Se connecter / S'enregistrer
Votre question

Problème pour supprimer un virus [Résolu]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
16 Juillet 2011 22:18:41

bonsoire, j'ai plusieur problèmes mon pc est redirectionner vers des publicitées, il y a des virus et bloque a chaque foi c'est HORRIBLE. Merci d'avence de bien vouloir m'aidé et pour information je suis vraiment nul de cher nul en informatique. MERCI

Autres pages sur : probleme supprimer virus resolu

a b 8 Sécurité
17 Juillet 2011 11:23:45

Bonjour,


__________________


Pour le bon déroulement de la désinfection :[/#ff]


  • Utilise le moins possible ton PC pendant la procédure, afin de faciliter la désinfection.

  • Suis les procédures données, mais ne tente rien par toi-même : si il y a un souci pendant une procédure, fais-m'en part plutôt que de cliquer au hasard et provoquer une panne sur ton système.

  • Si tu suis déjà une procédure sur un autre forum, merci de le signaler, il est important de ne suivre qu'une seule désinfection à la fois.

  • Même si les symptômes de l'infection ont disparu, le PC n'est pas forcément clean : attends bien que l'on t'ait dit que le PC est désinfecté avant de l'utiliser à nouveau.

  • Même si les désinfections sont faites par des personnes ayant des connaissances approfondies dans la désinfection, il est toujours possible que ton PC plante. Pense à bien sauvegarder tes données ;) 

    __________________


    Si tu es prêt(e), allons-y :

    1)

    [#ff9000]Diagnostic :


  • Télécharge OTL (de OldTimer[/#ff]) sur ton Bureau.

  • Si tu es sous XP, double-clique dessus pour le lancer, si tu es sous Vista/7, fais un clic droit dessus et fais Exécuter en tant qu'administrateur pour le lancer.

  • Une fenêtre apparaît.

  • Coche la case : Tous les utilisateurs

  • Coche les cases correspondant à la Recherche LOP et à la Recherche Purity (En bleu vers le bas de la fenêtre).

  • Sous Personnalisation, copie-colle l'ensemble du texte ci-dessous, laisse les autres options par défaut.

    netsvcs
    msconfig
    drivers32
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    %systemroot%\System32\config\*.sav
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.dll /lockedfiles
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    iexplore.exe
    /md5stop
    CREATERESTOREPOINT


  • Enfin, clique sur le bouton Analyse. Pendant la durée du scanne, ne touche à rien. Le scan prendra quelques temps.

  • A la fin du scan, deux rapports s'ouvriront : OTL.Txt et Extras.Txt. Copie/colle ici l'ensemble des rapports.

    Pour les rapports, qui ont tendance à être trop longs pour le forum, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.

    2)


    [#ff9000]Scan de rootkit


  • Télécharge Gmer. (de Przemyslaw Gmerek[/#ff])

  • Dézippe-le dans un dossier dédié ou sur ton Bureau.

    [#ff0000] Ferme toutes les applications en cours (à part GMER) [/#ff]

  • Double-clique sur Gmer.exe.

    [#ff0000]Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.[/#ff]

  • Clique sur l'onglet Rootkit/Malware.

  • A droite, coche seulement Files, Services & Registry, comme dans l'image ci-dessous :



  • Clique maintenant sur Scan.

  • Lorsque le scan est terminé, clique sur Copy.

  • Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.

  • Le rapport doit alors apparaître.

  • Enregistre le fichier sur ton Bureau et poste le contenu ici.

    [#ffb200]Pour t'aider
  • : Tuto sur GMER
    17 Juillet 2011 13:52:11

    Bonjour, guigui0001 je te remerci infiniment d'avoire prit le temps de me répondre. Je commence immédiatement se que tu m'as dit de faire et je posterais les rapport des que c'est fini. Merci d'avoire aussi bien d'étaillé se que je doit faire merci. c'est bien aimable de ta part guigui0001 A+
    Contenus similaires
    17 Juillet 2011 14:16:13

    voici le rapport OTL.Txt:

    OTL logfile created on: 17/07/2011 13:57:21 - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\user\Bureau
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    503,36 Mb Total Physical Memory | 240,94 Mb Available Physical Memory | 47,87% Memory free
    1,20 Gb Paging File | 0,75 Gb Available in Paging File | 62,85% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 74,52 Gb Total Space | 47,61 Gb Free Space | 63,89% Space Free | Partition Type: NTFS
    Unable to calculate disk information.

    Computer Name: UNICORNI-740953 | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/07/17 13:55:37 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Bureau\OTL.exe
    PRC - [2011/06/30 22:10:50 | 000,917,504 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe
    PRC - [2011/06/30 22:10:50 | 000,495,616 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe
    PRC - [2011/04/08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
    PRC - [2010/12/08 23:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
    PRC - [2010/12/08 21:17:46 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/04/19 10:21:18 | 000,106,496 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
    PRC - [2008/06/06 16:08:56 | 000,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\KPN\bin\sprtsvc.exe
    PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/12/11 02:29:44 | 000,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC207\Monitor.exe
    PRC - [2007/07/07 12:09:36 | 000,954,368 | ---- | M] (www.IslamicFinder.org) -- C:\Program Files\Athan\Athan.exe
    PRC - [2003/08/02 05:05:56 | 000,032,768 | R--- | M] () -- C:\WINDOWS\system32\rmctrl.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/07/17 13:55:37 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Bureau\OTL.exe
    MOD - [2010/08/23 18:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2010/04/19 10:21:08 | 000,018,432 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll
    MOD - [2006/07/11 18:35:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\SweetIM\Messenger\msvcr71.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - [2011/06/30 22:10:50 | 000,495,616 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)
    SRV - [2008/12/09 19:40:16 | 000,464,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
    SRV - [2008/12/09 19:40:16 | 000,234,888 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
    SRV - [2008/06/10 19:02:42 | 000,102,008 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2008/06/06 16:08:56 | 000,202,016 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\KPN\bin\sprtsvc.exe -- (sprtsvc_KPN) SupportSoft Sprocket Service (KPN)
    SRV - [2007/12/11 02:29:44 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
    SRV - [2007/09/20 18:14:36 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
    SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec)
    DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip)
    DRV - [2011/06/30 22:10:51 | 000,502,208 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
    DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2008/06/10 19:02:40 | 000,015,864 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2008/06/10 19:02:40 | 000,015,864 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMDrvService)
    DRV - [2008/04/13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
    DRV - [2008/02/13 13:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
    DRV - [2008/01/18 16:16:28 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016obex.sys -- (a016obex)
    DRV - [2008/01/18 16:16:26 | 000,110,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016mdm.sys -- (a016mdm)
    DRV - [2008/01/18 16:16:26 | 000,104,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016mgmt.sys -- (a016mgmt) Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM)
    DRV - [2008/01/18 16:16:24 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016mdfl.sys -- (a016mdfl)
    DRV - [2008/01/18 16:16:22 | 000,083,880 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016bus.sys -- (a016bus) Sony Ericsson Device A016 driver (WDM)
    DRV - [2007/09/20 21:11:28 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS -- (CdaC15BA)
    DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
    DRV - [2006/11/03 03:32:00 | 004,394,496 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2006/08/14 15:09:48 | 000,083,200 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
    DRV - [2001/08/24 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
    DRV - [2001/08/24 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.files-ftp.com/~unicorni/phpBB2/index.php
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.files-ftp.com/~unicorni/phpBB2/index.php
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.files-ftp.com/~unicorni/phpBB2/index.php
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.files-ftp.com/~unicorni/phpBB2/index.php
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-725345543-436374069-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-725345543-436374069-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-725345543-436374069-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seeearch.com/
    IE - HKU\S-1-5-21-725345543-436374069-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-725345543-436374069-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
    IE - HKU\S-1-5-21-725345543-436374069-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://start.gamenext.fr"
    FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?mkt=fr-be&FORM=MICJ..."
    FF - prefs.js..browser.search.selectedEngine: "Yahoo!"

