut1_CE5B1499B5E045D19091836D8FA3ACAC.exe
+ 2010-08-22 10:09 . 2010-08-22 10:09 53248 c:\windows\Installer\{2C8574B5-6935-4FCE-860E-F4E8602378FF}\ARPPRODUCTICON.exe
- 2001-08-28 10:00 . 2010-08-11 13:43 392296 c:\windows\system32\perfh009.dat
+ 2001-08-28 10:00 . 2010-08-21 10:50 392296 c:\windows\system32\perfh009.dat
+ 2010-08-21 18:24 . 2010-08-21 18:24 816640 c:\windows\Installer\12b6ef.msi
+ 2010-08-21 18:24 . 2010-08-21 18:24 429056 c:\windows\Installer\12b6b7.msi
+ 2010-08-21 18:23 . 2010-08-21 18:23 149504 c:\windows\Installer\12b684.msi
+ 2010-08-22 10:09 . 2010-08-22 10:09 2193920 c:\windows\Installer\90df3.msi
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}]
2010-07-21 13:05 135000 ----a-w- c:\program files\OfferBox\OfferBoxBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\tomtom\TomTom HOME 2\HOMERunner.exe" [2008-02-18 206184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 110592]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

c:\documents and settings\Raymond\Menu D‚marrer\Programmes\D‚marrage\
LimeWire On Startup.lnk - c:\limewire\LimeWire.exe [2010-2-19 503808]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Raymond^Menu Démarrer^Programmes^Démarrage^Moniteur Fax-Voix.lnk]
path=c:\documents and settings\Raymond\Menu Démarrer\Programmes\Démarrage\Moniteur Fax-Voix.lnk
backup=c:\windows\pss\Moniteur Fax-Voix.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-08-11 12:56 17920 ----a-w- c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-08-11 12:56 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13/04/2008 21:21 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/04/2008 21:21 20560]
S0 Daemon;Daemon;c:\windows\system32\drivers\daemon.sys --> c:\windows\system32\drivers\daemon.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\i:\ntglm7x.sys --> i:\NTGLM7X.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22/05/2008 16:24 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'

2010-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = localhost
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Raymond\Application Data\Mozilla\Firefox\Profiles\ak387jrk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?
FF - prefs.js: network.proxy.ftp - localhost
FF - prefs.js: network.proxy.gopher - localhost
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: d:\xavier\Ipod\Ipodd\Mozilla Plugins\npitunes.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-iTunesHelper - d:\xavier\Ipod\Ipodd\iTunesHelper.exe
HKU-Default-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr .exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-22 12:20
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Heure de fin: 2010-08-22 12:21:50
ComboFix-quarantined-files.txt 2010-08-22 10:21
ComboFix2.txt 2010-08-21 10:38

Avant-CF: 4 767 326 208 octets libres
Après-CF: 4 829 724 672 octets libres

- - End Of File - - A8128C1E07C63B2454CE23A5ECC4CA16

| Alerter

Répondre à xixi31800

Sham_Rock

22 Août 2010 11:25:51

re
Fais un scan en ligne et poste le rapport:
Tutorial ESET Online Scanner:
http://www.bibou0007.com/scans-en-ligne-f75/tutorial-es...

| Alerter

Répondre à Sham_Rock

xixi31800

22 Août 2010 15:25:48

Par contre j'ai eu un petit soucis j'ai pas réussis a trouver le premier log donc j'ai relancé le programme et la voila le log mais y a plus rien comme la première fois j'ai tous supprimé...

EDIT: j'ai remarqué la présence d'un programme search settings qui est en fait un virus mais je n'arrive pas à l'enlever (panneau de configuration ajout/suppression de programmes " search settings" supprimer) avec cette manip j'ai un message d'erreur qui fait que je ne peut pas le supprimer.
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f9e691b5f1d94240bbce51c6ce74d428
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-22 03:01:18
# local_time=2010-08-22 05:01:18 (+0100, Paris, Madrid)
# country="France"
# lang=1036
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 15213421 15213421 0 0
# compatibility_mode=769 16775129 100 96 11304 218776633 51669555 0
# compatibility_mode=8192 67108863 100 0 6719 6719 0 0
# scanned=107320
# found=0
# cleaned=0
# scan_time=4605

| Alerter

Répondre à xixi31800

Sham_Rock

22 Août 2010 20:30:41

re

Citation :

j'ai remarqué la présence d'un programme search settings qui est en fait un virus mais je n'arrive pas à l'enlever (panneau de configuration ajout/suppression de programmes " search settings" supprimer) avec cette manip j'ai un message d'erreur qui fait que je ne peut pas le supprimer.

quel est le message?
pour moi, ce programme n'est plus sur ton pc...

| Alerter

Répondre à Sham_Rock

xixi31800

22 Août 2010 21:04:25

Re bonsoir,
Le message est :
The feature you are trying to use is on a network ressource that is unvailable.

Click ok to try again, or enter an alternate path to a folder containing the installation package " 'SearchSettings.msi' " in the box below.

