(resolu) Mon pc est infecte
Dernière réponse : dans Sécurité
bonjour,
hier soir en surfant sur un site banal (de lettre adhesive),anti vir c'est emballe et ma donne 15 alerte de virus j'en ai refusé l'accès!!!!
ce matin en allumant mon pc,j'ai windows xp restore qui ce met en route pour une analyse!!!!(je ne sais même pas ce que c'est)!!!!
j'ai également une page qui s'ouvre pour me dire erreur critique défaillance du disque dur....!!!
depuis je ne peux plus rien faire!!!!!plus rien ne s'affiche sur mon bureau et dans le menu demarrer il n'y a quasi plus rien non plus.....
pouvez vous svp m'aider a sauver mon pc????![:??:]( ":??:")
![:??:]( ":??:")
hier soir en surfant sur un site banal (de lettre adhesive),anti vir c'est emballe et ma donne 15 alerte de virus j'en ai refusé l'accès!!!!
ce matin en allumant mon pc,j'ai windows xp restore qui ce met en route pour une analyse!!!!(je ne sais même pas ce que c'est)!!!!
j'ai également une page qui s'ouvre pour me dire erreur critique défaillance du disque dur....!!!
depuis je ne peux plus rien faire!!!!!plus rien ne s'affiche sur mon bureau et dans le menu demarrer il n'y a quasi plus rien non plus.....
pouvez vous svp m'aider a sauver mon pc????
Autres pages sur : resolu infecte
Lassé par la pub ? Créez un compte
Bonjour,
Tu as choppé un rogue.
Utilise l'option 2 et 6 de RogueKiller et poste les rapports :
http://www.commentcamarche.net/download/telecharger-340...
Tu as choppé un rogue.
Utilise l'option 2 et 6 de RogueKiller et poste les rapports :
http://www.commentcamarche.net/download/telecharger-340...
voici le rapport de l'option 2 :
RogueKiller V5.2.2 [05/06/2011] par Tigzy
contact sur http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueK...
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: SANDRA [Droits d'admin]
Mode: Suppression -- Date : 09/06/2011 14:59:44
Processus malicieux: 2
[SUSP PATH] SkMtEGuPVoS.exe -- c:\documents and settings\all users\application data\skmtegupvos.exe -> KILLED
[ROGUE ST] 17489700.exe -- c:\documents and settings\all users\application data\17489700.exe -> KILLED
Entrees de registre: 8
[SUSP PATH] HKCU\[...]\Run : SkMtEGuPVoS (C:\Documents and Settings\All Users\Application Data\SkMtEGuPVoS.exe) -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> DELETED
[HJPOL] HKCU\[...]\Explorer : NoDesktop (1) -> DELETED
[HJ] HKCU\[...]\ActiveDesktop : NoChangingWallPaper (1) -> REPLACED (0)
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (C:\Documents and Settings\SANDRA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
Fichier HOSTS:
127.0.0.1 localhost
Termine : << RKreport[1].txt >>
RKreport[1].txt
RogueKiller V5.2.2 [05/06/2011] par Tigzy
contact sur http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueK...
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: SANDRA [Droits d'admin]
Mode: Suppression -- Date : 09/06/2011 14:59:44
Processus malicieux: 2
[SUSP PATH] SkMtEGuPVoS.exe -- c:\documents and settings\all users\application data\skmtegupvos.exe -> KILLED
[ROGUE ST] 17489700.exe -- c:\documents and settings\all users\application data\17489700.exe -> KILLED
Entrees de registre: 8
[SUSP PATH] HKCU\[...]\Run : SkMtEGuPVoS (C:\Documents and Settings\All Users\Application Data\SkMtEGuPVoS.exe) -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> DELETED
[HJPOL] HKCU\[...]\Explorer : NoDesktop (1) -> DELETED
[HJ] HKCU\[...]\ActiveDesktop : NoChangingWallPaper (1) -> REPLACED (0)
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (C:\Documents and Settings\SANDRA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
Fichier HOSTS:
127.0.0.1 localhost
Termine : << RKreport[1].txt >>
RKreport[1].txt
et enfin le rapport de l option 6 :
RogueKiller V5.2.2 [05/06/2011] par Tigzy
contact sur http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueK...
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: SANDRA [Droits d'admin]
Mode: Raccourcis RAZ -- Date : 09/06/2011 15:13:30
Processus malicieux: 0
Attributs de fichiers restaures:
Bureau: Success 92 / Fail 0
Lancement rapide: Success 11 / Fail 0
Programmes: Success 39389 / Fail 0
Menu demarrer: Success 283 / Fail 0
Dossier utilisateur: Success 13918 / Fail 0
Mes documents: Success 10505 / Fail 0
Mes favoris: Success 36 / Fail 0
Mes images: Success 0 / Fail 0
Ma musique: Success 0 / Fail 0
Mes videos: Success 0 / Fail 0
Disques locaux: Success 49898 / Fail 0
Sauvegarde: [FOUND] Success 213 / Fail 0
Lecteurs:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[G:] \Device\Harddisk1\DP(1)0-0+8 -- 0x2 --> Restored
[H:] \Device\Harddisk2\DP(1)0-0+9 -- 0x2 --> Restored
[I:] \Device\Harddisk3\DP(1)0-0+a -- 0x2 --> Restored
[J:] \Device\Harddisk4\DP(1)0-0+b -- 0x2 --> Restored
Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
RogueKiller V5.2.2 [05/06/2011] par Tigzy
contact sur http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueK...
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: SANDRA [Droits d'admin]
Mode: Raccourcis RAZ -- Date : 09/06/2011 15:13:30
Processus malicieux: 0
Attributs de fichiers restaures:
Bureau: Success 92 / Fail 0
Lancement rapide: Success 11 / Fail 0
Programmes: Success 39389 / Fail 0
Menu demarrer: Success 283 / Fail 0
Dossier utilisateur: Success 13918 / Fail 0
Mes documents: Success 10505 / Fail 0
Mes favoris: Success 36 / Fail 0
Mes images: Success 0 / Fail 0
Ma musique: Success 0 / Fail 0
Mes videos: Success 0 / Fail 0
Disques locaux: Success 49898 / Fail 0
Sauvegarde: [FOUND] Success 213 / Fail 0
Lecteurs:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[G:] \Device\Harddisk1\DP(1)0-0+8 -- 0x2 --> Restored
[H:] \Device\Harddisk2\DP(1)0-0+9 -- 0x2 --> Restored
[I:] \Device\Harddisk3\DP(1)0-0+a -- 0x2 --> Restored
[J:] \Device\Harddisk4\DP(1)0-0+b -- 0x2 --> Restored
Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Ok, suis la procédure suivante avec Malwarebytes' Anti-Malware et poste le rapport :
http://www.malekal.com/2010/11/12/tutorial-malwarebyte-...
http://www.malekal.com/2010/11/12/tutorial-malwarebyte-...
bonsoir,voici mon rapport....affolant le nombre d'infection.... ![:??:]( ":??:")
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Version de la base de données: 6819
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
09/06/2011 20:56:14
mbam-log-2011-06-09 (20-56-14).txt
Type d'examen: Examen complet (C:\|D:\|E:\|G:\|H:\|I:\|J:\|)
Elément(s) analysé(s): 305847
Temps écoulé: 3 heure(s), 2 minute(s), 15 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 32
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.search-web.net) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://www.search-web.net) Good: (http://www.google.com) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\documents and settings\all users\application data\17489700.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\skmtegupvos.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\SANDRA\Bureau\rk_quarantine\17489700.exe.vir (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\SANDRA\Bureau\rk_quarantine\skmtegupvos.exe.vir (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\SANDRA\local settings\temp\83.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\SANDRA\local settings\temp\84.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\ldr4c24.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\ldr5733.tmp (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\temp\F6D9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\1453E8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\2143E8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\2D82.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\2EC9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\3295.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\4732.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\4977.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\52F2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\532C.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\6967.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\6E09.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\7819.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\79CC.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\85F0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\89B1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\9EEA.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\A11.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\B64B.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\B872.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\C01E.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\C81B.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\C9E2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\CD69.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Version de la base de données: 6819
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
09/06/2011 20:56:14
mbam-log-2011-06-09 (20-56-14).txt
Type d'examen: Examen complet (C:\|D:\|E:\|G:\|H:\|I:\|J:\|)
Elément(s) analysé(s): 305847
Temps écoulé: 3 heure(s), 2 minute(s), 15 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 32
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.search-web.net) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://www.search-web.net) Good: (http://www.google.com) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\documents and settings\all users\application data\17489700.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\skmtegupvos.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\SANDRA\Bureau\rk_quarantine\17489700.exe.vir (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\SANDRA\Bureau\rk_quarantine\skmtegupvos.exe.vir (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\SANDRA\local settings\temp\83.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\SANDRA\local settings\temp\84.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\ldr4c24.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\ldr5733.tmp (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\temp\F6D9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\1453E8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\2143E8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\2D82.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\2EC9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\3295.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\4732.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\4977.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\52F2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\532C.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\6967.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\6E09.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\7819.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\79CC.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\85F0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\89B1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\9EEA.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\A11.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\B64B.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\B872.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\C01E.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\C81B.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\C9E2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\CD69.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Et oui ![:D]( ":D")
Relance Malwarebytes' Anti-Malware, va dans Quarantaine et supprime tout.
On va vérifier que c'est OK :
Télécharge OTL (par OldTimer) sur ton Bureau.
Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.
Coche également les cases à côté de Recherche Lop et Recherche Purity.
Enfin, clique sur le bouton Analyse. Le scan ne prend pas beaucoup de temps.
Une fois l'analyse terminée, deux fenêtres Bloc-notes vont s'ouvrir : OTL.txt et Extras.txt. Ils se trouvent au même endroit qu'OTL.
Pour me transmettre les rapports :
Clique sur ce lien : http://www.cijoint.fr/
Clique sur Parcourir... et cherche le fichier du rapport que tu souhaites me transmettre.
Clique sur Ouvrir.
Clique sur Cliquez ici pour déposer le fichier.
Un lien de cette forme, hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt, est ajouté dans la page.
Copie-colle ce lien dans ta réponse.
On va vérifier que c'est OK :
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
Pour me transmettre les rapports :
bonjour,
voici le lien pour OTL.Txt
http://www.cijoint.fr/cjlink.php?file=cj201106/cijusASG...
par contre je n'ai pas eu de rapport Extras.txt qui c'est ouvert????
voici le lien pour OTL.Txt
http://www.cijoint.fr/cjlink.php?file=cj201106/cijusASG...
par contre je n'ai pas eu de rapport Extras.txt qui c'est ouvert????
Il y a encore des traces d'infections.