    FF - user.js..browser.startup.homepage: "http://www.seeearch.com/"

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Program Files\Fichiers communs\fluxDVD\APIX\NPAPIX.dll ()
    FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Program Files\Fichiers communs\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Fichiers communs\mpDRM\NPMPDRM.dll ()
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
    FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
    FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Fichiers communs\fluxDVD\Download Manager\Mozilla [2007/07/25 18:51:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2007/12/19 17:50:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/22 19:14:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/15 20:51:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/15 20:51:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\moovida@spointer.com: C:\Program Files\Fluendo\Moovida\spointer\extensions\moovida@spointer.com
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\videofinder@veoh.com: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\VideoFinder4 [2008/04/08 19:40:52 | 000,000,000 | ---D | M]

    [2009/06/20 18:18:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
    [2009/06/20 18:18:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\home2@tomtom.com
    [2009/01/28 19:26:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ep20z5op.default\extensions
    [2009/01/28 19:26:08 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ep20z5op.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    [2008/02/06 13:41:01 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ep20z5op.default\searchplugins\live-search.xml
    [2008/05/01 01:11:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2007/12/06 20:52:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    [2008/04/15 21:54:16 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
    File not found (No name found) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG
    [2007/07/25 18:51:41 | 000,000,000 | ---D | M] (fluxDVD Download Manager) -- C:\PROGRAM FILES\FICHIERS COMMUNS\FLUXDVD\DOWNLOAD MANAGER\MOZILLA
    [2007/12/19 17:50:08 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD
    [2008/04/08 19:40:52 | 000,000,000 | ---D | M] (Veoh Browser Plug-in) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOH\PLUGINS\NOREG\VIDEOFINDER4
    [2008/02/15 17:57:18 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npgcplug.dll
    [2005/04/27 22:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
    [2007/06/11 14:34:00 | 002,115,816 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
    [2006/09/26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll

    Hosts file not found
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (TBSB06155 Class) - {2DA14D1D-AE74-4A74-A0FE-C79504755DB8} - C:\Program Files\seeearch\seeearch.dll ()
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
    O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O3 - HKLM\..\Toolbar: (IE Toolbar) - {1FDA7DDD-25CE-4034-9D5B-38A120A14218} - C:\Program Files\seeearch\seeearch.dll ()
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
    O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-725345543-436374069-682003330-1003\..\Toolbar\WebBrowser: (IE Toolbar) - {1FDA7DDD-25CE-4034-9D5B-38A120A14218} - C:\Program Files\seeearch\seeearch.dll ()
    O3 - HKU\S-1-5-21-725345543-436374069-682003330-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKU\S-1-5-21-725345543-436374069-682003330-1003\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O4 - HKLM..\Run: [Alcmtr] C:\windows\ALCMTR.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [Athan] C:\Program Files\Athan\Athan.exe (www.IslamicFinder.org)
    O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
    O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
    O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
    O4 - HKLM..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe ()
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
    O4 - HKLM..\Run: [UpdateReminder] C:\Program Files\ESET\UpdateReminder.exe (ESET, spol. s r.o.)
    O4 - HKU\S-1-5-21-725345543-436374069-682003330-1003..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-725345543-436374069-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - File not found
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/direc... (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0... (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-wind... (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-wind... (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-wind... (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
    O24 - Desktop Components:0 () -
    O24 - Desktop Components:1 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O30 - LSA: Authentication Packages - (nwprovau) - C:\windows\System32\nwprovau.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{d0f14187-8e54-11de-ae2e-004f4e62f704}\Shell - "" = AutoRun
    O33 - MountPoints2\{d0f14187-8e54-11de-ae2e-004f4e62f704}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{dd9947bc-5db3-11de-ade0-0019db561ebe}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 0

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax ()
    Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll ()
    Drivers32: vidc.yv12 - C:\windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Error creating restore point.