Use source :
C:\DOCUME~1\Raymond\LOCALS~1\Temp\_is2D3\

La je fait ok puis le mess d'erreur est :

The path "
C:\DOCUME~1\Raymond\LOCALS~1\Temp\_is2D3\searchsettings.msi" cannot be found.

| Alerter

Répondre à xixi31800

Sham_Rock

22 Août 2010 21:25:22

re
c'est bon, c'est propre.

d'autres soucis?

| Alerter

Répondre à Sham_Rock

xixi31800

23 Août 2010 07:05:45

Re, bé si possible j'aimerais bien l'enlever de mon ajout/suppression de programmes si possible ^^
Et sinon à part ça tous marche nikel !! j'ai fait un petit nettoyage avec Spybot aussi il m'a trouvé quelques problèmes mais depuis le nettoyage avec combofix tous marche nikel !!!!

| Alerter

Répondre à xixi31800

Sham_Rock

24 Août 2010 07:36:48

re
vire spybot, il ne trouve rien à part des cookies. (ce sont des fichiers qui s'installent sur ton pc quand tu surfes sur le net)

on va peaufiner:

Télécharge SystemLook à partir d'un des liens ci dessous sur ton Bureau.
Download Mirror:: http://jpshortstuff.247fixes.com/SystemLook.exe
Download Mirror #2:: http://images.malwareremoval.com/jpshortstuff/SystemLoo...

* Double-click SystemLook.exe pour le lancer.
* Clic droit/copier le contenu du cadre ci dessous ,et clic droit/coller dans le cadre blanc de SystemLook:

:filefind
SearchSettings.msi

* Click le bouton Look pour commencer le scan.
* Copie-colle dans ta prochaine réponse le rapport\contenu du fichier texte qui s'affiche

Note: Le rapport peut aussi être trouvé sur ton Bureau nommé SystemLook.txt

| Alerter

Répondre à Sham_Rock

xixi31800

24 Août 2010 09:04:39

Bonjour,

ok mais spybot me bloque aussi les Spams ^^

Voici le rapport :

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 11:00 on 24/08/2010 by Raymond (Administrator - Elevation successful)

========== filefind ==========

Searching for "SearchSettings.msi"
No files found.

-=End Of File=-

Edit :

https://addons.mozilla.org/en-US/firefox/addon/3239/
Est ce que tu peut me dire si ce n'est pas une arnaque et si ça marche vraiment s'il te plaît ?? Je cherche en fait un module pour firefox qui modifie l'adresse IP.

| Alerter

Répondre à xixi31800

Sham_Rock

24 Août 2010 16:46:53

Citation :

Edit :

https://addons.mozilla.org/en-US/firefox/addon/3239/
Est ce que tu peut me dire si ce n'est pas une arnaque et si ça marche vraiment s'il te plaît ?? Je cherche en fait un module pour firefox qui modifie l'adresse IP.

je ne connais pas . et ça me fait bien rigoler ce genre de tools pour modifier ton ip.
si tu commets quelque chose d'illicite, tu crois pas que les "forces de l'ordre" ont les moyens de te loger??? :lol:

~Télécharge CCleaner:

http://www.filehippo.com/download_ccleaner/

~Lors de l'installation décoche: "Ajouter la Barre d'Outils Yahoo! Ccleaner"
Clique sur le bouton nettoyeur, tu fais " lancer le nettoyage "
Clique sur le bouton erreurs, tu fais "chercher les erreurs ", puis "réparer les erreurs".
Tuto de CCleaner: (merci à Malekal) .
http://www.malekal.com/tutorial_CCleaner.html

| Alerter

Répondre à Sham_Rock

xixi31800

24 Août 2010 19:35:14

Non mais ce n'est pas par rapport aux "forces de l'ordre" en fait sur le site Megavideo pour regarder les vidéos non stop il faut payer sinon il y a une limite de temps puis il faut attendre 50 min... pour passer à coter de ça il faudrait changer son IP

Ccleaner je l'ai déjà et j'ai déjà essayer de supprimer la ligne searchsettings mais rien y fait il y est encore et toujours

| Alerter

Répondre à xixi31800

Sham_Rock

25 Août 2010 12:04:10

Citation :

Non mais ce n'est pas par rapport aux "forces de l'ordre" en fait sur le site Megavideo pour regarder les vidéos non stop il faut payer sinon il y a une limite de temps puis il faut attendre 50 min... pour passer à coter de ça il faudrait changer son IP

si tu supprimes tes cookies, ça ne suffit pas?

Citation :

Ccleaner je l'ai déjà et j'ai déjà essayer de supprimer la ligne searchsettings mais rien y fait il y est encore et toujours

il n'y a plus que la ligne, donc ce n'est pas très grave

| Alerter

Répondre à Sham_Rock

xixi31800

25 Août 2010 13:35:10

Je ne sais pas je vais essayer ^^ EDIT : j'ai essayé et ça ne marche pas^^
En tous cas merci à toi et à Omar merci beaucoup !!!

A par contre un petit service un tous dernier

Pour supprimer les programmes que j'ai dû utiliser lors de ma désinfection dans leurs totalités sans qu'ils laissent de traces... Est ce que c'est possible ^^ ??

| Alerter

Répondre à xixi31800

Sham_Rock

26 Août 2010 06:59:47

re
suis ce tuto:
http://www.commentcamarche.net/faq/8341-toolscleaner-su...

Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.

Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

Lire aussi:

Antispyware gratuit : ça sert à rien!

~Edite ton premier message et marque [résolu] dans le titre.
Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.

:hello:

| Alerter

Répondre à Sham_Rock

Tom's guide dans le monde