Utilise l'option "Scanner" d'Ad-Remover et poste le rapport :
http://www.teamxscript.org/adremoverTelechargement.html
http://www.teamxscript.org/adremoverTelechargement.html
bonjour, voici mon rapport :
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 17:23:34 le 11/06/2011, Mode normal
Microsoft Windows XP Édition familiale Service Pack 3 (X86)
SANDRA@LELIAN ( )
============== RECHERCHE ==============
Dossier trouvé: C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default\conduit
Dossier trouvé: C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default\ConduitEngine
Dossier trouvé: C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default\extensions\engine@conduit.com
Fichier trouvé: C:\Documents and Settings\SANDRA\scriptjava.html
Dossier trouvé: C:\Program Files\GamesBar
-- Fichier ouvert: C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default\Prefs.js --
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/FR", "\"0\"")...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20...
Ligne trouvée: user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Ligne trouvée: user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Ligne trouvée: user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Ligne trouvée: user_pref("CommunityToolbar.IsEngineShown", true);
Ligne trouvée: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine");
Ligne trouvée: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed May 25 2011 17:16:40 GMT+02...
Ligne trouvée: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Ligne trouvée: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jun 09 2011 14:09:46 GMT+0200");
Ligne trouvée: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Ligne trouvée: user_pref("CommunityToolbar.alert.locale", "en");
Ligne trouvée: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Ligne trouvée: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 11 2011 17:10:13 GMT+0200");
Ligne trouvée: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Ligne trouvée: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Ligne trouvée: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Ligne trouvée: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Ligne trouvée: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Ligne trouvée: user_pref("CommunityToolbar.alert.userId", "0ab812d2-9460-4b4f-8dfa-75fe80f1881e");
Ligne trouvée: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Ligne trouvée: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Ligne trouvée: user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jun 09 2011 14:10:50 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.CTID", "ConduitEngine");
Ligne trouvée: user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Jun 11 2011 16:35:36 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.FirstServerDate", "05/25/2011 18");
Ligne trouvée: user_pref("ConduitEngine.FirstTime", true);
Ligne trouvée: user_pref("ConduitEngine.FirstTimeFF3", true);
Ligne trouvée: user_pref("ConduitEngine.HasUserGlobalKeys", true);
Ligne trouvée: user_pref("ConduitEngine.Initialize", true);
Ligne trouvée: user_pref("ConduitEngine.InitializeCommonPrefs", true);
Ligne trouvée: user_pref("ConduitEngine.InstalledDate", "Wed May 25 2011 17:16:41 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.IsMulticommunity", false);
Ligne trouvée: user_pref("ConduitEngine.IsOpenThankYouPage", false);
Ligne trouvée: user_pref("ConduitEngine.IsOpenUninstallPage", true);
Ligne trouvée: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Jun 11 2011 17:10:17 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Jun 11 2011 17:09:17 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Ligne trouvée: user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Jun 11 2011 17:09:17 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.UserID", "UN93707602833734585");
Ligne trouvée: user_pref("ConduitEngine.componentAlertEnabled", false);
Ligne trouvée: user_pref("ConduitEngine.engineLocale", "fr");
Ligne trouvée: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Jun 11 2011 17:10:17 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Jun 11 2011 14:49:09 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.initDone", true);
Ligne trouvée: user_pref("ConduitEngine.isAppTrackingManagerOn", true);
-- Fichier Fermé --
Clé trouvée: HKLM\Software\GamesBarSetup
============== SCAN ADDITIONNEL ==============
**** Mozilla Firefox Version [4.0.1 (fr)] ****
HKLM_MozillaPlugins\@oberon-media.com/ONCAdapter (x)
HKLM_MozillaPlugins\@zylom.com/ZylomGamesPlayer (x)
Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)
-- C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default --
Extensions\engine@conduit.com (Conduit Engine )
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} (HP Detect)
Extensions\{fcbf663e-8530-46f8-a880-ac5abe9d2b23} (mobilewitch Community Toolbar)
Searchplugins\search-the-web.xml (?)
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\SANDRA\\Bureau
Prefs.js - browser.search.defaultenginename, Google
Prefs.js - browser.startup.homepage, hxxp://www.google.fr/
Prefs.js - browser.startup.homepage_override.buildID, 20110413222027
Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1
Prefs.js - keyword.URL, hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=61101&p=
========================================
**** Internet Explorer Version [7.0.5730.11] ****
Plugins\NPWMin32.dll (SYNERSOFT)
HKCU_Main|Default_Page_URL - hxxp://www.search-web.net
HKCU_Main|Default_Search_URL - hxxp://www.search-web.net/keyword/
HKCU_Main|First Home Page - hxxp://go.microsoft.com/fwlink/?LinkId=54843
HKCU_Main|SearchMigratedDefaultURL - hxxp://search-web.net/results.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A5...
HKCU_Main|Search bar - hxxp://www.search-web.net
HKCU_Main|Search Page - hxxp://www.search-web.net
HKCU_Main|Start Page - hxxp://www.search-web.net
HKLM_Main|Default_Page_URL - hxxp://www.google.com
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.google.com
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{08C06D61-F1F3-4799-86F8-BE1A89362C85} - "Search Class" (C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll)
HKCU_SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193} - "search-web.net" (hxxp://search-web.net/results.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&...)
HKCU_Toolbar\ShellBrowser|{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} (C:\WINDOWS\system32\eDStoolbar.dll)
HKCU_Toolbar\ShellBrowser|{C4069E3A-68F1-403E-B40E-20066696354B} (x)
HKCU_Toolbar\WebBrowser|{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} (x)
HKCU_Toolbar\WebBrowser|{D3028143-6145-4318-99D3-3EDCE54A95A9} (x)
HKLM_Toolbar|{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} (C:\WINDOWS\system32\eDStoolbar.dll)
HKLM_ElevationPolicy\{6A4E5109-F35C-469e-BEBC-A9241C14D8B3} - C:\Program Files\Hp\Common\iPAQDetection2.exe (?)
HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files\Fichiers communs\Oberon Media\OberonBroker\1.0.0.76\OberonBroker.exe (x)
HKCU_Extensions\{1462651F-F4BA-4C76-A001-C4284D0FE16E} - "Orange" (C:\PROGRA~1\Wanadoo\Audience\Icones\Orange.ico)
HKLM_Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66} - "?" (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - "Google Dictionary Compression sdch" (C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll) (x)
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)
C:\Ad-Report-SCAN[1].txt - 11/06/2011 17:23:47 (7059 Octet(s))
Fin à: 17:24:52, 11/06/2011
============== E.O.F ==============
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 17:23:34 le 11/06/2011, Mode normal
Microsoft Windows XP Édition familiale Service Pack 3 (X86)
SANDRA@LELIAN ( )
============== RECHERCHE ==============
Dossier trouvé: C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default\conduit
Dossier trouvé: C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default\ConduitEngine
Dossier trouvé: C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default\extensions\engine@conduit.com
Fichier trouvé: C:\Documents and Settings\SANDRA\scriptjava.html
Dossier trouvé: C:\Program Files\GamesBar
-- Fichier ouvert: C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default\Prefs.js --
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/FR", "\"0\"")...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20...
Ligne trouvée: user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Ligne trouvée: user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Ligne trouvée: user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Ligne trouvée: user_pref("CommunityToolbar.IsEngineShown", true);
Ligne trouvée: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine");
Ligne trouvée: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed May 25 2011 17:16:40 GMT+02...
Ligne trouvée: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Ligne trouvée: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jun 09 2011 14:09:46 GMT+0200");
Ligne trouvée: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Ligne trouvée: user_pref("CommunityToolbar.alert.locale", "en");
Ligne trouvée: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Ligne trouvée: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 11 2011 17:10:13 GMT+0200");
Ligne trouvée: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Ligne trouvée: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Ligne trouvée: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Ligne trouvée: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Ligne trouvée: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Ligne trouvée: user_pref("CommunityToolbar.alert.userId", "0ab812d2-9460-4b4f-8dfa-75fe80f1881e");
Ligne trouvée: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Ligne trouvée: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Ligne trouvée: user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jun 09 2011 14:10:50 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.CTID", "ConduitEngine");
Ligne trouvée: user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Jun 11 2011 16:35:36 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.FirstServerDate", "05/25/2011 18");
Ligne trouvée: user_pref("ConduitEngine.FirstTime", true);
Ligne trouvée: user_pref("ConduitEngine.FirstTimeFF3", true);
Ligne trouvée: user_pref("ConduitEngine.HasUserGlobalKeys", true);
Ligne trouvée: user_pref("ConduitEngine.Initialize", true);
Ligne trouvée: user_pref("ConduitEngine.InitializeCommonPrefs", true);
Ligne trouvée: user_pref("ConduitEngine.InstalledDate", "Wed May 25 2011 17:16:41 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.IsMulticommunity", false);
Ligne trouvée: user_pref("ConduitEngine.IsOpenThankYouPage", false);
Ligne trouvée: user_pref("ConduitEngine.IsOpenUninstallPage", true);
Ligne trouvée: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Jun 11 2011 17:10:17 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Jun 11 2011 17:09:17 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Ligne trouvée: user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Jun 11 2011 17:09:17 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.UserID", "UN93707602833734585");
Ligne trouvée: user_pref("ConduitEngine.componentAlertEnabled", false);
Ligne trouvée: user_pref("ConduitEngine.engineLocale", "fr");
Ligne trouvée: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Jun 11 2011 17:10:17 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Jun 11 2011 14:49:09 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.initDone", true);
Ligne trouvée: user_pref("ConduitEngine.isAppTrackingManagerOn", true);
-- Fichier Fermé --
Clé trouvée: HKLM\Software\GamesBarSetup
============== SCAN ADDITIONNEL ==============
**** Mozilla Firefox Version [4.0.1 (fr)] ****
HKLM_MozillaPlugins\@oberon-media.com/ONCAdapter (x)
HKLM_MozillaPlugins\@zylom.com/ZylomGamesPlayer (x)
Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)
-- C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default --
Extensions\engine@conduit.com (Conduit Engine )
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} (HP Detect)
Extensions\{fcbf663e-8530-46f8-a880-ac5abe9d2b23} (mobilewitch Community Toolbar)
Searchplugins\search-the-web.xml (?)
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\SANDRA\\Bureau
Prefs.js - browser.search.defaultenginename, Google
Prefs.js - browser.startup.homepage, hxxp://www.google.fr/
Prefs.js - browser.startup.homepage_override.buildID, 20110413222027
Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1
Prefs.js - keyword.URL, hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=61101&p=
========================================
**** Internet Explorer Version [7.0.5730.11] ****
Plugins\NPWMin32.dll (SYNERSOFT)
HKCU_Main|Default_Page_URL - hxxp://www.search-web.net
HKCU_Main|Default_Search_URL - hxxp://www.search-web.net/keyword/
HKCU_Main|First Home Page - hxxp://go.microsoft.com/fwlink/?LinkId=54843
HKCU_Main|SearchMigratedDefaultURL - hxxp://search-web.net/results.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A5...
HKCU_Main|Search bar - hxxp://www.search-web.net
HKCU_Main|Search Page - hxxp://www.search-web.net
HKCU_Main|Start Page - hxxp://www.search-web.net
HKLM_Main|Default_Page_URL - hxxp://www.google.com
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.google.com
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{08C06D61-F1F3-4799-86F8-BE1A89362C85} - "Search Class" (C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll)
HKCU_SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193} - "search-web.net" (hxxp://search-web.net/results.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&...)