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/07/17 13:55:24 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Bureau\OTL.exe
    [2011/07/17 13:26:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
    [2011/07/16 18:46:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
    [2011/07/16 18:31:30 | 000,000,000 | ---D | C] -- C:\windows\pss
    [2011/07/15 20:16:31 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
    [2011/07/15 20:16:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
    [2011/07/15 20:16:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
    [2011/07/15 20:16:31 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javacpl.cpl
    [2011/07/15 15:50:25 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\user\Mes documents\XL5YY32.OLB_1036
    [2011/07/13 17:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2011/07/13 17:18:02 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\windows\System32\sdnclean.exe
    [2011/07/13 17:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
    [2011/07/12 21:47:57 | 000,000,000 | -H-D | C] -- C:\windows\ie8
    [2011/07/12 16:36:45 | 000,000,000 | ---D | C] -- C:\windows\ie8(2)
    [2011/07/12 00:40:14 | 000,000,000 | ---D | C] -- C:\spoolerlogs
    [2011/07/01 00:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Skype
    [2011/06/30 22:11:40 | 000,502,208 | ---- | C] (Eset ) -- C:\windows\System32\drivers\amon.sys
    [2011/06/30 22:11:40 | 000,270,336 | ---- | C] (Eset ) -- C:\windows\System32\imon.dll
    [2011/06/24 17:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\seeearch
    [2011/06/24 17:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
    [2011/06/17 17:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\PopCap Games
    [2008/02/15 17:57:30 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
    [7 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
    [4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/07/17 13:55:37 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Bureau\OTL.exe
    [2011/07/17 13:07:52 | 000,000,310 | ---- | M] () -- C:\windows\tasks\GlaryInitialize.job
    [2011/07/17 13:07:47 | 000,001,052 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/07/17 13:07:42 | 000,000,236 | ---- | M] () -- C:\windows\tasks\OGALogon.job
    [2011/07/17 13:07:29 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
    [2011/07/17 02:04:04 | 000,001,056 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/07/17 00:51:51 | 000,000,430 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{CC406929-ADD4-4990-ACFA-7667EBB4284E}.job
    [2011/07/16 21:19:14 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
    [2011/07/16 18:46:44 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
    [2011/07/15 01:30:12 | 002,425,558 | ---- | M] () -- C:\Documents and Settings\user\Bureau\ghjgj.wav
    [2011/07/14 19:11:50 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
    [2011/07/13 21:28:16 | 000,226,408 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
    [2011/07/13 13:38:22 | 000,204,484 | ---- | M] () -- C:\Documents and Settings\user\Mes documents\ZNsoftXp.zip
    [2011/06/30 22:11:48 | 000,000,000 | ---- | M] () -- C:\windows\System32\mapisvc.inf
    [2011/06/30 22:10:53 | 000,270,336 | ---- | M] (Eset ) -- C:\windows\System32\imon.dll
    [2011/06/30 22:10:51 | 000,502,208 | ---- | M] (Eset ) -- C:\windows\System32\drivers\amon.sys
    [2011/06/30 00:00:40 | 000,032,269 | ---- | M] () -- C:\windows\cdplayer.ini
    [2011/06/23 21:59:36 | 000,180,117 | ---- | M] () -- C:\Documents and Settings\user\Bureau\H (2).JPG
    [2011/06/23 21:59:27 | 000,172,388 | ---- | M] () -- C:\Documents and Settings\user\Bureau\H (2) Bis.JPG
    [2011/06/23 21:59:18 | 000,130,980 | ---- | M] () -- C:\Documents and Settings\user\Bureau\H (4).JPG
    [2011/06/23 21:59:09 | 000,128,774 | ---- | M] () -- C:\Documents and Settings\user\Bureau\H (3).JPG
    [2011/06/23 21:58:56 | 000,128,004 | ---- | M] () -- C:\Documents and Settings\user\Bureau\H (1).JPG
    [2011/06/23 21:57:52 | 000,018,193 | ---- | M] () -- C:\Documents and Settings\user\Bureau\H (5).JPG
    [2011/06/21 17:13:44 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\user\Bureau\Microsoft Office Word 2003.lnk
    [2011/06/21 01:19:19 | 000,520,956 | ---- | M] () -- C:\windows\System32\perfh00C.dat
    [2011/06/21 01:19:19 | 000,451,398 | ---- | M] () -- C:\windows\System32\perfh009.dat
    [2011/06/21 01:19:19 | 000,089,932 | ---- | M] () -- C:\windows\System32\perfc00C.dat
    [2011/06/21 01:19:19 | 000,075,278 | ---- | M] () -- C:\windows\System32\perfc009.dat
    [2011/06/19 22:50:56 | 000,000,020 | ---- | M] () -- C:\windows\popcinfot.dat
    [2011/06/17 17:02:57 | 000,000,937 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Bejeweled 2 Deluxe.lnk
    [2011/06/17 17:02:57 | 000,000,194 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Plus de Grands Jeux!.url
    [2011/06/17 17:02:18 | 000,000,000 | ---- | M] () -- C:\windows\popcreg.dat
    [7 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
    [4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/07/17 13:01:53 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    [2011/07/16 18:46:44 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
    [2011/07/16 18:46:43 | 000,034,296 | ---- | C] () -- C:\windows\System32\drivers\mbamcatchme.sys
    [2011/07/16 18:46:43 | 000,015,864 | ---- | C] () -- C:\windows\System32\drivers\mbam.sys
    [2011/07/15 01:30:11 | 002,425,558 | ---- | C] () -- C:\Documents and Settings\user\Bureau\ghjgj.wav
    [2011/07/13 13:38:15 | 000,204,484 | ---- | C] () -- C:\Documents and Settings\user\Mes documents\ZNsoftXp.zip
    [2011/07/01 00:25:12 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
    [2011/06/30 22:11:48 | 000,000,000 | ---- | C] () -- C:\windows\System32\mapisvc.inf
    [2011/06/23 21:57:34 | 000,180,117 | ---- | C] () -- C:\Documents and Settings\user\Bureau\H (2).JPG
    [2011/06/23 21:57:34 | 000,172,388 | ---- | C] () -- C:\Documents and Settings\user\Bureau\H (2) Bis.JPG
    [2011/06/23 21:57:34 | 000,130,980 | ---- | C] () -- C:\Documents and Settings\user\Bureau\H (4).JPG
    [2011/06/23 21:57:34 | 000,128,774 | ---- | C] () -- C:\Documents and Settings\user\Bureau\H (3).JPG
    [2011/06/23 21:57:34 | 000,128,004 | ---- | C] () -- C:\Documents and Settings\user\Bureau\H (1).JPG
    [2011/06/23 21:57:34 | 000,018,193 | ---- | C] () -- C:\Documents and Settings\user\Bureau\H (5).JPG
    [2011/06/17 17:02:57 | 000,000,937 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Bejeweled 2 Deluxe.lnk
    [2011/06/17 17:02:18 | 000,000,020 | ---- | C] () -- C:\windows\popcinfot.dat
    [2011/06/17 17:02:18 | 000,000,000 | ---- | C] () -- C:\windows\popcreg.dat
    [2011/03/03 14:17:48 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
    [2010/11/22 18:38:07 | 000,182,110 | ---- | C] () -- C:\windows\hpoins44.dat
    [2010/11/22 18:38:07 | 000,000,586 | ---- | C] () -- C:\windows\hpomdl44.dat
    [2010/07/20 11:12:35 | 000,000,399 | ---- | C] () -- C:\windows\System32\Remover.ini
    [2010/07/20 11:12:30 | 000,000,566 | ---- | C] () -- C:\windows\System32\SP207.ini
    [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
    [2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
    [2008/09/12 21:36:25 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
    [2008/08/24 21:42:41 | 000,032,269 | ---- | C] () -- C:\windows\cdplayer.ini
    [2008/08/12 15:29:42 | 000,005,450 | ---- | C] () -- C:\windows\System32\mecqqky.dat
    [2008/05/22 18:40:13 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/02/29 23:46:41 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
    [2008/02/28 02:00:58 | 000,019,968 | ---- | C] () -- C:\windows\System32\cpuinf32.dll
    [2008/02/28 02:00:57 | 000,152,064 | ---- | C] () -- C:\windows\System32\unrar.dll
    [2008/02/28 02:00:54 | 000,761,856 | ---- | C] () -- C:\windows\System32\xvidcore.dll
    [2007/12/03 14:30:10 | 000,001,411 | ---- | C] () -- C:\windows\mozver.dat
    [2007/12/03 13:52:07 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
    [2007/11/16 02:27:12 | 000,000,133 | ---- | C] () -- C:\windows\System32\imon1.dat
    [2007/09/17 19:02:07 | 000,000,000 | ---- | C] () -- C:\windows\popcinfo.dat
    [2007/09/09 16:08:33 | 000,000,182 | ---- | C] () -- C:\windows\cncscore.ini
    [2007/09/04 20:41:56 | 000,000,097 | ---- | C] () -- C:\windows\PCTAP.ini
    [2007/08/30 03:52:56 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
    [2007/07/27 18:00:53 | 000,000,471 | ---- | C] () -- C:\windows\lexstat.ini
    [2007/07/27 18:00:52 | 000,000,092 | ---- | C] () -- C:\windows\dellstat.ini
    [2007/07/26 17:16:03 | 000,000,116 | ---- | C] () -- C:\windows\NeroDigital.ini
    [2007/07/25 02:55:25 | 000,004,205 | ---- | C] () -- C:\windows\ODBCINST.INI
    [2007/07/25 02:54:04 | 000,226,408 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
    [2007/07/25 01:07:02 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
    [2007/07/25 01:00:02 | 000,021,892 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
    [2007/07/24 19:52:18 | 000,036,864 | R--- | C] () -- C:\windows\System32\ctrldll.dll
    [2007/07/24 19:52:18 | 000,032,768 | R--- | C] () -- C:\windows\System32\rmctrl.exe
    [2007/07/24 19:51:46 | 000,000,385 | ---- | C] () -- C:\windows\ODBC.INI
    [2007/07/24 19:45:38 | 000,049,152 | R--- | C] () -- C:\windows\System32\ChCfg.exe
    [2004/08/04 01:08:26 | 000,001,804 | ---- | C] () -- C:\windows\System32\dcache.bin
    [2004/08/04 00:54:30 | 000,755,200 | ---- | C] () -- C:\windows\System32\ir50_32.dll
    [2004/08/04 00:54:30 | 000,338,432 | ---- | C] () -- C:\windows\System32\ir41_qcx.dll
    [2004/08/04 00:54:30 | 000,200,192 | ---- | C] () -- C:\windows\System32\ir50_qc.dll
    [2004/08/04 00:54:30 | 000,183,808 | ---- | C] () -- C:\windows\System32\ir50_qcx.dll
    [2004/08/04 00:54:30 | 000,120,320 | ---- | C] () -- C:\windows\System32\ir41_qc.dll
    [2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat
    [2003/04/01 10:58:02 | 000,005,260 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI
    [2001/08/24 14:00:00 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin
    [2001/08/24 14:00:00 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
    [2001/08/24 14:00:00 | 000,520,956 | ---- | C] () -- C:\windows\System32\perfh00C.dat
    [2001/08/24 14:00:00 | 000,451,398 | ---- | C] () -- C:\windows\System32\perfh009.dat
    [2001/08/24 14:00:00 | 000,322,810 | ---- | C] () -- C:\windows\System32\perfi00C.dat
    [2001/08/24 14:00:00 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat
    [2001/08/24 14:00:00 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat
    [2001/08/24 14:00:00 | 000,089,932 | ---- | C] () -- C:\windows\System32\perfc00C.dat
    [2001/08/24 14:00:00 | 000,075,278 | ---- | C] () -- C:\windows\System32\perfc009.dat
    [2001/08/24 14:00:00 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin
    [2001/08/24 14:00:00 | 000,034,108 | ---- | C] () -- C:\windows\System32\perfd00C.dat
    [2001/08/24 14:00:00 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat
    [2001/08/24 14:00:00 | 000,004,463 | ---- | C] () -- C:\windows\System32\oembios.dat
    [2001/08/24 14:00:00 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat

    ========== LOP Check ==========

    [2011/05/11 20:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
    [2010/12/03 00:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarSouthpoint
    [2011/03/30 19:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aliasworlds
    [2008/11/08 22:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2011/05/19 12:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
    [2009/08/23 15:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cupcakecafe
    [2009/04/05 02:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivoGames
    [2011/07/01 00:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
    [2011/05/19 12:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
    [2011/06/06 13:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileServe Limited
    [2011/04/26 01:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
    [2011/03/03 15:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fMoIeDe02400
    [2010/04/29 20:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
    [2009/10/09 17:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
    [2011/02/11 23:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funny Bear Studio
    [2009/07/28 22:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
    [2009/03/03 17:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
    [2010/03/26 14:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Happyville__
    [2010/07/19 22:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
    [2010/06/01 15:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
    [2010/03/01 04:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
    [2010/04/17 20:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Legacy Interactive
    [2010/05/02 12:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
    [2010/11/19 21:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
    [2010/04/14 14:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
    [2010/02/19 16:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NannyMania
    [2009/09/22 15:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
    [2011/05/19 12:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
    [2011/03/21 14:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
    [2011/06/09 01:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
    [2011/04/26 16:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QB9 S.R.L
    [2010/12/06 21:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
    [2010/04/02 13:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ShinyTales
    [2011/02/05 18:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
    [2010/06/14 15:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
    [2009/08/22 14:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2010/05/12 19:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SweetIM
    [2011/06/17 16:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/03/07 07:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    [2010/12/10 13:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
    [2009/04/30 21:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
    [2010/03/07 07:49:41 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
    [2009/03/21 19:58:04 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\user\Application Data\.#
    [2010/01/29 15:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\1morebee
    [2007/10/24 03:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\20071004013402.80.61.164.146
    [2008/03/19 23:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Abra Academy2
    [2008/07/07 16:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Alawar
    [2010/12/03 00:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AlawarSouthpoint
    [2011/03/30 19:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\aliasworlds
    [2008/07/24 02:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Amaranth Games
    [2011/06/17 17:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Azureus
    [2011/05/21 20:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Belastingdienst
    [2010/05/03 17:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BfgBar
    [2008/08/26 20:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BFG_JanesRealty
    [2008/09/03 21:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Big Fish Games
    [2011/03/12 00:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BlamGames
    [2009/02/22 17:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\blg
    [2009/03/13 20:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Boolat Games
    [2008/07/02 20:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Boomzap
    [2009/06/07 20:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Camel101
    [2008/06/20 23:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\cerasus.media
    [2011/03/02 00:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\EleFun Games
    [2007/08/13 15:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Eyeblaster
    [2008/03/22 03:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Flood Light Games
    [2011/04/26 01:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Floodlight Games
    [2007/09/08 01:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FloodLightGames
    [2010/04/29 20:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\freshgames
    [2010/12/07 20:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Friday's games
    [2008/02/11 20:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FrimaStudio
    [2008/03/02 18:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\funkitron
    [2008/06/20 01:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Fuzzy Games
    [2008/07/31 16:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Gaijin Ent
    [2011/03/19 03:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Game Mill Entertainment
    [2008/02/18 19:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GameHouse
    [2008/11/14 16:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Gamelab
    [2010/05/13 15:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GamesCafe
    [2010/03/07 19:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GlarySoft
    [2011/07/01 00:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\go
    [2008/08/14 16:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Go-Go Gourmet Chef of the Year
    [2009/02/18 19:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Gogii Games
    [2011/02/26 14:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\HdO Adventure
    [2010/07/17 17:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Home Sweet Home
    [2009/05/20 04:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Home Sweet Home 2
    [2010/12/16 16:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Home Sweet Home Christmas
    [2011/06/03 01:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InImages
    [2011/03/11 14:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ipih
    [2008/06/03 17:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\iWin
    [2011/03/11 18:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Izguga
    [2007/09/23 03:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Jane s Hotel
    [2008/03/28 04:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Jane s Hotel Family Hero
    [2011/05/11 19:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Jewel Match 3
    [2010/04/20 12:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ladia Group
    [2011/02/12 14:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\LegacyInteractive
    [2007/12/18 23:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Legends of pirates
    [2008/01/09 14:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\LENS Media BV
    [2010/12/15 20:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Local
    [2009/09/13 00:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Lost in the City
    [2008/06/02 03:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ludia
    [2010/03/07 02:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Magic Academy
    [2008/03/06 17:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Magic Seeds
    [2011/05/02 20:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\MAI
    [2011/05/13 14:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Manifesto Games
    [2009/05/29 01:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mean Hamster
    [2008/05/14 21:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Meridian93
    [2009/09/16 17:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Merscom
    [2011/04/23 11:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\moovida-1
    [2007/10/27 02:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\MSNInstaller
    [2007/09/07 21:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\My Games
    [2007/12/18 20:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\MysteryStudio
    [2007/09/23 03:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mysteryville2
    [2010/06/08 11:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\NevoSoft Games
    [2008/09/13 21:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Oberon Games
    [2011/07/15 15:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\OfferBox
    [2010/04/14 13:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Opera
    [2011/03/11 23:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Peace Craft
    [2011/03/12 15:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PeaceCraft2
    [2011/04/23 19:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ph03nixNewMedia
    [2011/04/27 17:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Pi Eye Games
    [2011/03/16 22:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PlayFirst
    [2011/05/12 14:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\playmink
    [2008/03/20 00:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Pogo Games
    [2007/09/07 18:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Sandlot Games
    [2010/03/07 03:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Sanna
    [2009/04/04 02:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Shape games
    [2010/03/07 04:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ShinyTales
    [2008/12/12 02:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Sony Setup
    [2011/03/06 00:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Spark Plug Games
    [2011/04/24 12:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SpinTop Games
    [2008/04/17 22:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SprillBermudeFr
    [2008/07/04 17:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SulusGames
    [2010/12/04 18:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Supermarket Mania 2
    [2007/09/18 00:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ten Thumbs Typing Tutor
    [2010/04/04 03:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TheFixerUpper
    [2009/06/20 18:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TomTom
    [2008/02/15 19:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Total Eclipse
    [2010/03/07 07:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TuneUp Software
    [2007/09/06 01:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TypingMaster7
    [2008/11/20 21:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Valusoft
    [2007/09/29 20:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\VeniceMysteryData
    [2009/10/09 20:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ViquaSoft
    [2011/03/11 19:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\WendigoStudios
    [2008/03/29 14:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Yatec Games
    [2010/03/01 05:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\YoudaGames
    [2010/02/18 15:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Zylom
    [2011/07/17 13:07:52 | 000,000,310 | ---- | M] () -- C:\windows\Tasks\GlaryInitialize.job
    [2011/07/17 13:07:42 | 000,000,236 | ---- | M] () -- C:\windows\Tasks\OGALogon.job
    [2011/07/17 02:17:19 | 000,032,464 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
    [2011/07/17 00:51:51 | 000,000,430 | -H-- | M] () -- C:\windows\Tasks\User_Feed_Synchronization-{CC406929-ADD4-4990-ACFA-7667EBB4284E}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %APPDATA%\*. >
    [2009/03/21 19:58:04 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\user\Application Data\.#
    [2010/01/29 15:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\1morebee
    [2007/10/24 03:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\20071004013402.80.61.164.146
    [2008/03/19 23:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Abra Academy2
    [2011/03/29 16:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Adobe
    [2008/06/16 20:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AdobeUM
    [2008/11/11 05:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ahead
    [2008/07/07 16:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Alawar
    [2010/12/03 00:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AlawarSouthpoint
    [2011/03/30 19:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\aliasworlds
    [2008/07/24 02:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Amaranth Games
    [2010/07/20 20:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ArcSoft
    [2011/06/17 17:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Azureus
    [2011/05/21 20:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Belastingdienst
    [2010/05/03 17:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BfgBar
    [2008/08/26 20:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BFG_JanesRealty
    [2008/09/03 21:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Big Fish Games
    [2011/04/23 21:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\bigfish
    [2010/04/02 00:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Bigfish 3 Days Zoo Mystery
    [2011/03/12 00:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BlamGames
    [2009/02/22 17:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\blg
    [2009/03/13 20:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Boolat Games
    [2008/07/02 20:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Boomzap
    [2009/06/07 20:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Camel101
    [2008/06/20 23:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\cerasus.media
    [2007/07/28 14:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\CyberLink
    [2010/12/15 22:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DivX
    [2011/03/02 00:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\EleFun Games
    [2007/08/13 15:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Eyeblaster
    [2008/03/22 03:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Flood Light Games
    [2011/04/26 01:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Floodlight Games
    [2007/09/08 01:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FloodLightGames
    [2010/04/29 20:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\freshgames
    [2010/12/07 20:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Friday's games
    [2008/02/11 20:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FrimaStudio
    [2008/03/02 18:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\funkitron
    [2008/06/20 01:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Fuzzy Games
    [2008/07/31 16:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Gaijin Ent
    [2011/03/19 03:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Game Mill Entertainment
    [2008/02/18 19:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GameHouse
    [2008/11/14 16:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Gamelab
    [2010/05/13 15:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GamesCafe
    [2010/03/07 19:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GlarySoft
    [2011/07/01 00:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\go
    [2008/08/14 16:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Go-Go Gourmet Chef of the Year
    [2009/02/18 19:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Gogii Games
    [2007/10/04 18:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Google
    [2011/02/26 14:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\HdO Adventure
    [2007/08/28 17:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Help
    [2010/07/17 17:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Home Sweet Home
    [2009/05/20 04:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Home Sweet Home 2
    [2010/12/16 16:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Home Sweet Home Christmas
    [2010/11/22 19:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\HP
    [2011/04/25 16:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\HPAppData
    [2010/02/18 15:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Identities
    [2011/06/03 01:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InImages
    [2011/03/11 14:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ipih
    [2008/06/03 17:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\iWin
    [2011/03/11 18:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Izguga
    [2007/09/23 03:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Jane s Hotel
    [2008/03/28 04:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Jane s Hotel Family Hero
    [2011/05/11 19:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Jewel Match 3
    [2010/04/20 12:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ladia Group
    [2007/11/13 20:06:23 | 000,000,000 | ---D | M]
    17 Juillet 2011 14:18:42

    Et voici le rapport Extras.Txt:

    OTL Extras logfile created on: 17/07/2011 13:57:21 - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\user\Bureau
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    503,36 Mb Total Physical Memory | 240,94 Mb Available Physical Memory | 47,87% Memory free
    1,20 Gb Paging File | 0,75 Gb Available in Paging File | 62,85% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 74,52 Gb Total Space | 47,61 Gb Free Space | 63,89% Space Free | Partition Type: NTFS
    Unable to calculate disk information.

    Computer Name: UNICORNI-740953 | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" %*
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
    "65533:TCP" = 65533:TCP:*:Enabled:Services
    "52344:TCP" = 52344:TCP:*:Enabled:Services

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
    "65533:TCP" = 65533:TCP:*:Enabled:Services
    "52344:TCP" = 52344:TCP:*:Enabled:Services

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:D isabled:Veoh Client -- (Veoh Networks)
    "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
    "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
    "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
    "C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE
    "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
    "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:D isabled:Explorateur Windows -- (Microsoft Corporation)
    "C:\WINDOWS\Installer\{5335DADB-34BA-4AE8-A519-648D78498846}\SkypeIcon.exe" = C:\WINDOWS\Installer\{5335DADB-34BA-4AE8-A519-648D78498846}\SkypeIcon.exe:*:Enabled:SkypeIcon
    "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:D isabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
    "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
    "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
    "{0CA6047C-D28B-4295-834A-07C52BA20C2D}" = Extension de Windows Live Toolbar (Windows Live Toolbar)
    "{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}" = Menus intelligents (Windows Live Toolbar)
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}" = Galerie de photos Windows Live
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
    "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3A2AF807-9F9F-43C9-A24A-17B617238B74}" = OpenOffice.org Installer 1.0
    "{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
    "{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{58A8C749-CB30-443C-841E-EDC4EF8BC648}" = High School Brain Training Advanced
    "{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6D7F8D4B-D1A4-402A-973E-31E90940E585}" = OneCare Advisor (Windows Live Toolbar)
    "{6E15BEDF-7EB5-4010-998E-B430DB4EFE45}" = Barre d'outils Outlook de Windows Live (Windows Live Toolbar)
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites pour Windows Live Toolbar
    "{7A27764B-5434-4DAA-BD43-3ACF4FFCD7FE}" = SweetIM Toolbar for Internet Explorer 3.8
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
    "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95120000-0122-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9A9AFE08-7245-4DFC-B8AF-C337418BD4E2}" = PC Tap
    "{9D6524E6-15CF-4852-BF70-04FE973A3DE1}" = Windows Live Toolbar
    "{9FF9FDF7-F84A-4F99-B4BB-066B6F95F33D}" = Windows Live Contrôle parental
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A425C250-A0E1-4D78-B1C1-A5CBC7385E7C}" = Bloqueur de fenêtres pop-up (Windows Live Toolbar)
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1036-7B44-A70900000002}" = Adobe Reader 7.0.9 - Français
    "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
    "{B0CDD92B-588D-475B-A77C-DD674ED537D8}" = Mail&Internet Assistent
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = Trust 100K Series Webcam
    "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
    "{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
    "{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX v1.9
    "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
    "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
    "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
    "{E916E61F-DE9D-4EAF-91E1-CEB50016326A}" = Navigation par onglets (Windows Live Toolbar)
    "{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976}" = Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
    "{F727DCA7-4B7B-4CF5-8348-881BF3B0D046}" = SweetIM for Messenger 3.1
    "{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
    "{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack
    "Aangifte inkomstenbelasting 2008" = Aangifte inkomstenbelasting 2008
    "Aangifte inkomstenbelasting 2009" = Aangifte inkomstenbelasting 2009
    "Aangifte inkomstenbelasting 2010" = Aangifte inkomstenbelasting 2010
    "Ad-Aware SE Personal" = Ad-Aware SE Personal
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11
    "Ask Toolbar_is1" = Vuze Toolbar
    "Athan" = Athan Basic 3.1
    "Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe
    "Believe in Santa_is1" = Believe in Santa fr
    "BFG-3 Days - Zoo Mystery" = 3 Days: Zoo Mystery
    "BFG-Alice's Tea Cup Madness" = Alice's Tea Cup Madness
    "BFG-Arabesque" = Arabesque
    "BFG-Avenue Flo" = Avenue Flo
    "BFG-Azada" = Azada
    "BFG-Azada - Ancient Magic" = Azada : Ancient Magic
    "BfgBar" = Big Fish Games Toolbar 2.0
    "BFG-Be Rich" = Be Rich
    "BFG-Believe in Sandy - Holiday Story" = Believe in Sandy: Holiday Story
    "BFG-Believe in Santa - Sandy`s Story" = Believe in Santa - Sandy`s Story
    "BFG-Build It! Miami Beach Resort" = Build It! Miami Beach Resort
    "BFG-Build-a-lot" = Build-a-lot
    "BFG-Build-a-Lot - The Elizabethan Era" = Build-a-Lot: The Elizabethan Era
    "BFG-Build-a-lot 3 - Passport to Europe" = Build-a-lot 3: Passport to Europe
    "BFG-Build-a-Lot 4 - Power Source" = Build-a-Lot 4: Power Source
    "BFG-Burger Bustle" = Burger Bustle
    "BFGC" = Big Fish Games: Game Manager
    "BFG-Cake Mania 3" = Cake Mania 3
    "BFG-Cake Mania Main Street" = Cake Mania Main Street
    "BFG-Cake Shop 2" = Cake Shop 2
    "BFG-Cerebral Challenge" = Cérébral Challenge
    "BFG-Continental Cafe" = Continental Cafe
    "BFG-Cooking Academy" = Cooking Academy
    "BFG-Cooking Academy 2 - World Cuisine" = Cooking Academy 2: World Cuisine
    "BFG-Cooking Dash" = Cooking Dash
    "BFG-Cooking Dash - DinerTown Studios" = Cooking Dash: DinerTown Studios
    "BFG-Cooking Quest" = Cooking Quest
    "BFG-Eye for Design" = Eye for Design
    "BFG-Fashion Fortune" = Fashion Fortune
    "BFG-Fiona Finch and the Finest Flowers" = Fiona Finch and the Finest Flowers
    "BFG-Go Go Gourmet - Chef of the Year" = Go-Go Gourmet: Chef of the Year
    "BFG-Golden Hearts Juice Bar" = Golden Hearts Juice Bar
    "BFG-Hells Kitchen" = Hell's Kitchen
    "BFG-Home Sweet Home" = Home Sweet Home
    "BFG-Home Sweet Home - Christmas Edition" = Home Sweet Home: Christmas Edition
    "BFG-Home Sweet Home 2 - Kitchens and Baths" = Home Sweet Home 2: Kitchens and Baths
    "BFG-Horatio's Travels" = Horatio's Travels
    "BFG-Hot Dish 2 - Cross Country Cook Off" = Hot Dish 2: Cross Country Cook Off
    "BFG-Jessica's Cupcake Cafe" = Jessica's Cupcake Cafe
    "BFG-Jojo's Fashion Show - World Tour" = Jojo's Fashion Show: World Tour
    "BFG-Kelly Green Garden Queen" = Kelly Green Garden Queen
    "BFG-Kitchen Brigade" = Kitchen Brigade
    "BFG-Mary Kay Andrews - The Fixer Upper" = Mary Kay Andrews: The Fixer Upper
    "BFG-Nanny 911" = Nanny 911
    "BFG-Nanny Mania" = Nanny Mania
    "BFG-Nanny Mania 2" = Nanny Mania 2
    "BFG-Posh Boutique" = Posh Boutique
    "BFG-Restaurant Empire" = Restaurant Empire
    "BFG-Romopolis" = Romopolis
    "BFG-Sally's Salon" = Sally's Salon
    "BFG-Sally's Studio" = Sally's Studio
    "BFG-Supermarket Management" = Supermarket Management
    "BFG-The Apprentice - Los Angeles" = The Apprentice - Los Angeles
    "BFG-Youda Farmer" = Youda Farmer
    "BFG-Youda Sushi Chef" = Youda Sushi Chef
    "Build-a-lot" = Build-a-lot (remove only)
    "Cake Mania Deluxe" = Cake Mania Deluxe
    "CCleaner" = CCleaner (remove only)
    "CdaC13Ba" = SafeCast Shared Components
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DivX Setup.divx.com" = Configuration DivX
    "Glary Utilities_is1" = Glary Utilities 2.20.0.831
    "Google Chrome" = Google Chrome
    "Google Updater" = Outil de mise à jour Google
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Print Projects" = HP Print Projects 1.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "Huur- en zorgtoeslag 2010" = Huur- en zorgtoeslag 2010
    "Huur- en zorgtoeslag 2011" = Huur- en zorgtoeslag 2011
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MSNINST" = MSN
    "Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
    "NOD32" = NOD32 Antivirus System
    "Posh Boutique 2 Deluxe" = Posh Boutique 2 Deluxe
    "RealArcade 1.2" = RealArcade
    "RealPlayer 6.0" = RealPlayer
    "Sandlot Games Client Services_is1" = Sandlot Games Client Services
    "Shop for HP Supplies" = Shop for HP Supplies
    "TRUST MI-2500X OPTICAL MOUSE" = TRUST MI-2500X OPTICAL MOUSE
    "Vuze" = Vuze
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "WinLiveSuite_Wave3" = Installation Windows Live
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Customizations" = Yahoo! Extras
    "Yahoo! Internet Mail" = Yahoo! Internet Mail

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-725345543-436374069-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Game Organizer" = EasyBits GO

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 16/07/2011 14:33:59 | Computer Name = UNICORNI-740953 | Source = Application Hang | ID = 1002
    Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 16/07/2011 14:33:59 | Computer Name = UNICORNI-740953 | Source = Application Hang | ID = 1002
    Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 16/07/2011 14:35:02 | Computer Name = UNICORNI-740953 | Source = Application Hang | ID = 1001
    Description = Détecteur d'erreurs 00000009.