HKCU_Toolbar\ShellBrowser|{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} (C:\WINDOWS\system32\eDStoolbar.dll)
HKCU_Toolbar\ShellBrowser|{C4069E3A-68F1-403E-B40E-20066696354B} (x)
HKCU_Toolbar\WebBrowser|{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} (x)
HKCU_Toolbar\WebBrowser|{D3028143-6145-4318-99D3-3EDCE54A95A9} (x)
HKLM_Toolbar|{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} (C:\WINDOWS\system32\eDStoolbar.dll)
HKLM_ElevationPolicy\{6A4E5109-F35C-469e-BEBC-A9241C14D8B3} - C:\Program Files\Hp\Common\iPAQDetection2.exe (?)
HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files\Fichiers communs\Oberon Media\OberonBroker\1.0.0.76\OberonBroker.exe (x)
HKCU_Extensions\{1462651F-F4BA-4C76-A001-C4284D0FE16E} - "Orange" (C:\PROGRA~1\Wanadoo\Audience\Icones\Orange.ico)
HKLM_Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66} - "?" (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - "Google Dictionary Compression sdch" (C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll) (x)
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)
C:\Ad-Report-SCAN[1].txt - 11/06/2011 17:23:47 (7059 Octet(s))
Fin à: 17:24:52, 11/06/2011
============== E.O.F ==============
voici le rapport :
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 17:54:04 le 11/06/2011, Mode normal
Microsoft Windows XP Édition familiale Service Pack 3 (X86)
SANDRA@LELIAN ( )
============== ACTION(S) ==============
Erreur suppression dossier: C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default\conduit
Dossier supprimé: C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default\ConduitEngine
Dossier supprimé: C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default\extensions\engine@conduit.com
Fichier supprimé: C:\Documents and Settings\SANDRA\scriptjava.html
Dossier supprimé: C:\Program Files\GamesBar
(!) -- Fichiers temporaires supprimés.
-- Fichier ouvert: C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default\Prefs.js --
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/FR", "\"0\"")...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20...
Ligne supprimée: user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Ligne supprimée: user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Ligne supprimée: user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Ligne supprimée: user_pref("CommunityToolbar.IsEngineShown", true);
Ligne supprimée: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Ligne supprimée: user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine");
Ligne supprimée: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed May 25 2011 17:16:40 GMT+02...
Ligne supprimée: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Ligne supprimée: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jun 09 2011 14:09:46 GMT+0200");
Ligne supprimée: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Ligne supprimée: user_pref("CommunityToolbar.alert.locale", "en");
Ligne supprimée: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Ligne supprimée: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 11 2011 17:10:13 GMT+0200");
Ligne supprimée: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Ligne supprimée: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Ligne supprimée: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Ligne supprimée: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Ligne supprimée: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Ligne supprimée: user_pref("CommunityToolbar.alert.userId", "0ab812d2-9460-4b4f-8dfa-75fe80f1881e");
Ligne supprimée: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Ligne supprimée: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Ligne supprimée: user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jun 09 2011 14:10:50 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.CTID", "ConduitEngine");
Ligne supprimée: user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Jun 11 2011 16:35:36 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.FirstServerDate", "05/25/2011 18");
Ligne supprimée: user_pref("ConduitEngine.FirstTime", true);
Ligne supprimée: user_pref("ConduitEngine.FirstTimeFF3", true);
Ligne supprimée: user_pref("ConduitEngine.HasUserGlobalKeys", true);
Ligne supprimée: user_pref("ConduitEngine.Initialize", true);
Ligne supprimée: user_pref("ConduitEngine.InitializeCommonPrefs", true);
Ligne supprimée: user_pref("ConduitEngine.InstalledDate", "Wed May 25 2011 17:16:41 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.IsMulticommunity", false);
Ligne supprimée: user_pref("ConduitEngine.IsOpenThankYouPage", false);
Ligne supprimée: user_pref("ConduitEngine.IsOpenUninstallPage", true);
Ligne supprimée: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Jun 11 2011 17:10:17 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Jun 11 2011 17:09:17 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Ligne supprimée: user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Jun 11 2011 17:09:17 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.UserID", "UN93707602833734585");
Ligne supprimée: user_pref("ConduitEngine.componentAlertEnabled", false);
Ligne supprimée: user_pref("ConduitEngine.engineLocale", "fr");
Ligne supprimée: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Jun 11 2011 17:10:17 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Jun 11 2011 14:49:09 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.initDone", true);
Ligne supprimée: user_pref("ConduitEngine.isAppTrackingManagerOn", true);
-- Fichier Fermé --
Clé supprimée: HKLM\Software\GamesBarSetup
============== SCAN ADDITIONNEL ==============
**** Mozilla Firefox Version [4.0.1 (fr)] ****
HKLM_MozillaPlugins\@oberon-media.com/ONCAdapter (x)
HKLM_MozillaPlugins\@zylom.com/ZylomGamesPlayer (x)
Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)
-- C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default --
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} (HP Detect)
Extensions\{fcbf663e-8530-46f8-a880-ac5abe9d2b23} (mobilewitch Community Toolbar)
Searchplugins\search-the-web.xml (?)
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\SANDRA\\Bureau
Prefs.js - browser.search.defaultenginename, Google
Prefs.js - browser.startup.homepage, hxxp://www.google.fr/
Prefs.js - browser.startup.homepage_override.buildID, 20110413222027
Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1
Prefs.js - keyword.URL, hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=61101&p=
========================================
**** Internet Explorer Version [7.0.5730.11] ****
Plugins\NPWMin32.dll (SYNERSOFT)
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{08C06D61-F1F3-4799-86F8-BE1A89362C85} - "Search Class" (C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll)
HKCU_SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193} - "search-web.net" (hxxp://search-web.net/results.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&...)
HKCU_Toolbar\ShellBrowser|{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} (C:\WINDOWS\system32\eDStoolbar.dll)
HKCU_Toolbar\ShellBrowser|{C4069E3A-68F1-403E-B40E-20066696354B} (x)
HKCU_Toolbar\WebBrowser|{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} (x)
HKCU_Toolbar\WebBrowser|{D3028143-6145-4318-99D3-3EDCE54A95A9} (x)
HKLM_Toolbar|{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} (C:\WINDOWS\system32\eDStoolbar.dll)
HKLM_ElevationPolicy\{6A4E5109-F35C-469e-BEBC-A9241C14D8B3} - C:\Program Files\Hp\Common\iPAQDetection2.exe (?)
HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files\Fichiers communs\Oberon Media\OberonBroker\1.0.0.76\OberonBroker.exe (x)
HKCU_Extensions\{1462651F-F4BA-4C76-A001-C4284D0FE16E} - "Orange" (C:\PROGRA~1\Wanadoo\Audience\Icones\Orange.ico)
HKLM_Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66} - "?" (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - "Google Dictionary Compression sdch" (C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll) (x)
========================================
C:\Program Files\Ad-Remover\Quarantine: 100 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 11/06/2011 17:54:20 (8567 Octet(s))
C:\Ad-Report-SCAN[1].txt - 11/06/2011 17:23:47 (9750 Octet(s))
Fin à: 17:56:18, 11/06/2011
============== E.O.F ==============
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 17:54:04 le 11/06/2011, Mode normal
Microsoft Windows XP Édition familiale Service Pack 3 (X86)
SANDRA@LELIAN ( )
============== ACTION(S) ==============
Erreur suppression dossier: C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default\conduit
Dossier supprimé: C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default\ConduitEngine
Dossier supprimé: C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default\extensions\engine@conduit.com
Fichier supprimé: C:\Documents and Settings\SANDRA\scriptjava.html
Dossier supprimé: C:\Program Files\GamesBar
(!) -- Fichiers temporaires supprimés.
-- Fichier ouvert: C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default\Prefs.js --
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/FR", "\"0\"")...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20...
Ligne supprimée: user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Ligne supprimée: user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Ligne supprimée: user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Ligne supprimée: user_pref("CommunityToolbar.IsEngineShown", true);
Ligne supprimée: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Ligne supprimée: user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine");
Ligne supprimée: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed May 25 2011 17:16:40 GMT+02...
Ligne supprimée: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Ligne supprimée: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jun 09 2011 14:09:46 GMT+0200");
Ligne supprimée: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Ligne supprimée: user_pref("CommunityToolbar.alert.locale", "en");
Ligne supprimée: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Ligne supprimée: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 11 2011 17:10:13 GMT+0200");
Ligne supprimée: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Ligne supprimée: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Ligne supprimée: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Ligne supprimée: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Ligne supprimée: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Ligne supprimée: user_pref("CommunityToolbar.alert.userId", "0ab812d2-9460-4b4f-8dfa-75fe80f1881e");
Ligne supprimée: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Ligne supprimée: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Ligne supprimée: user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jun 09 2011 14:10:50 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.CTID", "ConduitEngine");
Ligne supprimée: user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Jun 11 2011 16:35:36 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.FirstServerDate", "05/25/2011 18");
Ligne supprimée: user_pref("ConduitEngine.FirstTime", true);
Ligne supprimée: user_pref("ConduitEngine.FirstTimeFF3", true);
Ligne supprimée: user_pref("ConduitEngine.HasUserGlobalKeys", true);
Ligne supprimée: user_pref("ConduitEngine.Initialize", true);
Ligne supprimée: user_pref("ConduitEngine.InitializeCommonPrefs", true);
Ligne supprimée: user_pref("ConduitEngine.InstalledDate", "Wed May 25 2011 17:16:41 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.IsMulticommunity", false);
Ligne supprimée: user_pref("ConduitEngine.IsOpenThankYouPage", false);
Ligne supprimée: user_pref("ConduitEngine.IsOpenUninstallPage", true);
Ligne supprimée: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Jun 11 2011 17:10:17 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Jun 11 2011 17:09:17 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Ligne supprimée: user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Jun 11 2011 17:09:17 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.UserID", "UN93707602833734585");
Ligne supprimée: user_pref("ConduitEngine.componentAlertEnabled", false);
Ligne supprimée: user_pref("ConduitEngine.engineLocale", "fr");
Ligne supprimée: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Jun 11 2011 17:10:17 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Jun 11 2011 14:49:09 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.initDone", true);
Ligne supprimée: user_pref("ConduitEngine.isAppTrackingManagerOn", true);
-- Fichier Fermé --
Clé supprimée: HKLM\Software\GamesBarSetup
============== SCAN ADDITIONNEL ==============
**** Mozilla Firefox Version [4.0.1 (fr)] ****
HKLM_MozillaPlugins\@oberon-media.com/ONCAdapter (x)
HKLM_MozillaPlugins\@zylom.com/ZylomGamesPlayer (x)
Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)
-- C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default --
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} (HP Detect)
Extensions\{fcbf663e-8530-46f8-a880-ac5abe9d2b23} (mobilewitch Community Toolbar)
Searchplugins\search-the-web.xml (?)
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\SANDRA\\Bureau
Prefs.js - browser.search.defaultenginename, Google
Prefs.js - browser.startup.homepage, hxxp://www.google.fr/
Prefs.js - browser.startup.homepage_override.buildID, 20110413222027
Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1
Prefs.js - keyword.URL, hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=61101&p=
========================================
**** Internet Explorer Version [7.0.5730.11] ****
Plugins\NPWMin32.dll (SYNERSOFT)
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{08C06D61-F1F3-4799-86F8-BE1A89362C85} - "Search Class" (C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll)
HKCU_SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193} - "search-web.net" (hxxp://search-web.net/results.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&...)
HKCU_Toolbar\ShellBrowser|{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} (C:\WINDOWS\system32\eDStoolbar.dll)
HKCU_Toolbar\ShellBrowser|{C4069E3A-68F1-403E-B40E-20066696354B} (x)
HKCU_Toolbar\WebBrowser|{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} (x)
HKCU_Toolbar\WebBrowser|{D3028143-6145-4318-99D3-3EDCE54A95A9} (x)
HKLM_Toolbar|{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} (C:\WINDOWS\system32\eDStoolbar.dll)
HKLM_ElevationPolicy\{6A4E5109-F35C-469e-BEBC-A9241C14D8B3} - C:\Program Files\Hp\Common\iPAQDetection2.exe (?)
HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files\Fichiers communs\Oberon Media\OberonBroker\1.0.0.76\OberonBroker.exe (x)
HKCU_Extensions\{1462651F-F4BA-4C76-A001-C4284D0FE16E} - "Orange" (C:\PROGRA~1\Wanadoo\Audience\Icones\Orange.ico)
HKLM_Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66} - "?" (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - "Google Dictionary Compression sdch" (C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll) (x)
========================================
C:\Program Files\Ad-Remover\Quarantine: 100 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 11/06/2011 17:54:20 (8567 Octet(s))
C:\Ad-Report-SCAN[1].txt - 11/06/2011 17:23:47 (9750 Octet(s))
Fin à: 17:56:18, 11/06/2011
============== E.O.F ==============
bonjour, mon PC va bien tout est redevenu normal......par contre je ne trouve plus "document and setting dans mon disque dur???
voici le rapport OTL
OTL logfile created on: 14/06/2011 14:26:24 - Run 5
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\SANDRA\Mes documents\Téléchargements
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
447,48 Mb Total Physical Memory | 73,67 Mb Available Physical Memory | 16,46% Memory free
1,13 Gb Paging File | 0,51 Gb Available in Paging File | 45,50% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71,84 Gb Total Space | 31,77 Gb Free Space | 44,23% Space Free | Partition Type: NTFS
Drive D: | 72,31 Gb Total Space | 72,30 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
Computer Name: LELIAN | User Name: SANDRA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\SANDRA\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\Program Files\orange\Systray\SystrayApp.exe (France Telecom SA)
PRC - C:\Program Files\Fichiers communs\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe (France Telecom SA)
PRC - C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe (France Telecom SA)
PRC - C:\Program Files\Acer\Acer eMode Management\AspireService.exe (Acer Inc.)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.)
PRC - C:\WINDOWS\system32\SysMonitor.exe ( )
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
PRC - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe (X-Micro Technology Corp.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\SANDRA\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\sysenv.dll (HiTRUST)
MOD - C:\WINDOWS\system32\MSNChatHook.dll (HiTRUST)
MOD - C:\WINDOWS\system32\CryptoAPI.dll (HiTRUST)
MOD - C:\WINDOWS\system32\mfc71u.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (FTRTSVC) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe (France Telecom SA)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (Acer Media Server) -- C:\Program Files\Acer\Acer eConsole\MediaServerService.exe (Acer Inc.)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.)
SRV - (LightScribeService) -- c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
========== Driver Services (SafeList) ==========
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (ndisrd) -- C:\WINDOWS\system32\drivers\ndisrd.sys (NT Kernel Resources)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (GT72NDISIPXP) -- C:\WINDOWS\system32\drivers\Gt51Ip.sys (Option NV)
DRV - (GT72UBUS) -- C:\WINDOWS\system32\drivers\gt72ubus.sys (Option N.V.)
DRV - (GTPTSER) -- C:\WINDOWS\system32\drivers\gtptser.sys (Option N.V.)
DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS (Macrovision Europe Ltd)
DRV - (MobileAdapter) -- C:\WINDOWS\system32\drivers\hmumdm.sys (Huawei Technologies Co., Ltd.)
DRV - (eeCtrl) -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (se2Bunic) Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (WDM) -- C:\WINDOWS\system32\drivers\se2Bunic.sys (MCCI)
DRV - (SE2Bobex) -- C:\WINDOWS\system32\drivers\SE2Bobex.sys (MCCI)
DRV - (se2Bnd5) Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (NDIS) -- C:\WINDOWS\system32\drivers\se2Bnd5.sys (MCCI)
DRV - (SE2Bmgmt) Sony Ericsson Device 043 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\SE2Bmgmt.sys (MCCI)
DRV - (SE2Bmdm) -- C:\WINDOWS\system32\drivers\SE2Bmdm.sys (MCCI)
DRV - (SE2Bmdfl) -- C:\WINDOWS\system32\drivers\SE2Bmdfl.sys (MCCI)
DRV - (SE2Bbus) Sony Ericsson Device 043 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\SE2Bbus.sys (MCCI)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (PCANDIS5) -- C:\WINDOWS\system32\pcandis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (SG762_XP) -- C:\WINDOWS\system32\drivers\WlanBZXP.sys (ZyDAS Technology Corporation)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI)
DRV - (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation)
DRV - (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI)
DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI)
DRV - (ssm_mdm) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys (MCCI)
DRV - (ssm_mdfl) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys (MCCI)
DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ssm_bus.sys (MCCI)
DRV - (PD0620VID) -- C:\WINDOWS\system32\drivers\P0620Vid.sys (Creative Technology Ltd.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (ZDPNDIS5) -- C:\WINDOWS\system32\ZDPNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (cdrbsvsd) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys (B.H.A Corporation)
DRV - (PCAMPR5) -- C:\WINDOWS\system32\pcampr5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (STIrUsb) -- C:\WINDOWS\system32\drivers\irstusb.sys (SigmaTel, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\orange\SearchURLHook\SearchPageURL.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "mobilewitch Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {636fae0b-69b4-4324-9fea-80fc7fb887dc}:1.300.306
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {fcbf663e-8530-46f8-a880-ac5abe9d2b23}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark..."
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/25 11:26:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/25 11:26:45 | 000,000,000 | ---D | M]
[2010/12/14 22:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Extensions
[2010/12/14 22:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/04/21 15:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/06/11 17:55:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Firefox\Profiles\07ait0d4.default\extensions
[2010/08/20 15:19:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Firefox\Profiles\07ait0d4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/07 11:35:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Firefox\Profiles\07ait0d4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/02/24 16:18:37 | 000,000,000 | ---D | M] (HP Detect) -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Firefox\Profiles\07ait0d4.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/05/25 17:16:25 | 000,000,000 | ---D | M] (mobilewitch Community Toolbar) -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Firefox\Profiles\07ait0d4.default\extensions\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}
[2009/03/02 16:30:01 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Firefox\Profiles\07ait0d4.default\searchplugins\live-search.xml
[2010/10/04 08:38:07 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Firefox\Profiles\07ait0d4.default\searchplugins\search-the-web.xml
[2011/05/25 10:12:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SANDRA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\07AIT0D4.DEFAULT\EXTENSIONS\{636FAE0B-69B4-4324-9FEA-80FC7FB887DC}.XPI
[2009/06/25 17:15:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/25 11:26:30 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2005/04/27 22:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2006/09/26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2011/05/25 11:26:37 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2011/05/25 11:26:37 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/05/25 11:26:37 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/05/25 11:26:38 | 000,001,154 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2011/05/25 11:26:38 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2011/05/25 11:26:38 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2011/02/12 11:45:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - File not found
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe ( )
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe (Acer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe (Acer Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files\orange\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PD0620 STISvc] C:\WINDOWS\System32\P0620Pin.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SystrayORAHSS] C:\Program Files\Orange\Systray\SystrayApp.exe (France Telecom SA)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe (X-Micro Technology Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = File not found
O4 - Startup: C:\Documents and Settings\SANDRA\Menu Démarrer\Programmes\Démarrage\Anti-Pub.lnk = File not found
O4 - Startup: C:\Documents and Settings\SANDRA\Menu Démarrer\Programmes\Démarrage\BoontyBox 01net.lnk = File not found
O4 - Startup: C:\Documents and Settings\SANDRA\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: chat-land.org ([]* in Sites de confiance)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/direc... (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/dir... (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {596B26AA-E941-4FB5-8F91-0762447578F0} http://games.bigfishgames.com/fr_dream-chronicles/onlin... (CPlayFirstdreamControl Object)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.... (Solitaire Showdown Class)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.extrafilm.fr/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.photobox.fr/assets/aurigma/ImageUploader4.ca... (Image Uploader Control)
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} http://www.gamehouse.com/realarcade-webgames/dreamchron... (CPlayFirstdreamControl Object)
O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} http://photos.orange.fr/al/presentation/pc/resources/ac... (Upload Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://jeuxenligne.orange.fr/gameshell/online/fr/chainz... (MJLauncherCtrl Class)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://lausanlelian.spaces.live.com/PhotoUpload/MsnPUpl... (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-wind... (Java Plug-in 1.6.0_14)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/MessengerStatsClie... (MessengerStatsClient Class)
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} http://www.securitoo.com/fra/pages/navol/fscax.cab (F-Secure Online Scanner)
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} http://www.gamehouse.com/realarcade-webgames/mysterypil... (SpinTop Games Launcher)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} http://www.colorclub.fr/Components/Upload/ImageUploader... (Aurigma Image Uploader 3.5 Combo Control)
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} http://games.bigfishgames.com/fr_bigcityadventuresa/onl... (Jolly Bear Games Player)
O16 - DPF: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5} http://cora.fujifilmnet.com/MCLPhoto.CAB (MCLPhoto_Upload.PhotoUpload)
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} http://copainsdavant.linternaute.com/html_include_bibli... (Image Uploader Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPACl... (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-wind... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-wind... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-wind... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-wind... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-wind... (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-wind... (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-wind... (Java Plug-in 1.6.0_14)
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://www.photobox.fr/discount/clients/uploader_v2.2.0... (PB_Uploader Class)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://jeuxentelechargement.orange.fr/Gameshell/GameHos... (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/fl... (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valueactive.com/Register/Branding/olr33... (FlashXControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\SANDRA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\SANDRA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/07 10:12:54 | 000,000,050 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/13 17:40:25 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/09 15:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SANDRA\Mes documents\HomeVideo-Maker
[2011/06/09 14:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SANDRA\Bureau\RK_Quarantine
[2011/06/09 14:58:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SANDRA\Recent
[2011/06/09 07:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SANDRA\Menu Démarrer\Programmes\Windows XP Restore
[2011/06/08 21:51:48 | 000,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\beep.sys
[2011/06/08 21:47:20 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2011/05/24 15:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SANDRA\historique_ChatLand
[2009/02/05 20:24:03 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\SANDRA\Application Data\pcouffin.sys
[2006/12/24 13:21:08 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe
[2006/12/24 13:19:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll
[2006/12/24 13:19:32 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\SysMonitor.exe
[1 C:\Documents and Settings\SANDRA\*.tmp files -> C:\Documents and Settings\SANDRA\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/14 08:38:50 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/14 08:36:22 | 000,054,156 | ---- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/06/14 08:36:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/06/14 08:35:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/14 08:35:17 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/13 17:40:25 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/09 17:47:19 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/06/09 14:26:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\8613F.sys
[2011/06/09 08:03:59 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17489700
[2011/06/09 08:03:08 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17489700
[2011/06/09 08:03:07 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17489700r
[2011/06/09 07:51:43 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\SANDRA\Bureau\Windows XP Restore.lnk
[2011/05/30 20:59:03 | 000,233,472 | -H-- | M] () -- C:\Documents and Settings\SANDRA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/24 16:09:16 | 000,039,063 | ---- | M] () -- C:\Documents and Settings\SANDRA\binternet.jar
[2011/05/24 16:08:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\SANDRA\tmp1.14
[2011/05/24 15:06:18 | 000,009,258 | ---- | M] () -- C:\Documents and Settings\SANDRA\F_ajour.jar
[1 C:\Documents and Settings\SANDRA\*.tmp files -> C:\Documents and Settings\SANDRA\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/09 15:06:03 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
[2011/06/09 15:06:03 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Gestionnaire Internet.lnk
[2011/06/09 15:06:03 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Navigateur Orange.lnk
[2011/06/09 15:06:03 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2011/06/09 15:06:03 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\OpenOffice.org 3.0.lnk
[2011/06/09 15:06:03 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/09 15:06:03 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/06/09 15:06:03 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Picasa 3.lnk
[2011/06/09 15:06:03 | 000,000,188 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Livebox.url
[2011/06/09 15:06:02 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/06/09 15:06:02 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/06/09 15:06:02 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\BoontyBox 01net.lnk
[2011/06/09 15:06:02 | 000,001,624 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/09 15:06:02 | 000,001,370 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\Vos allocations.lnk
[2011/06/09 15:06:02 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk
[2011/06/09 15:06:02 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Easy Burner.lnk
[2011/06/09 15:06:02 | 000,000,114 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL
[2011/06/09 15:06:02 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureau.scf
[2011/06/09 15:06:01 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Windows Live Messenger .lnk
[2011/06/09 15:06:01 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk
[2011/06/09 15:05:56 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Microsoft Office PowerPoint Viewer 2003.lnk
[2011/06/09 15:05:56 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk
[2011/06/09 15:05:54 | 000,001,465 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk
[2011/06/09 15:05:53 | 000,001,761 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
[2011/06/09 15:05:53 | 000,001,585 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer Empowering Technology.lnk
[2011/06/09 15:05:53 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk
[2011/06/09 15:05:53 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer WLAN 11g USB Dongle.lnk
[2011/06/09 15:05:53 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk
[2011/06/09 15:05:51 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Apple Software Update.lnk
[2011/06/09 15:05:51 | 000,002,092 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Photoshop Album Edition Découverte 3.2.lnk
[2011/06/09 15:05:51 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 9.lnk
[2011/06/09 14:43:51 | 469,291,008 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/09 14:26:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\8613F.sys
[2011/06/09 07:52:41 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~17489700r