    Error - 16/07/2011 14:35:02 | Computer Name = UNICORNI-740953 | Source = Application Hang | ID = 1001
    Description = Détecteur d'erreurs 00000009.

    Error - 16/07/2011 14:35:02 | Computer Name = UNICORNI-740953 | Source = Application Hang | ID = 1001
    Description = Détecteur d'erreurs 00000009.

    Error - 16/07/2011 14:35:02 | Computer Name = UNICORNI-740953 | Source = Application Hang | ID = 1001
    Description = Détecteur d'erreurs 00000009.

    Error - 16/07/2011 19:01:13 | Computer Name = UNICORNI-740953 | Source = Application Error | ID = 1000
    Description = Application défaillante iexplore.exe, version 8.0.6001.18702, module
    défaillant msvcrt.dll, version 7.0.2600.5512, adresse de défaillance 0x000372e3.

    Error - 17/07/2011 07:10:34 | Computer Name = UNICORNI-740953 | Source = MBAMService | ID = 131073
    Description =

    Error - 17/07/2011 07:10:36 | Computer Name = UNICORNI-740953 | Source = MBAMService | ID = 131073
    Description =

    Error - 17/07/2011 07:10:36 | Computer Name = UNICORNI-740953 | Source = MBAMService | ID = 131073
    Description =

    [ System Events ]
    Error - 16/07/2011 08:43:55 | Computer Name = UNICORNI-740953 | Source = DCOM | ID = 10005
    Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman
    avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    Error - 16/07/2011 08:44:37 | Computer Name = UNICORNI-740953 | Source = DCOM | ID = 10005
    Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
    avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 16/07/2011 12:03:00 | Computer Name = UNICORNI-740953 | Source = Service Control Manager | ID = 7000
    Description = Le service MBAMProtector n'a pas pu démarrer en raison de l'erreur :
    %%2

    Error - 16/07/2011 12:03:00 | Computer Name = UNICORNI-740953 | Source = Service Control Manager | ID = 7001
    Description = Le service MBAMService dépend du service MBAMProtector qui n'a pas
    pu démarrer en raison de l'erreur : %%2

    Error - 16/07/2011 12:44:01 | Computer Name = UNICORNI-740953 | Source = DCOM | ID = 10005
    Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
    avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 16/07/2011 12:44:17 | Computer Name = UNICORNI-740953 | Source = Service Control Manager | ID = 7026
    Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
    charger : Fips intelppm

    Error - 16/07/2011 13:01:10 | Computer Name = UNICORNI-740953 | Source = DCOM | ID = 10005
    Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
    avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 16/07/2011 13:06:15 | Computer Name = UNICORNI-740953 | Source = Service Control Manager | ID = 7000
    Description = Le service MBAMDrvService n'a pas pu démarrer en raison de l'erreur :
    %%2

    Error - 16/07/2011 13:06:17 | Computer Name = UNICORNI-740953 | Source = Service Control Manager | ID = 7000
    Description = Le service MBAMDrvService n'a pas pu démarrer en raison de l'erreur :
    %%2

    Error - 16/07/2011 18:04:08 | Computer Name = UNICORNI-740953 | Source = DCOM | ID = 10005
    Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service gupdate1c9cc0b501c2c60
    avec les arguments "/comsvc" pour démarrer le serveur : {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    [ TuneUp Events ]
    Error - 15/03/2011 07:21:57 | Computer Name = UNICORNI-740953 | Source = TuneUp Program Statistics | ID = 131840
    Description =

    Error - 15/03/2011 07:22:47 | Computer Name = UNICORNI-740953 | Source = TuneUp Program Statistics | ID = 131840
    Description =

    Error - 15/03/2011 07:25:42 | Computer Name = UNICORNI-740953 | Source = TuneUp Program Statistics | ID = 131840
    Description =

    Error - 15/03/2011 07:26:13 | Computer Name = UNICORNI-740953 | Source = TuneUp Program Statistics | ID = 131840
    Description =

    Error - 15/03/2011 07:27:27 | Computer Name = UNICORNI-740953 | Source = TuneUp Program Statistics | ID = 131840
    Description =

    Error - 15/03/2011 10:05:35 | Computer Name = UNICORNI-740953 | Source = TuneUp Program Statistics | ID = 131840
    Description =

    Error - 18/03/2011 17:31:24 | Computer Name = UNICORNI-740953 | Source = TuneUp Program Statistics | ID = 131840
    Description =

    Error - 18/03/2011 17:31:29 | Computer Name = UNICORNI-740953 | Source = TuneUp Program Statistics | ID = 131840
    Description =

    Error - 18/03/2011 21:01:21 | Computer Name = UNICORNI-740953 | Source = TuneUp Program Statistics | ID = 131840
    Description =

    Error - 18/03/2011 21:01:21 | Computer Name = UNICORNI-740953 | Source = TuneUp Program Statistics | ID = 131840
    Description =


    < End of report >
    17 Juillet 2011 18:34:09

    Bonjour, je suis sincèrement désolé :cry:  je n'y arrive pas avec gmer cela fait plus de 5x que je le fait et il plante a chaque foi un écran bleu puis je le rallume et rebelote l'écran bleu la dèrnière foi il a complètement bloqué et il n'y avais plus d'internet puis c'est éteind. Je ne sais plus quoi faire :pt1cable:  j'attend tes instructions pour la suite encor un grand merci. A+
    a b 8 Sécurité
    17 Juillet 2011 18:48:03

    Re :) 

    Bien alors pour le rapport OTL, peux-tu me le fournir comme demandé s'il te plaît ? Merci :

    Citation :
    Pour les rapports, qui ont tendance à être trop longs pour le forum, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.


    Là le rapport OTL est tronqué ;) 

    Pour GMER, bon on laisse tomber, on va utiliser Catchme :

    Télécharge Catchme (Przemyslaw Gmerek) sur ton Bureau.

  • Double clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse. (Ce rapport est sur ton bureau.)

    Fais également ceci s'il te plaît :

    http://img411.imageshack.us/img411%2" alt="" class="imgLz frmImg " />
    17 Juillet 2011 19:13:03

    excuse moi mais je n'ai pas comprit se que je devais faire? Merci


    Fais également ceci s'il te plaît :


    http://img411.imageshack.us/img411%2

    " alt="" class="imgLz frmImg " />
    17 Juillet 2011 19:42:00

    Re: :) 

    Merci c'étais plumple avec celui ci voici le rapport:

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-07-17 19:18:03
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    IPC error: 2 Le fichier spécifié est introuvable.
    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "4Y3Y0C3AZF7W0I6WAMLHLZ"="C:\Recycle.Bin\B6232F3AF47.exe /q"

    scanning hidden files ...

    C:\Recycle.Bin
    C:\Recycle.Bin\1D7F7CFE68BBBF5 21546 bytes
    C:\Recycle.Bin\B6232F3AF47.exe 172032 bytes executable

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 3



    Voila dit moi si je doit faire autre chose merci a toi.
    :hello: 
    a b 8 Sécurité
    17 Juillet 2011 19:47:21

    Re,

    Bon mais c'est le bronx sur ton PC... Plein d'adwares en tout genre, ça ne m'étonne pas que tu aies des pubs !

    Bon fais ceci dans l'ordre :

    1)

    Scan Ad-Remover

  • Télécharge Ad-Remover (de C_XX[/#ff]) sur ton Bureau.

    [#ff0000]Déconnecte-toi et ferme toutes applications en cours[/#ff]


  • Double-clique sur AD-R présent sur ton bureau. (Clic droit -> "Exécuter en tant qu'administrateur" pour VISTA/7)

  • Patiente jusqu'à l'apparition du menu principal. A partir de là, clique sur Scanner. On te demandera de confirmer, clique sur Oui et patiente jusqu'à la fin du scan.

    [#ff0000]Laisse travailler l'outil [/#ff]


  • Une fenêtre contenant le rapport va s'ouvrir, poste-moi le rapport dans ta prochaine réponse.
    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
    Ensuite clique sur Quitter pour fermer Ad-Remover.

    Note : Le rapport que Ad-Remover viens de générer se trouve ici : C:\Ad-Report-SCAN

    [#ff9d00]Pour t'aider :
  • Tuto sur AD-R

    2)

  • Ouvre le bloc-notes (Démarrer > Tous les programmes > Accessoires > Bloc-Notes

  • Copie le texte dans le cadre ci-dessous :

    @echo off
    cd\
    if exist C:\Rapport.txt del C:\Rapport.txt
    dir C:\Program~1\temp01 > "C:\Rapport.txt"
    start C:\Rapport.txt
    pause
    end


  • Colle-le dans le bloc-notes, puis enregistre le fichier comme ceci :

    --> Clique sur Fichier > Enregistrer sous...

    --> Dans type de fichiers, mets "Tous types de fichiers"

    --> Dans nom de fichier, tape fix.bat

    --> Enregistre ton fichier sur le bureau.

  • Double-clique sur le fichier que tu viens d'enregistrer.

  • Un rapport va s'afficher, copie/colle-le dans ta prochaine réponse.


    17 Juillet 2011 20:26:12

    Re:

    Voila j'ai fait la 2ème étape sa me marque "le fichier spécifié est introuvable"
    et le bloc-notes est vide. J'ai bien suivi les instructions mais sa ne fonctionne pas :(  . J'attend tes instructions si il y a autre chose a faire. Merci
    a b 8 Sécurité
    18 Juillet 2011 11:51:37

    Bien le bonjour en ce lundi gris,

    1)

    Fix Ad-Remover

    Déconnecte-toi et ferme toutes applications en cours[/#ff]


  • Relance Ad-Remover. (Clic droit -> "Exécuter en tant qu'administrateur" pour VISTA/7)

  • Patiente jusqu'à l'apparition du menu principal. A partir de là, clique sur Nettoyer. On te demandera de confirmer, clique sur Oui et patiente jusqu'à la fin du scan.

    [#ff0000]Laisse travailler l'outil [/#ff]


  • Une fenêtre contenant un nouveau rapport va s'ouvrir, poste-moi le rapport dans ta prochaine réponse.
    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
    Ensuite clique sur Quitter pour fermer Ad-Remover.

    Note : Le rapport que Ad-Remover viens de générer se trouve ici : C:\Ad-Report-CLEAN

    [#ff9d00]Pour t'aider :
  • Tuto sur AD-R

    2)

    Tu as un virus dans ta corbeille qui est sûrement responsable des redirections :

  • Va dans le Panneau de configuration (Démarrer > Panneau de configuration)

  • Mets l'affichage classique au lieu de l'affichage par catégories. Double-clique ensuite sur Options des dossiers

  • Dans l'onglet Affichage, coche la case "Afficher les fichiers et dossiers cachés', et décoche "masquer les fichiers protégés par le système d'exploitation".

  • Valide, et va dans la corbeille. Supprime tous les fichiers qu'il y a dedans.

  • Si tu rencontres un problème pour supprimer le fichier, dis-le moi.

    Note : au prochain démarrage un message d'erreur apparaîtra sûrement comme quoi un fichier est introuvable. C'est normal, on va s'en occuper juste après.

    3)

    Refais un scan OTL sans mettre de personnalisation, et poste le rapport :) 

    4)

    Recommence la manip du bloc-notes mais avec ce texte :

    @echo off
    CD\
    if exist "C:\Rapport.txt" del "C:\Rapport.txt"
    dir "C:\Program~1\temp01" >> "C:\Rapport.txt"
    start "C:\Rapport.txt"
    pause
    end
    18 Juillet 2011 15:57:18

    Bien le bonjour a toi guigui0001, :) 

    j'ai suivi tout les étapes pour la corbeille il n'y avais rien a supprimer aucun problèmes.
    Pour le bloc-notes il y avais juste cela d'écrit:

    Microsoft windows xp [version 5.1.2600]
    <C> copyright 1985-2001 Microsoft Corp.
    C:/>_


    voici le rapport de Ad-Clean
    http://www.cijoint.fr/cjlink.php?file=cj201107/cijV1qBi...


    voici le rapport de OTL
    http://www.cijoint.fr/cjlink.php?file=cj201107/cijxCDQP...


    J'éspère que c'est bon je te remèrcie je te souhaite une agréable journée :) 
    dit moi si j'ai autre chose a faire ;)  merci. A+
    a b 8 Sécurité
    18 Juillet 2011 16:59:57

    Re,

    Bon je pensais qu'on allait avoir fini en un post, mais il va falloir jouer les prolongations... :D 

    Il y a une infection Navipromo qu'on va virer :

    1)

    Télécharge Navilog1 (D' IL-MAFIOSO) sur ton bureau.

    /!\ Désactive ton Anti-virus , Anti-spyware , pare-feu /!\


  • Double clique sur le raccourci Navilog1 présent sur le bureau.
  • Laisse-toi guider. Appuie sur une touche quand on te le demande.
  • Au menu principal, choisis L'option 1 et valide.

    /!\ Ne fais pas le choix 2 /!\

  • Patiente le temps du scan. Il te sera peut-être demandé de redémarrer ton PC.
  • Laisse l'outil le faire automatiquement, sinon redémarre ton PC normalement.
  • Au redémarrage l'outil va nettoyer ..
  • Le bloc-notes va s'ouvrir.
  • Copie-colle l'intégralité dans ta réponse. Referme le bloc-notes.

    Note : le rapport est, aussi, sauvegardé à la racine du disque dur C:\cleannavi.txt

    2)

    Désinstallation de programmes

  • Va dans Démarrer > Panneau de configuration. Si tu n'y es pas encore, passe en affichage classique (à gauche), puis double-clique sur Ajout/Suppression de programmes.

  • Dans la liste qui s'affiche, désinstalle si présents :

    > MarketResearch

    > Vuze Toolbar

    > Vuze

    3)

    --> Refais un scan OTL sans personnalisation et poste-moi le rapport.

    ============

    Je ne voudrais pas t'alarmer, mais vu le nombre très important d'infections qu'il y a sur ton ordi, il faudrait changer de comportement sur Internet, en évitant de télécharger n'importe quoi ;) 

    18 Juillet 2011 18:08:18

    Re,

    je suis vraiment désolé :(  je ne savais pas qu'il étais aussi infecté je te remercie pour tes conseilles et j'éviterais a l'avenir de téléchargé mais je regarde souvent des séries en streaming est se que sa pose aussi des problèmes???


    voici le rapport de cleannavi:
    http://www.cijoint.fr/cjlink.php?file=cj201107/cijEmMuM...


    voici le rapport OTL:
    http://www.cijoint.fr/cjlink.php?file=cj201107/cijPRYO2...

    Dans le programme Ajout/suppression:

    je n'avais que Vuze et je l'ai déinstallé mais les 2 autres je ne les avais pas.

    Encor un supère méga grand merci pour le travaille que tu fait :)  .

    PS: :sweat:  désolé pour la prolongations.......

    J'attend tes instructions pour la suite merci. A+
    a b 8 Sécurité
    18 Juillet 2011 18:29:35

    Yop,

    Citation :
    je suis vraiment désolé je ne savais pas qu'il étais aussi infecté je te remercie pour tes conseilles et j'éviterais a l'avenir de téléchargé mais je regarde souvent des séries en streaming est se que sa pose aussi des problèmes???


    Il y a souvent des pop-ups incitant à télécharger des adwares sur ces sites. Evite au moins de cliquer sur les liens du genre "Il manque un codec pour voir cette vidéo, etc." Ce sont des arnaques.

    Bien on est ok vis à vis de l'infection Navipromo, on approche de la fin (si tout va bien :D  )

    1)

    Fix OTL :[/#ff]

  • Relance OTL.exe.

  • Copie exactement le texte ci-dessous :