[2011/06/09 07:52:40 | 000,000,144 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~17489700
[2011/06/09 07:51:43 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\SANDRA\Bureau\Windows XP Restore.lnk
[2011/06/09 07:51:16 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17489700
[2011/05/24 16:09:16 | 000,039,063 | ---- | C] () -- C:\Documents and Settings\SANDRA\binternet.jar
[2011/05/24 16:08:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\SANDRA\tmp1.14
[2011/05/24 15:06:18 | 000,009,258 | ---- | C] () -- C:\Documents and Settings\SANDRA\F_ajour.jar
[2011/02/12 11:29:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/12 11:29:38 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/17 17:16:39 | 000,000,190 | -H-- | C] () -- C:\WINDOWS\settings.ini
[2010/08/26 11:35:48 | 000,565,248 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2010/07/23 17:30:53 | 000,025,520 | ---- | C] () -- C:\Documents and Settings\SANDRA\Local Settings\Application Data\slot1.mm1
[2009/10/05 14:38:09 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll
[2009/06/02 18:35:57 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/02/05 20:24:04 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\pcouffin.cat
[2009/02/05 20:24:03 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\pcouffin.inf
[2009/02/05 17:09:51 | 000,000,057 | -H-- | C] () -- C:\WINDOWS\DcmLtbox-WS.ini
[2009/02/01 23:55:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/02/01 23:55:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/02/01 23:55:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/11/03 16:26:58 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2008/11/03 16:26:53 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/10/27 11:52:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/07/03 20:21:47 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/03 20:19:09 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2008/06/04 16:09:16 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/05/14 21:51:16 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/03/20 19:44:36 | 000,000,048 | ---- | C] () -- C:\WINDOWS\DDMv3.INI
[2008/03/17 11:45:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\off-road-uninst.exe
[2008/03/13 22:12:29 | 000,000,182 | -H-- | C] () -- C:\WINDOWS\cncscore.ini
[2008/02/11 10:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 10:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 14:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2008/02/05 09:48:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerUninstaller.exe
[2007/12/20 20:40:48 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/12/20 20:40:48 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/12/20 20:40:48 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/12/20 20:40:48 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/12/20 20:40:48 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/12/20 20:40:48 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/12/20 20:40:48 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/12/20 20:40:48 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/12/20 20:40:48 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/12/20 20:40:48 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/12/20 20:40:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/12/20 20:40:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/12/20 20:40:48 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/12/20 20:40:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/12/20 20:40:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/12/20 20:40:48 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/12/20 20:40:48 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/12/20 20:40:48 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/12/20 20:40:48 | 000,000,097 | -H-- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/12/20 20:22:32 | 000,000,027 | -H-- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
[2007/11/25 18:55:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2007/11/06 20:48:04 | 000,000,022 | -H-- | C] () -- C:\WINDOWS\logger.ini
[2007/09/22 12:31:09 | 000,003,160 | -H-- | C] () -- C:\WINDOWS\zibouille.ini
[2007/09/22 12:27:50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe
[2007/09/21 15:15:46 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\com.koingosw.SuperFrog.xml
[2007/09/10 23:28:22 | 000,000,080 | -H-- | C] () -- C:\WINDOWS\funkycity.ini
[2007/09/10 21:30:24 | 000,000,018 | -H-- | C] () -- C:\WINDOWS\gfact.ini
[2007/09/08 17:32:53 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007/07/27 15:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 15:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/05/07 17:53:28 | 002,067,140 | R--- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2007/05/07 17:28:39 | 000,000,499 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2007/04/23 22:09:10 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/04/23 14:43:28 | 000,002,607 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/03/23 20:07:56 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/03/20 19:53:01 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/03/15 16:14:16 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\eDataSecurity.dat
[2007/03/07 12:05:28 | 000,146,303 | ---- | C] () -- C:\WINDOWS\System32\cdsmbw.exe
[2007/02/09 23:10:54 | 000,000,040 | ---- | C] () -- C:\WINDOWS\Navigma.INI
[2007/01/22 15:17:25 | 000,002,681 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2007/01/10 16:51:35 | 000,000,066 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2007/01/02 15:17:52 | 000,001,318 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2006/12/30 18:20:06 | 000,000,133 | -H-- | C] () -- C:\WINDOWS\funpok.ini
[2006/12/25 18:13:22 | 000,384,000 | ---- | C] () -- C:\WINDOWS\adeins.exe
[2006/12/24 14:26:22 | 000,233,472 | -H-- | C] () -- C:\Documents and Settings\SANDRA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/24 13:23:50 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006/12/24 13:21:37 | 000,114,688 | ---- | C] () -- C:\WINDOWS\PowerOption.exe
[2006/12/24 13:21:37 | 000,000,294 | -H-- | C] () -- C:\WINDOWS\PowerOption.ini
[2006/12/24 13:19:32 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll
[2006/12/24 13:14:31 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\SANDRA\Local Settings\Application Data\fusioncache.dat
[2006/08/07 10:16:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/07 10:16:38 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/07 10:14:32 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MWLPS.dll
[2006/08/07 10:14:24 | 000,000,050 | -H-- | C] () -- C:\WINDOWS\commercial.ini
[2006/08/07 10:13:14 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006/08/07 10:12:32 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2006/08/07 10:12:32 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2006/08/07 10:12:32 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2006/08/07 10:12:32 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2006/08/07 10:10:34 | 000,545,344 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2006/08/07 10:10:34 | 000,472,444 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/08/07 10:10:34 | 000,102,322 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2006/08/07 10:10:34 | 000,085,762 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/08/07 10:07:20 | 000,228,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/07 09:57:46 | 000,004,555 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/07 09:56:54 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/12 00:19:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/07/12 00:19:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/07/12 00:19:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/07/12 00:19:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/07/12 00:19:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/07/12 00:19:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/07/12 00:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/07/12 00:19:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/07/12 00:19:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/07/12 00:19:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/07/12 00:19:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/05/29 16:05:58 | 000,303,104 | ---- | C] () -- C:\WINDOWS\CreateLnk.exe
[2006/05/25 01:22:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2006/04/23 17:15:36 | 000,000,095 | -H-- | C] () -- C:\WINDOWS\ALaunch.ini
[2006/04/12 15:08:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll
[2006/03/08 18:19:28 | 001,421,824 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll
[2006/03/08 18:11:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2006/03/02 20:35:48 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin
[2005/12/05 20:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 13:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/11/16 22:11:52 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\Kill1211.exe
[2005/11/10 12:27:42 | 000,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys
[2005/10/31 04:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/10/26 08:25:28 | 000,008,073 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/07/15 02:48:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/03/14 14:38:28 | 000,000,469 | -H-- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/12/17 04:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/08/05 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/05 07:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2004/08/05 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/05 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/05 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/05 07:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2004/08/05 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/05 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/05 07:00:00 | 000,003,712 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/05 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/05 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003/08/07 09:51:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\reboot.exe
[2003/03/14 12:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2002/05/23 17:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMOVE.EXE
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/25 19:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/25 19:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A9D0E7
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BC95BE9
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:331B76C7
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D31DA45
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:067F588D
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB5DB76D
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP![:D]( ":D")
FC5A2B2
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:965253AF
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6CEB2458
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A392155
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECE19DD1
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP![:D]( ":D")
2D4B33E
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A56D6987
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F25B38E8
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A4138A0
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEF2A14E
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2CD146E
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BA6C9F8
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7776B809
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43301D1D
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7123C4C
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D60AEC3
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:861A898F
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:481DAC2B
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:204BEE0F
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2F115B4
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP![:D]( ":D")
8EA2847
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5925E400
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30997E0F
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8B102B9
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A967571A
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45BC0AAA
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B310C233
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14168AA3
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FC027DE
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1FDDA142
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF2C26D2
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37F44C44
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED51D3ED
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E463CA56
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:706CFC8E
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F0FA039
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED6C8CBA
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63A71C6F
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:580E04D8
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9CB5ECC
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CCBF0D67
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0405560
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D722CD6
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE601F5
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81B52FA6
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A724744F
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D1BE4C6
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDD78BE5
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP![:D]( ":D")
E47A3DA
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD9F7E4E
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373C6DC2
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP![:D]( ":D")
DEB08FD
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DD87D86
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54997B77
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP![:D]( ":D")
507B5A8
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB5B8755
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95B7F1EC
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FC9D9C0
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26946BE8
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:970A6A7C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A18D1F5
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:666FB4AA
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50A11A00
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C9CF9A7
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2871B698
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20FFCF0B
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B52F176
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E4A7758
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C12E68D
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48FEA089
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:437B9941
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84F494D
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:949483BD
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:940ECC98
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69B9AAE7
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B812EE0
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07241935
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP![:D]( ":D")
31BE97C
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A296A63F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A118E9A3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AB6C1D7
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F22DA14
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A73A758
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6433F27
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C80FAD6
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C64BB1A
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55F44B88
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6C58E14
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP![:D]( ":D")
A723860
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP![:D]( ":D")
1979811
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BABA07C2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89123481
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81ED9272
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:557AD709
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:315B4A13
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDDD8917
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F14D1F80
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E945C214
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E736CE6B
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:994AEA06
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E1404CE
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38B32B54
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20DB61D6
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:090FB735
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A97C459
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:488F7244
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:053BAE56
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF8F1AE3
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F65733F1
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1013B07C
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP![:D]( ":D")
CF7E75A
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP![:D]( ":D")
AAE6F43
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP![:D]( ":D")
055FC10
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B652B720
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C443193
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76BE9842
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:417F5F46
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:275AA066
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F0A5896
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE7C61DF
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:857F
voici le rapport OTL
OTL logfile created on: 14/06/2011 14:26:24 - Run 5
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\SANDRA\Mes documents\Téléchargements
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
447,48 Mb Total Physical Memory | 73,67 Mb Available Physical Memory | 16,46% Memory free
1,13 Gb Paging File | 0,51 Gb Available in Paging File | 45,50% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71,84 Gb Total Space | 31,77 Gb Free Space | 44,23% Space Free | Partition Type: NTFS
Drive D: | 72,31 Gb Total Space | 72,30 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
Computer Name: LELIAN | User Name: SANDRA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\SANDRA\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\Program Files\orange\Systray\SystrayApp.exe (France Telecom SA)
PRC - C:\Program Files\Fichiers communs\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe (France Telecom SA)
PRC - C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe (France Telecom SA)
PRC - C:\Program Files\Acer\Acer eMode Management\AspireService.exe (Acer Inc.)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.)
PRC - C:\WINDOWS\system32\SysMonitor.exe ( )
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
PRC - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe (X-Micro Technology Corp.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\SANDRA\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\sysenv.dll (HiTRUST)
MOD - C:\WINDOWS\system32\MSNChatHook.dll (HiTRUST)
MOD - C:\WINDOWS\system32\CryptoAPI.dll (HiTRUST)
MOD - C:\WINDOWS\system32\mfc71u.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (FTRTSVC) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe (France Telecom SA)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (Acer Media Server) -- C:\Program Files\Acer\Acer eConsole\MediaServerService.exe (Acer Inc.)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.)
SRV - (LightScribeService) -- c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
========== Driver Services (SafeList) ==========
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (ndisrd) -- C:\WINDOWS\system32\drivers\ndisrd.sys (NT Kernel Resources)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (GT72NDISIPXP) -- C:\WINDOWS\system32\drivers\Gt51Ip.sys (Option NV)
DRV - (GT72UBUS) -- C:\WINDOWS\system32\drivers\gt72ubus.sys (Option N.V.)
DRV - (GTPTSER) -- C:\WINDOWS\system32\drivers\gtptser.sys (Option N.V.)
DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS (Macrovision Europe Ltd)
DRV - (MobileAdapter) -- C:\WINDOWS\system32\drivers\hmumdm.sys (Huawei Technologies Co., Ltd.)
DRV - (eeCtrl) -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (se2Bunic) Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (WDM) -- C:\WINDOWS\system32\drivers\se2Bunic.sys (MCCI)
DRV - (SE2Bobex) -- C:\WINDOWS\system32\drivers\SE2Bobex.sys (MCCI)
DRV - (se2Bnd5) Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (NDIS) -- C:\WINDOWS\system32\drivers\se2Bnd5.sys (MCCI)
DRV - (SE2Bmgmt) Sony Ericsson Device 043 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\SE2Bmgmt.sys (MCCI)
DRV - (SE2Bmdm) -- C:\WINDOWS\system32\drivers\SE2Bmdm.sys (MCCI)
DRV - (SE2Bmdfl) -- C:\WINDOWS\system32\drivers\SE2Bmdfl.sys (MCCI)
DRV - (SE2Bbus) Sony Ericsson Device 043 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\SE2Bbus.sys (MCCI)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (PCANDIS5) -- C:\WINDOWS\system32\pcandis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (SG762_XP) -- C:\WINDOWS\system32\drivers\WlanBZXP.sys (ZyDAS Technology Corporation)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI)
DRV - (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation)
DRV - (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI)
DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI)
DRV - (ssm_mdm) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys (MCCI)
DRV - (ssm_mdfl) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys (MCCI)
DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ssm_bus.sys (MCCI)
DRV - (PD0620VID) -- C:\WINDOWS\system32\drivers\P0620Vid.sys (Creative Technology Ltd.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (ZDPNDIS5) -- C:\WINDOWS\system32\ZDPNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (cdrbsvsd) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys (B.H.A Corporation)
DRV - (PCAMPR5) -- C:\WINDOWS\system32\pcampr5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (STIrUsb) -- C:\WINDOWS\system32\drivers\irstusb.sys (SigmaTel, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\orange\SearchURLHook\SearchPageURL.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "mobilewitch Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {636fae0b-69b4-4324-9fea-80fc7fb887dc}:1.300.306
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {fcbf663e-8530-46f8-a880-ac5abe9d2b23}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark..."
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/25 11:26:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/25 11:26:45 | 000,000,000 | ---D | M]
[2010/12/14 22:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Extensions
[2010/12/14 22:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/04/21 15:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/06/11 17:55:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Firefox\Profiles\07ait0d4.default\extensions
[2010/08/20 15:19:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Firefox\Profiles\07ait0d4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/07 11:35:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Firefox\Profiles\07ait0d4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/02/24 16:18:37 | 000,000,000 | ---D | M] (HP Detect) -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Firefox\Profiles\07ait0d4.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/05/25 17:16:25 | 000,000,000 | ---D | M] (mobilewitch Community Toolbar) -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Firefox\Profiles\07ait0d4.default\extensions\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}
[2009/03/02 16:30:01 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Firefox\Profiles\07ait0d4.default\searchplugins\live-search.xml
[2010/10/04 08:38:07 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Firefox\Profiles\07ait0d4.default\searchplugins\search-the-web.xml
[2011/05/25 10:12:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SANDRA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\07AIT0D4.DEFAULT\EXTENSIONS\{636FAE0B-69B4-4324-9FEA-80FC7FB887DC}.XPI
[2009/06/25 17:15:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/25 11:26:30 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2005/04/27 22:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2006/09/26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2011/05/25 11:26:37 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2011/05/25 11:26:37 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/05/25 11:26:37 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/05/25 11:26:38 | 000,001,154 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2011/05/25 11:26:38 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2011/05/25 11:26:38 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2011/02/12 11:45:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - File not found
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe ( )
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe (Acer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe (Acer Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files\orange\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PD0620 STISvc] C:\WINDOWS\System32\P0620Pin.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SystrayORAHSS] C:\Program Files\Orange\Systray\SystrayApp.exe (France Telecom SA)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe (X-Micro Technology Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = File not found
O4 - Startup: C:\Documents and Settings\SANDRA\Menu Démarrer\Programmes\Démarrage\Anti-Pub.lnk = File not found
O4 - Startup: C:\Documents and Settings\SANDRA\Menu Démarrer\Programmes\Démarrage\BoontyBox 01net.lnk = File not found
O4 - Startup: C:\Documents and Settings\SANDRA\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: chat-land.org ([]* in Sites de confiance)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/direc... (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/dir... (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {596B26AA-E941-4FB5-8F91-0762447578F0} http://games.bigfishgames.com/fr_dream-chronicles/onlin... (CPlayFirstdreamControl Object)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.... (Solitaire Showdown Class)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.extrafilm.fr/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.photobox.fr/assets/aurigma/ImageUploader4.ca... (Image Uploader Control)
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} http://www.gamehouse.com/realarcade-webgames/dreamchron... (CPlayFirstdreamControl Object)
O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} http://photos.orange.fr/al/presentation/pc/resources/ac... (Upload Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://jeuxenligne.orange.fr/gameshell/online/fr/chainz... (MJLauncherCtrl Class)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://lausanlelian.spaces.live.com/PhotoUpload/MsnPUpl... (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-wind... (Java Plug-in 1.6.0_14)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/MessengerStatsClie... (MessengerStatsClient Class)
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} http://www.securitoo.com/fra/pages/navol/fscax.cab (F-Secure Online Scanner)
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} http://www.gamehouse.com/realarcade-webgames/mysterypil... (SpinTop Games Launcher)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} http://www.colorclub.fr/Components/Upload/ImageUploader... (Aurigma Image Uploader 3.5 Combo Control)
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} http://games.bigfishgames.com/fr_bigcityadventuresa/onl... (Jolly Bear Games Player)
O16 - DPF: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5} http://cora.fujifilmnet.com/MCLPhoto.CAB (MCLPhoto_Upload.PhotoUpload)
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} http://copainsdavant.linternaute.com/html_include_bibli... (Image Uploader Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPACl... (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-wind... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-wind... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-wind... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-wind... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-wind... (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-wind... (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-wind... (Java Plug-in 1.6.0_14)
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://www.photobox.fr/discount/clients/uploader_v2.2.0... (PB_Uploader Class)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://jeuxentelechargement.orange.fr/Gameshell/GameHos... (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/fl... (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valueactive.com/Register/Branding/olr33... (FlashXControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\SANDRA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\SANDRA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/07 10:12:54 | 000,000,050 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/13 17:40:25 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/09 15:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SANDRA\Mes documents\HomeVideo-Maker
[2011/06/09 14:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SANDRA\Bureau\RK_Quarantine
[2011/06/09 14:58:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SANDRA\Recent
[2011/06/09 07:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SANDRA\Menu Démarrer\Programmes\Windows XP Restore
[2011/06/08 21:51:48 | 000,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\beep.sys
[2011/06/08 21:47:20 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2011/05/24 15:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SANDRA\historique_ChatLand
[2009/02/05 20:24:03 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\SANDRA\Application Data\pcouffin.sys
[2006/12/24 13:21:08 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe
[2006/12/24 13:19:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll
[2006/12/24 13:19:32 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\SysMonitor.exe
[1 C:\Documents and Settings\SANDRA\*.tmp files -> C:\Documents and Settings\SANDRA\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/14 08:38:50 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/14 08:36:22 | 000,054,156 | ---- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/06/14 08:36:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/06/14 08:35:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/14 08:35:17 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/13 17:40:25 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/09 17:47:19 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/06/09 14:26:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\8613F.sys
[2011/06/09 08:03:59 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17489700
[2011/06/09 08:03:08 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17489700
[2011/06/09 08:03:07 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17489700r
[2011/06/09 07:51:43 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\SANDRA\Bureau\Windows XP Restore.lnk
[2011/05/30 20:59:03 | 000,233,472 | -H-- | M] () -- C:\Documents and Settings\SANDRA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/24 16:09:16 | 000,039,063 | ---- | M] () -- C:\Documents and Settings\SANDRA\binternet.jar
[2011/05/24 16:08:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\SANDRA\tmp1.14
[2011/05/24 15:06:18 | 000,009,258 | ---- | M] () -- C:\Documents and Settings\SANDRA\F_ajour.jar
[1 C:\Documents and Settings\SANDRA\*.tmp files -> C:\Documents and Settings\SANDRA\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/09 15:06:03 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
[2011/06/09 15:06:03 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Gestionnaire Internet.lnk
[2011/06/09 15:06:03 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Navigateur Orange.lnk
[2011/06/09 15:06:03 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2011/06/09 15:06:03 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\OpenOffice.org 3.0.lnk
[2011/06/09 15:06:03 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/09 15:06:03 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/06/09 15:06:03 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Picasa 3.lnk
[2011/06/09 15:06:03 | 000,000,188 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Livebox.url
[2011/06/09 15:06:02 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/06/09 15:06:02 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/06/09 15:06:02 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\BoontyBox 01net.lnk
[2011/06/09 15:06:02 | 000,001,624 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/09 15:06:02 | 000,001,370 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\Vos allocations.lnk
[2011/06/09 15:06:02 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk
[2011/06/09 15:06:02 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Easy Burner.lnk
[2011/06/09 15:06:02 | 000,000,114 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL
[2011/06/09 15:06:02 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureau.scf
[2011/06/09 15:06:01 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Windows Live Messenger .lnk
[2011/06/09 15:06:01 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk
[2011/06/09 15:05:56 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Microsoft Office PowerPoint Viewer 2003.lnk
[2011/06/09 15:05:56 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk
[2011/06/09 15:05:54 | 000,001,465 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk
[2011/06/09 15:05:53 | 000,001,761 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
[2011/06/09 15:05:53 | 000,001,585 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer Empowering Technology.lnk
[2011/06/09 15:05:53 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk
[2011/06/09 15:05:53 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer WLAN 11g USB Dongle.lnk
[2011/06/09 15:05:53 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk
[2011/06/09 15:05:51 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Apple Software Update.lnk
[2011/06/09 15:05:51 | 000,002,092 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Photoshop Album Edition Découverte 3.2.lnk
[2011/06/09 15:05:51 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 9.lnk
[2011/06/09 14:43:51 | 469,291,008 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/09 14:26:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\8613F.sys
[2011/06/09 07:52:41 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~17489700r
[2011/06/09 07:52:40 | 000,000,144 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~17489700
[2011/06/09 07:51:43 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\SANDRA\Bureau\Windows XP Restore.lnk
[2011/06/09 07:51:16 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17489700
[2011/05/24 16:09:16 | 000,039,063 | ---- | C] () -- C:\Documents and Settings\SANDRA\binternet.jar
[2011/05/24 16:08:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\SANDRA\tmp1.14
[2011/05/24 15:06:18 | 000,009,258 | ---- | C] () -- C:\Documents and Settings\SANDRA\F_ajour.jar
[2011/02/12 11:29:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/12 11:29:38 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/17 17:16:39 | 000,000,190 | -H-- | C] () -- C:\WINDOWS\settings.ini
[2010/08/26 11:35:48 | 000,565,248 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2010/07/23 17:30:53 | 000,025,520 | ---- | C] () -- C:\Documents and Settings\SANDRA\Local Settings\Application Data\slot1.mm1
[2009/10/05 14:38:09 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll
[2009/06/02 18:35:57 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/02/05 20:24:04 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\pcouffin.cat
[2009/02/05 20:24:03 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\pcouffin.inf
[2009/02/05 17:09:51 | 000,000,057 | -H-- | C] () -- C:\WINDOWS\DcmLtbox-WS.ini
[2009/02/01 23:55:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/02/01 23:55:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/02/01 23:55:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/11/03 16:26:58 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2008/11/03 16:26:53 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/10/27 11:52:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/07/03 20:21:47 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/03 20:19:09 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2008/06/04 16:09:16 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/05/14 21:51:16 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/03/20 19:44:36 | 000,000,048 | ---- | C] () -- C:\WINDOWS\DDMv3.INI
[2008/03/17 11:45:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\off-road-uninst.exe
[2008/03/13 22:12:29 | 000,000,182 | -H-- | C] () -- C:\WINDOWS\cncscore.ini
[2008/02/11 10:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 10:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 14:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2008/02/05 09:48:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerUninstaller.exe
[2007/12/20 20:40:48 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/12/20 20:40:48 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/12/20 20:40:48 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/12/20 20:40:48 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/12/20 20:40:48 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/12/20 20:40:48 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/12/20 20:40:48 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/12/20 20:40:48 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/12/20 20:40:48 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/12/20 20:40:48 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/12/20 20:40:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/12/20 20:40:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/12/20 20:40:48 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/12/20 20:40:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/12/20 20:40:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/12/20 20:40:48 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/12/20 20:40:48 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/12/20 20:40:48 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/12/20 20:40:48 | 000,000,097 | -H-- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/12/20 20:22:32 | 000,000,027 | -H-- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
[2007/11/25 18:55:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2007/11/06 20:48:04 | 000,000,022 | -H-- | C] () -- C:\WINDOWS\logger.ini
[2007/09/22 12:31:09 | 000,003,160 | -H-- | C] () -- C:\WINDOWS\zibouille.ini
[2007/09/22 12:27:50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe
[2007/09/21 15:15:46 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\com.koingosw.SuperFrog.xml
[2007/09/10 23:28:22 | 000,000,080 | -H-- | C] () -- C:\WINDOWS\funkycity.ini
[2007/09/10 21:30:24 | 000,000,018 | -H-- | C] () -- C:\WINDOWS\gfact.ini
[2007/09/08 17:32:53 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007/07/27 15:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 15:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/05/07 17:53:28 | 002,067,140 | R--- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2007/05/07 17:28:39 | 000,000,499 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2007/04/23 22:09:10 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/04/23 14:43:28 | 000,002,607 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/03/23 20:07:56 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/03/20 19:53:01 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/03/15 16:14:16 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\eDataSecurity.dat
[2007/03/07 12:05:28 | 000,146,303 | ---- | C] () -- C:\WINDOWS\System32\cdsmbw.exe
[2007/02/09 23:10:54 | 000,000,040 | ---- | C] () -- C:\WINDOWS\Navigma.INI
[2007/01/22 15:17:25 | 000,002,681 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2007/01/10 16:51:35 | 000,000,066 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2007/01/02 15:17:52 | 000,001,318 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2006/12/30 18:20:06 | 000,000,133 | -H-- | C] () -- C:\WINDOWS\funpok.ini
[2006/12/25 18:13:22 | 000,384,000 | ---- | C] () -- C:\WINDOWS\adeins.exe
[2006/12/24 14:26:22 | 000,233,472 | -H-- | C] () -- C:\Documents and Settings\SANDRA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/24 13:23:50 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006/12/24 13:21:37 | 000,114,688 | ---- | C] () -- C:\WINDOWS\PowerOption.exe
[2006/12/24 13:21:37 | 000,000,294 | -H-- | C] () -- C:\WINDOWS\PowerOption.ini
[2006/12/24 13:19:32 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll
[2006/12/24 13:14:31 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\SANDRA\Local Settings\Application Data\fusioncache.dat
[2006/08/07 10:16:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/07 10:16:38 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/07 10:14:32 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MWLPS.dll
[2006/08/07 10:14:24 | 000,000,050 | -H-- | C] () -- C:\WINDOWS\commercial.ini
[2006/08/07 10:13:14 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006/08/07 10:12:32 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2006/08/07 10:12:32 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2006/08/07 10:12:32 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2006/08/07 10:12:32 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2006/08/07 10:10:34 | 000,545,344 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2006/08/07 10:10:34 | 000,472,444 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/08/07 10:10:34 | 000,102,322 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2006/08/07 10:10:34 | 000,085,762 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/08/07 10:07:20 | 000,228,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/07 09:57:46 | 000,004,555 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/07 09:56:54 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/12 00:19:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/07/12 00:19:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/07/12 00:19:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/07/12 00:19:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/07/12 00:19:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/07/12 00:19:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/07/12 00:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/07/12 00:19:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/07/12 00:19:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/07/12 00:19:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/07/12 00:19:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/05/29 16:05:58 | 000,303,104 | ---- | C] () -- C:\WINDOWS\CreateLnk.exe
[2006/05/25 01:22:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2006/04/23 17:15:36 | 000,000,095 | -H-- | C] () -- C:\WINDOWS\ALaunch.ini
[2006/04/12 15:08:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll
[2006/03/08 18:19:28 | 001,421,824 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll
[2006/03/08 18:11:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2006/03/02 20:35:48 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin
[2005/12/05 20:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 13:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/11/16 22:11:52 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\Kill1211.exe
[2005/11/10 12:27:42 | 000,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys
[2005/10/31 04:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/10/26 08:25:28 | 000,008,073 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/07/15 02:48:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/03/14 14:38:28 | 000,000,469 | -H-- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/12/17 04:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/08/05 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/05 07:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2004/08/05 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/05 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/05 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/05 07:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2004/08/05 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/05 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/05 07:00:00 | 000,003,712 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/05 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/05 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003/08/07 09:51:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\reboot.exe
[2003/03/14 12:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2002/05/23 17:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMOVE.EXE
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/25 19:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/25 19:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A9D0E7
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BC95BE9
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:331B76C7
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D31DA45
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:067F588D
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB5DB76D
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP
FC5A2B2@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:965253AF
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6CEB2458
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A392155
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECE19DD1
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP
2D4B33E@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A56D6987
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F25B38E8
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A4138A0
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEF2A14E
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2CD146E
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BA6C9F8
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7776B809
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43301D1D
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7123C4C
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D60AEC3
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:861A898F
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:481DAC2B
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:204BEE0F
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2F115B4
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP
8EA2847@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5925E400
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30997E0F
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8B102B9
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A967571A
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45BC0AAA
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B310C233
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14168AA3
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FC027DE
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1FDDA142
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF2C26D2
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37F44C44
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED51D3ED
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E463CA56
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:706CFC8E
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F0FA039
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED6C8CBA
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63A71C6F
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:580E04D8
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9CB5ECC
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CCBF0D67
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0405560
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D722CD6
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE601F5
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81B52FA6
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A724744F
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D1BE4C6
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDD78BE5
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP
E47A3DA@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD9F7E4E
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373C6DC2
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP
DEB08FD@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DD87D86
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54997B77
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP
507B5A8@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB5B8755
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95B7F1EC
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FC9D9C0
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26946BE8
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:970A6A7C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A18D1F5
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:666FB4AA
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50A11A00
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C9CF9A7
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2871B698
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20FFCF0B
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B52F176
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E4A7758
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C12E68D
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48FEA089
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:437B9941
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84F494D
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:949483BD
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:940ECC98
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69B9AAE7
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B812EE0
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07241935
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP
31BE97C@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A296A63F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A118E9A3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AB6C1D7
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F22DA14
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A73A758
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6433F27
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C80FAD6
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C64BB1A
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55F44B88
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6C58E14
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP
A723860@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP
1979811@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BABA07C2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89123481
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81ED9272
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:557AD709
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:315B4A13
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDDD8917
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F14D1F80
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E945C214
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E736CE6B
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:994AEA06
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E1404CE
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38B32B54
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20DB61D6
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:090FB735
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A97C459
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:488F7244
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:053BAE56
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF8F1AE3
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F65733F1
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1013B07C
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP
CF7E75A@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP
AAE6F43@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP
055FC10@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B652B720
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C443193
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76BE9842
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:417F5F46
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:275AA066
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F0A5896
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE7C61DF
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:857F
Le dossier n'est pas caché ?
Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant (entre les deux espaces) :
Puis clique sur le bouton Correction en haut de la fenêtre.
Laisse le programme travailler, redémarre une fois le fix terminé.
Poste le rapport qui s'affichera après redémarrage.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
:OTL
2010/10/04 08:38:07 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Firefox\Profiles\07ait0d4.default\searchplugins\search-the-web.xml
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/j [...] s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Java Plug-in 1.6.0_14)
[2011/06/09 07:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SANDRA\Menu Démarrer\Programmes\Windows XP Restore
[2011/06/09 14:26:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\8613F.sys
[2011/06/09 08:03:59 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17489700
[2011/06/09 08:03:08 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17489700
[2011/06/09 08:03:07 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17489700r
[2011/06/09 07:51:43 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\SANDRA\Bureau\Windows XP Restore.lnk
[2011/05/24 16:09:16 | 000,039,063 | ---- | C] () -- C:\Documents and Settings\SANDRA\binternet.jar
[2011/05/24 16:08:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\SANDRA\tmp1.14
[2011/05/24 15:06:18 | 000,009,258 | ---- | C] () -- C:\Documents and Settings\SANDRA\F_ajour.jar
:commands
[emptytemp]
2010/10/04 08:38:07 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Firefox\Profiles\07ait0d4.default\searchplugins\search-the-web.xml
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/j [...] s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Java Plug-in 1.6.0_14)
[2011/06/09 07:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SANDRA\Menu Démarrer\Programmes\Windows XP Restore
[2011/06/09 14:26:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\8613F.sys
[2011/06/09 08:03:59 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17489700
[2011/06/09 08:03:08 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17489700
[2011/06/09 08:03:07 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17489700r
[2011/06/09 07:51:43 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\SANDRA\Bureau\Windows XP Restore.lnk
[2011/05/24 16:09:16 | 000,039,063 | ---- | C] () -- C:\Documents and Settings\SANDRA\binternet.jar
[2011/05/24 16:08:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\SANDRA\tmp1.14
[2011/05/24 15:06:18 | 000,009,258 | ---- | C] () -- C:\Documents and Settings\SANDRA\F_ajour.jar
:commands
[emptytemp]
je l'ai pas trouve.....
enfin c'est pas grave!!!
voici mon rapport :
All processes killed
========== OTL ==========
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\SANDRA\Menu Démarrer\Programmes\Windows XP Restore folder moved successfully.
C:\WINDOWS\system32\drivers\8613F.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\17489700 moved successfully.
C:\Documents and Settings\All Users\Application Data\~17489700 moved successfully.
C:\Documents and Settings\All Users\Application Data\~17489700r moved successfully.
C:\Documents and Settings\SANDRA\Bureau\Windows XP Restore.lnk moved successfully.
C:\Documents and Settings\SANDRA\binternet.jar moved successfully.
C:\Documents and Settings\SANDRA\tmp1.14 moved successfully.
C:\Documents and Settings\SANDRA\F_ajour.jar moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 75 bytes
User: All Users
User: BEBE
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 75 bytes
User: LAURENT
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 405 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: SANDRA
->Temp folder emptied: 14411366 bytes
->Temporary Internet Files folder emptied: 34381630 bytes
->Java cache emptied: 1554163 bytes
->FireFox cache emptied: 236929866 bytes
->Flash cache emptied: 3119100 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 68718981 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12913566 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1035502662 bytes
Total Files Cleaned = 1 343,00 mb
OTL by OldTimer - Version 3.2.23.0 log created on 06142011_164419
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
enfin c'est pas grave!!!
voici mon rapport :
All processes killed
========== OTL ==========
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\SANDRA\Menu Démarrer\Programmes\Windows XP Restore folder moved successfully.
C:\WINDOWS\system32\drivers\8613F.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\17489700 moved successfully.
C:\Documents and Settings\All Users\Application Data\~17489700 moved successfully.
C:\Documents and Settings\All Users\Application Data\~17489700r moved successfully.
C:\Documents and Settings\SANDRA\Bureau\Windows XP Restore.lnk moved successfully.
C:\Documents and Settings\SANDRA\binternet.jar moved successfully.
C:\Documents and Settings\SANDRA\tmp1.14 moved successfully.
C:\Documents and Settings\SANDRA\F_ajour.jar moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 75 bytes
User: All Users
User: BEBE
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 75 bytes
User: LAURENT
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 405 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: SANDRA
->Temp folder emptied: 14411366 bytes
->Temporary Internet Files folder emptied: 34381630 bytes
->Java cache emptied: 1554163 bytes
->FireFox cache emptied: 236929866 bytes
->Flash cache emptied: 3119100 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 68718981 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12913566 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1035502662 bytes
Total Files Cleaned = 1 343,00 mb
OTL by OldTimer - Version 3.2.23.0 log created on 06142011_164419
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Citation :
C:\Documents and Settings\--> Il est bien là, le virus lui a peut-être mis le statut "Caché".
Pour finir :
1/
2/
3/
==Prévention==
Voici un dossier sur la prévention et sécurité sur Internet (A lire avec Adobe Reader ou Foxit Reader) : Lien
==Problème résolu ?==
--> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :
.
et bien voici un virus cachotier.....comment je le retrouve????
voici mon rapport delfix :
# DelFix v8.0 - Rapport créé le 14/06/2011 à 21:17
# Mis à jour le 01/06/11 à 13h par Xplode
# Système d'exploitation : Microsoft Windows XP (32 bits) [version 5.1.2600] Service Pack 3
# Nom d'utilisateur : SANDRA - LELIAN (Administrateur)
# Exécuté depuis : C:\Documents and Settings\SANDRA\Mes documents\Téléchargements\DelFix.exe
# Option [Suppression]
~~~~~~ Dossier(s) ~~~~~~
Supprimé : C:\_OTL
Supprimé : C:\Qoobox
Supprimé : C:\Documents and Settings\SANDRA\Bureau\RK_Quarantine
~~~~~~ Fichier(s) ~~~~~~
Supprimé : C:\ComboFix.txt
Supprimé : C:\TCleaner.txt
Supprimé : C:\WINDOWS\grep.exe
Supprimé : C:\WINDOWS\MBR.exe
Supprimé : C:\WINDOWS\NIRCMD.exe
Supprimé : C:\WINDOWS\PEV.exe
Supprimé : C:\WINDOWS\sed.exe
Supprimé : C:\WINDOWS\SWREG.exe
Supprimé : C:\WINDOWS\SWSC.exe
Supprimé : C:\WINDOWS\SWXCACLS.exe
Supprimé : C:\WINDOWS\zip.exe
Supprimé : C:\WINDOWS\System32\reboot.exe
Supprimé : C:\Documents and Settings\SANDRA\Mes documents\Téléchargements\OTL.exe
Supprimé : C:\Documents and Settings\SANDRA\Mes documents\Téléchargements\OTL.Txt
~~~~~~ Registre ~~~~~~
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\HijackThis
Clé Supprimée : HKLM\Software\OldTimer Tools
Clé Supprimée : HKLM\Software\Swearware
Clé Supprimée : HKLM\Software\Classes\.cfxxe
Clé Supprimée : HKLM\Software\Classes\cfxxefile
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
~~~~~~ Autre ~~~~~~
-> BitDefender Online Scanner ... Désinstallé avec succès
-> Prefetch vidé
########## EOF - "C:\DelFixSuppr.txt" - [1715 octets] ##########
voici mon rapport delfix :
# DelFix v8.0 - Rapport créé le 14/06/2011 à 21:17
# Mis à jour le 01/06/11 à 13h par Xplode
# Système d'exploitation : Microsoft Windows XP (32 bits) [version 5.1.2600] Service Pack 3
# Nom d'utilisateur : SANDRA - LELIAN (Administrateur)
# Exécuté depuis : C:\Documents and Settings\SANDRA\Mes documents\Téléchargements\DelFix.exe
# Option [Suppression]
~~~~~~ Dossier(s) ~~~~~~
Supprimé : C:\_OTL
Supprimé : C:\Qoobox
Supprimé : C:\Documents and Settings\SANDRA\Bureau\RK_Quarantine
~~~~~~ Fichier(s) ~~~~~~
Supprimé : C:\ComboFix.txt
Supprimé : C:\TCleaner.txt
Supprimé : C:\WINDOWS\grep.exe
Supprimé : C:\WINDOWS\MBR.exe
Supprimé : C:\WINDOWS\NIRCMD.exe
Supprimé : C:\WINDOWS\PEV.exe
Supprimé : C:\WINDOWS\sed.exe
Supprimé : C:\WINDOWS\SWREG.exe
Supprimé : C:\WINDOWS\SWSC.exe
Supprimé : C:\WINDOWS\SWXCACLS.exe
Supprimé : C:\WINDOWS\zip.exe
Supprimé : C:\WINDOWS\System32\reboot.exe
Supprimé : C:\Documents and Settings\SANDRA\Mes documents\Téléchargements\OTL.exe
Supprimé : C:\Documents and Settings\SANDRA\Mes documents\Téléchargements\OTL.Txt
~~~~~~ Registre ~~~~~~
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\HijackThis
Clé Supprimée : HKLM\Software\OldTimer Tools
Clé Supprimée : HKLM\Software\Swearware
Clé Supprimée : HKLM\Software\Classes\.cfxxe
Clé Supprimée : HKLM\Software\Classes\cfxxefile
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
~~~~~~ Autre ~~~~~~
-> BitDefender Online Scanner ... Désinstallé avec succès
-> Prefetch vidé
########## EOF - "C:\DelFixSuppr.txt" - [1715 octets] ##########
Lassé par la pub ? Créez un compte