    :OTL
    MOD - [2010/04/19 10:21:08 | 000,018,432 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll
    MOD - [2006/07/11 18:35:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\SweetIM\Messenger\msvcr71.dll
    SRV - [2011/05/28 13:25:44 | 000,073,600 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ezGOSvc.dll -- (ezGOSvc)
    FF - user.js..browser.startup.homepage: "http://www.seeearch.com/"
    FF - prefs.js..browser.startup.homepage: "http://start.gamenext.fr"
    O2 - BHO: (TBSB06155 Class) - {2DA14D1D-AE74-4A74-A0FE-C79504755DB8} - C:\Program Files\seeearch\seeearch.dll ()
    O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (IE Toolbar) - {1FDA7DDD-25CE-4034-9D5B-38A120A14218} - C:\Program Files\seeearch\seeearch.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    [2011/07/18 00:24:35 | 000,718,208 | ---- | C] (EasyBits Media) -- C:\windows\System32\ezGOSvcApp.exe
    [2011/07/13 17:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2011/07/18 00:24:35 | 000,073,600 | ---- | C] () -- C:\windows\System32\ezGOSvc.dll
    @Alternate Data Stream - 242 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56C17A93
    @Alternate Data Stream - 239 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8F9D810
    @Alternate Data Stream - 239 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55C54F7C
    @Alternate Data Stream - 234 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E11933F
    @Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BAC2F271
    @Alternate Data Stream - 228 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:413E2927
    @Alternate Data Stream - 225 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AE33054
    @Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDCAE7B5
    @Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:439E3411
    @Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF5B3572
    @Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27790C06
    @Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE9AC04F
    @Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22741C1F
    @Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DFE2AE1
    @Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:059167AF
    @Alternate Data Stream - 220 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7072F8A
    @Alternate Data Stream - 220 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE2EA3C2
    @Alternate Data Stream - 220 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48FEA089
    @Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C611D6C8
    @Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90876BA3
    @Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A82570
    @Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:122B409D
    @Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13DF9DD1
    @Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9987109
    @Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:063969F8
    @Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3942462
    @Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBF60A29
    @Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
    @Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9857FAE3
    @Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AF9CAEB
    @Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F1019FF
    @Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40BAD1B0
    @Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB647F34
    @Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D52F295
    @Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:517B507A
    @Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4FCDFD9
    @Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
    @Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A561576B
    @Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BD304B9
    @Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:269C0B5C
    @Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD727397
    @Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:957E9765
    @Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0860D6D6
    @Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB
    @Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E6B8D68
    @Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D708EEF9
    @Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A96D3F23
    @Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B285B76
    @Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3766E957
    @Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74B502CB
    @Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA10407C
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56F368C9
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C0887BF
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0915A718
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A00BCDEF
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:159A493A
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:895A78C5
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:908A1B53
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E67073E
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35AE645
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5F8E280
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87452B14
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC73CDCE
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A774141A
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96646EC1
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EDC744FB
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2216A431
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A74923C
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08801FDB
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC1F7CAE
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B07E6F4
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:436BE28C
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9B1EB7E
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A8F071F
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61B54B15
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E17A249
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:193CB03B
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:014BC3B4
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66871744
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AFC2166
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD000392
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E83EE313
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A724744F
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4709F39D
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EB79F01
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED9B661E
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99AC3203
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CCDAB14
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EE95FE7
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00811B66
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A59DD4AD
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A4BF204
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDB75348
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80E965A3
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38FF076E
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:164FA86E
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1F936DF
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0D17155
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35629AE6
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:073139EC
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7F6E6CB
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD629819
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:943E8182
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708BB0FA
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68B61847
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4AD2C54D
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BAD65EA
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B9E79B3
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9F34335
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B722BCE5
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5264343
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EDA76B4
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C81B36D
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE9351E0
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:169E7AC5
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03A039A3
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2032EBB
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:663B62CA
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F986CC21
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2397415
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86148D88
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EBCAF87
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:450ABF8D
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F0A5896
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3447AB86
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDEB08FD
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:393F7B1E
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:270A3983
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:571CCF8E
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24FECE50
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E2BD6A9
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C846A5B
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3790BACD
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FECEF728
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02B823FE
    @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F96D8E6
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:896E1EFF
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F33592E3
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74091520
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67BA17B9

    :Files
    C:\Program Files\SweetIM
    C:\Program Files\seeearch

    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "4Y3Y0C3AZF7W0I6WAMLHLZ"=-

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]


  • Colle-le dans le cadre Personnalisation en bas à gauche.

  • Clique sur le bouton [#ff9000]Correction[/#ff] en haut à gauche.

  • Si le pc te demande de redémarrer, confirme l'opération.

  • Un rapport après le redémarrage va apparaître, copie/colle-le dans ta prochaine réponse.

    2)

    [#ff9000]Analyse et suppression des logiciels malveillants


  • Télécharge Malwarebytes' Anti-Malware (MBAM) (de Marcin Kleczynski et Bruce Harriss).

  • Installe-le, puis mets bien à jour le programme à la fin de l'installation. (il me semble que tu l'as déjà installé, ceci dit mets-*le à jour absolument)

  • Une fois l'opération terminée, MBAM se lance. Vérifie que la case Examen rapide est bien cochée, puis appuye sur Rechercher (encadré en rouge dans l'image ci-dessous )



  • A la fin de l'analyse, un message va s'afficher :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    ou bien :
    L'examen s'est terminé normalement. Aucun élément nuisible n'a été détecté.


  • Clique sur OK pour continuer. Si MBAM n'a rien trouvé, fais-le moi savoir et quitte le programme.

  • Si il a trouvé des malwares (donc si tu obtiens le message "Afficher les résultats' pour afficher tous les objets trouvés"), continue :

    Ferme toutes les applications en cours (à part MBAM) [/#ff]

  • Clique sur Afficher les résultats.

  • Coche toutes les cases et clique sur Supprimer la sélection. Ainsi, les malwares vont être mis en quarantaine.

  • Un rapport va s'afficher. Colle ce rapport dans ta prochaine réponse stp ;) 

    [#ffb200]Pour t'aider
  • : Tuto sur MBAM

    3)

    Qu'y a-t-il dans ce dossier ?

    C:\Program Files\temp01

    4)

    --> On est reparti pour un nouveau rapport OTL (le dernier je pense :D  ) ;)  Colle-moi le rapport ici s'il te plaît !

    5)

    Comment se comporte le PC ? Mieux ? Toujours des pubs ?
    18 Juillet 2011 20:07:39

    Re,

    Merci t'ai géniale :wahoo:  :D  mon ordi n'as plus de redirection mais il est toujour supère lent :fou: 

    voici le rapport de OTL (correction):
    http://www.cijoint.fr/cjlink.php?file=cj201107/cijt4m2V...

    voici le rapport de MBAM:
    http://www.cijoint.fr/cjlink.php?file=cj201107/cijSgIE5...

    voici le dernier rapport OTL:
    http://www.cijoint.fr/cjlink.php?file=cj201107/cij6m8R6...

    Dans le dossier C:\Program Files\temp01 je n'arrive pas a l'ouvrire et il est ecrit temps01 en bleu.

    Merci beaucpous :16megs
    Dit moi si je dois encor faire autre chose s'il te plaît Merci
    a b 8 Sécurité
    18 Juillet 2011 20:48:55

    Re,

    Bon je ne vois plus rien de choquant dans tes rapports. Pour les lenteurs, on va faire le ménage déjà, parce qu'avec tout ce qu'on a enlevé, ça doit être le bronx...

    Nettoyage

  • Télécharge CCleaner Slim (sans toolbar) (de Piriform, Ltd).

  • Installe-le en suivant la procédure.

  • Démarre le programme. Décoche la case Cookies à gauche, puis clique sur Nettoyer .

  • Une fois le nettoyage terminé, va dans Registre et corrige toutes les erreurs (appuye sur oui quand il te demande de faire une sauvegarde).

  • Quitte CCleaner et dis-moi si le PC est un peu moins lent.

    Pour t'aider : Tuto sur CCleaner

    Ensuite :

    1)

    Important : purge de la restauration du système[/#ff]


    --> Il y a toujours des virus dans tes points de restauration. Suis ce tuto pour la purger.

    N'oublie pas de créer un nouveau point de restauration une fois l'opération effectuée (en appuyant sur le bouton créer)

    2)

    [#0033ff]
    Prévention



    Les menaces diverses sur Internet étant de plus en plus nombreuses, je te conseille vivement de consulter ces liens, afin de mieux te protéger sur le Net :



    Les dangers du P2P (comme emule, limewire...) : http://forum.zebulon.fr/index.php?showtopic=85544

    Pour télécharger gratuitement et légalement, je te conseille Beezik , qui a pour avantages :

  • Une meilleure qualité de son

  • Pas de virus !

    Les dangers des cracks, des keygens : http://forum.malekal.com/danger-des-cracks-t893.html

    Rappels sur les OS piratés : http://redirectingat.com/?id=1402X522807&xs=1&url=http%...

    ********************************

    Logiciels de sécurité conseillés :

    Anti-virus : Avast 6.0

    Pour scanner tes fichiers : MBAM

    ********************************

    Attention, contrairement aux idées reçues :

  • Ne jamais avoir deux anti-virus avec la protection en temps réelle activée, c'est la meilleure façon de créer des conflits. Plusieurs anti-virus actifs peuvent s'entraver, et, au final, le PC que l'on croyait plus sécurisé devient une vraie passoire...

  • Les anti-spywares ne servent à rien !!

  • Je te conseille fortement de ne pas installer des packs de "transformation', qui donnent par exemple l'allure de Windows Vista à un Windows XP. Ce genre de programmes posent beaucoup de problèmes !!!

    Enfin, n'oublie pas que la meilleure manière de protéger ton ordinateur c'est toi !


    3)

    Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre de ton sujet :

  • Clique, dans ton premier message, sur le bouton Editer .

  • Ajoute [Résolu] devant le titre.

  • Clique ensuite sur Valider votre message.

    Sois plus vigilant(e) sur Internet ! ;) 



    18 Juillet 2011 22:16:46

    Re,

    Je te remerci infiniment mon pc va beaucoup mieux :wahoo:  il est beaucoups moin lent. Je suis vraiment admiratif a des personnes comme toi tu as un supère potentielle et chapeau barre pour tout le travaille que tu fournilles.

    [:16megs] [:16megs] [:16megs]


    Je te souhaite une agréable soirée et bonne continuation.....

    :hello: 
    a b 8 Sécurité
    19 Juillet 2011 11:52:08

    Re,

    Tant mieux si ton PC va plus vite :) 

    Sois plus prudent lorsque tu navigues sur les sites de streaming, attention à ne pas cliquer n'importe où ;) 

    Citation :
    Je te souhaite une agréable soirée et bonne continuation.....


    Ce fut un plaisir. A bientôt :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS