Se connecter / S'enregistrer
Votre question

(resolu) Mon pc est infecte

Tags :
  • Système d'exploitation
  • Sécurité
Dernière réponse : dans Sécurité et virus
9 Juin 2011 09:41:49

bonjour,
hier soir en surfant sur un site banal (de lettre adhesive),anti vir c'est emballe et ma donne 15 alerte de virus j'en ai refusé l'accès!!!!
ce matin en allumant mon pc,j'ai windows xp restore qui ce met en route pour une analyse!!!!(je ne sais même pas ce que c'est)!!!!
j'ai également une page qui s'ouvre pour me dire erreur critique défaillance du disque dur....!!!
depuis je ne peux plus rien faire!!!!!plus rien ne s'affiche sur mon bureau et dans le menu demarrer il n'y a quasi plus rien non plus.....
pouvez vous svp m'aider a sauver mon pc???? :??:  :??: 

Autres pages sur : resolu infecte

9 Juin 2011 15:05:14

voici le rapport de l'option 2 :
RogueKiller V5.2.2 [05/06/2011] par Tigzy
contact sur http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueK...

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: SANDRA [Droits d'admin]
Mode: Suppression -- Date : 09/06/2011 14:59:44

Processus malicieux: 2
[SUSP PATH] SkMtEGuPVoS.exe -- c:\documents and settings\all users\application data\skmtegupvos.exe -> KILLED
[ROGUE ST] 17489700.exe -- c:\documents and settings\all users\application data\17489700.exe -> KILLED

Entrees de registre: 8
[SUSP PATH] HKCU\[...]\Run : SkMtEGuPVoS (C:\Documents and Settings\All Users\Application Data\SkMtEGuPVoS.exe) -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> DELETED
[HJPOL] HKCU\[...]\Explorer : NoDesktop (1) -> DELETED
[HJ] HKCU\[...]\ActiveDesktop : NoChangingWallPaper (1) -> REPLACED (0)
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (C:\Documents and Settings\SANDRA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Fichier HOSTS:
127.0.0.1 localhost


Termine : << RKreport[1].txt >>
RKreport[1].txt



Contenus similaires
9 Juin 2011 15:14:58

et enfin le rapport de l option 6 :

RogueKiller V5.2.2 [05/06/2011] par Tigzy
contact sur http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueK...

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: SANDRA [Droits d'admin]
Mode: Raccourcis RAZ -- Date : 09/06/2011 15:13:30

Processus malicieux: 0

Attributs de fichiers restaures:
Bureau: Success 92 / Fail 0
Lancement rapide: Success 11 / Fail 0
Programmes: Success 39389 / Fail 0
Menu demarrer: Success 283 / Fail 0
Dossier utilisateur: Success 13918 / Fail 0
Mes documents: Success 10505 / Fail 0
Mes favoris: Success 36 / Fail 0
Mes images: Success 0 / Fail 0
Ma musique: Success 0 / Fail 0
Mes videos: Success 0 / Fail 0
Disques locaux: Success 49898 / Fail 0
Sauvegarde: [FOUND] Success 213 / Fail 0

Lecteurs:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[G:] \Device\Harddisk1\DP(1)0-0+8 -- 0x2 --> Restored
[H:] \Device\Harddisk2\DP(1)0-0+9 -- 0x2 --> Restored
[I:] \Device\Harddisk3\DP(1)0-0+a -- 0x2 --> Restored
[J:] \Device\Harddisk4\DP(1)0-0+b -- 0x2 --> Restored

Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



9 Juin 2011 21:35:32

bonsoir,voici mon rapport....affolant le nombre d'infection.... :??: 

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Version de la base de données: 6819

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

09/06/2011 20:56:14
mbam-log-2011-06-09 (20-56-14).txt

Type d'examen: Examen complet (C:\|D:\|E:\|G:\|H:\|I:\|J:\|)
Elément(s) analysé(s): 305847
Temps écoulé: 3 heure(s), 2 minute(s), 15 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 32

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.search-web.net) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://www.search-web.net) Good: (http://www.google.com) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\documents and settings\all users\application data\17489700.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\skmtegupvos.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\SANDRA\Bureau\rk_quarantine\17489700.exe.vir (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\SANDRA\Bureau\rk_quarantine\skmtegupvos.exe.vir (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\SANDRA\local settings\temp\83.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\SANDRA\local settings\temp\84.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\ldr4c24.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\ldr5733.tmp (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\temp\F6D9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\1453E8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\2143E8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\2D82.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\2EC9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\3295.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\4732.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\4977.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\52F2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\532C.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\6967.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\6E09.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\7819.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\79CC.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\85F0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\89B1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\9EEA.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\A11.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\B64B.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\B872.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\C01E.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\C81B.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\C9E2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\CD69.exe (Trojan.Agent) -> Quarantined and deleted successfully.
a c 295 8 Sécurité
9 Juin 2011 22:34:55

Et oui :D 

  • Relance Malwarebytes' Anti-Malware, va dans Quarantaine et supprime tout.

    On va vérifier que c'est OK :

  • Télécharge OTL (par OldTimer) sur ton Bureau.
  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.
  • Coche également les cases à côté de Recherche Lop et Recherche Purity.
  • Enfin, clique sur le bouton Analyse. Le scan ne prend pas beaucoup de temps.
  • Une fois l'analyse terminée, deux fenêtres Bloc-notes vont s'ouvrir : OTL.txt et Extras.txt. Ils se trouvent au même endroit qu'OTL.

    Pour me transmettre les rapports :
  • Clique sur ce lien : http://www.cijoint.fr/
  • Clique sur Parcourir... et cherche le fichier du rapport que tu souhaites me transmettre.
  • Clique sur Ouvrir.
  • Clique sur Cliquez ici pour déposer le fichier.
  • Un lien de cette forme, hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt, est ajouté dans la page.
  • Copie-colle ce lien dans ta réponse.
    11 Juin 2011 17:26:46

    bonjour, voici mon rapport :

    ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 12/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 17:23:34 le 11/06/2011, Mode normal

    Microsoft Windows XP Édition familiale Service Pack 3 (X86)
    SANDRA@LELIAN ( )

    ============== RECHERCHE ==============


    Dossier trouvé: C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default\conduit
    Dossier trouvé: C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default\ConduitEngine
    Dossier trouvé: C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default\extensions\engine@conduit.com
    Fichier trouvé: C:\Documents and Settings\SANDRA\scriptjava.html
    Dossier trouvé: C:\Program Files\GamesBar

    -- Fichier ouvert: C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default\Prefs.js --
    Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/FR", "\"0\"")...
    Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
    Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3...
    Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
    Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20...
    Ligne trouvée: user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
    Ligne trouvée: user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
    Ligne trouvée: user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
    Ligne trouvée: user_pref("CommunityToolbar.IsEngineShown", true);
    Ligne trouvée: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
    Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
    Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
    Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
    Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine");
    Ligne trouvée: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed May 25 2011 17:16:40 GMT+02...
    Ligne trouvée: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
    Ligne trouvée: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jun 09 2011 14:09:46 GMT+0200");
    Ligne trouvée: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Ligne trouvée: user_pref("CommunityToolbar.alert.locale", "en");
    Ligne trouvée: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
    Ligne trouvée: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 11 2011 17:10:13 GMT+0200");
    Ligne trouvée: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
    Ligne trouvée: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
    Ligne trouvée: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Ligne trouvée: user_pref("CommunityToolbar.alert.showTrayIcon", false);
    Ligne trouvée: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
    Ligne trouvée: user_pref("CommunityToolbar.alert.userId", "0ab812d2-9460-4b4f-8dfa-75fe80f1881e");
    Ligne trouvée: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Ligne trouvée: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Ligne trouvée: user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jun 09 2011 14:10:50 GMT+0200");
    Ligne trouvée: user_pref("ConduitEngine.CTID", "ConduitEngine");
    Ligne trouvée: user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Jun 11 2011 16:35:36 GMT+0200");
    Ligne trouvée: user_pref("ConduitEngine.FirstServerDate", "05/25/2011 18");
    Ligne trouvée: user_pref("ConduitEngine.FirstTime", true);
    Ligne trouvée: user_pref("ConduitEngine.FirstTimeFF3", true);
    Ligne trouvée: user_pref("ConduitEngine.HasUserGlobalKeys", true);
    Ligne trouvée: user_pref("ConduitEngine.Initialize", true);
    Ligne trouvée: user_pref("ConduitEngine.InitializeCommonPrefs", true);
    Ligne trouvée: user_pref("ConduitEngine.InstalledDate", "Wed May 25 2011 17:16:41 GMT+0200");
    Ligne trouvée: user_pref("ConduitEngine.IsMulticommunity", false);
    Ligne trouvée: user_pref("ConduitEngine.IsOpenThankYouPage", false);
    Ligne trouvée: user_pref("ConduitEngine.IsOpenUninstallPage", true);
    Ligne trouvée: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Jun 11 2011 17:10:17 GMT+0200");
    Ligne trouvée: user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Jun 11 2011 17:09:17 GMT+0200");
    Ligne trouvée: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
    Ligne trouvée: user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Jun 11 2011 17:09:17 GMT+0200");
    Ligne trouvée: user_pref("ConduitEngine.UserID", "UN93707602833734585");
    Ligne trouvée: user_pref("ConduitEngine.componentAlertEnabled", false);
    Ligne trouvée: user_pref("ConduitEngine.engineLocale", "fr");
    Ligne trouvée: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Jun 11 2011 17:10:17 GMT+0200");
    Ligne trouvée: user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Jun 11 2011 14:49:09 GMT+0200");
    Ligne trouvée: user_pref("ConduitEngine.initDone", true);
    Ligne trouvée: user_pref("ConduitEngine.isAppTrackingManagerOn", true);
    -- Fichier Fermé --


    Clé trouvée: HKLM\Software\GamesBarSetup


    ============== SCAN ADDITIONNEL ==============

    **** Mozilla Firefox Version [4.0.1 (fr)] ****

    HKLM_MozillaPlugins\@oberon-media.com/ONCAdapter (x)
    HKLM_MozillaPlugins\@zylom.com/ZylomGamesPlayer (x)
    Searchplugins\bing.xml ( hxxp://www.bing.com/search)
    Components\browsercomps.dll (Mozilla Foundation)

    -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default --
    Extensions\engine@conduit.com (Conduit Engine )
    Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
    Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} (HP Detect)
    Extensions\{fcbf663e-8530-46f8-a880-ac5abe9d2b23} (mobilewitch Community Toolbar)
    Searchplugins\search-the-web.xml (?)
    Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\SANDRA\\Bureau
    Prefs.js - browser.search.defaultenginename, Google
    Prefs.js - browser.startup.homepage, hxxp://www.google.fr/
    Prefs.js - browser.startup.homepage_override.buildID, 20110413222027
    Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1
    Prefs.js - keyword.URL, hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=61101&p=

    ========================================

    **** Internet Explorer Version [7.0.5730.11] ****

    Plugins\NPWMin32.dll (SYNERSOFT)
    HKCU_Main|Default_Page_URL - hxxp://www.search-web.net
    HKCU_Main|Default_Search_URL - hxxp://www.search-web.net/keyword/
    HKCU_Main|First Home Page - hxxp://go.microsoft.com/fwlink/?LinkId=54843
    HKCU_Main|SearchMigratedDefaultURL - hxxp://search-web.net/results.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A5...
    HKCU_Main|Search bar - hxxp://www.search-web.net
    HKCU_Main|Search Page - hxxp://www.search-web.net
    HKCU_Main|Start Page - hxxp://www.search-web.net
    HKLM_Main|Default_Page_URL - hxxp://www.google.com
    HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
    HKLM_Main|Search Page - hxxp://www.google.com
    HKLM_Main|Start Page - hxxp://fr.msn.com/
    HKCU_URLSearchHooks|{08C06D61-F1F3-4799-86F8-BE1A89362C85} - "Search Class" (C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll)
    HKCU_SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193} - "search-web.net" (hxxp://search-web.net/results.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&...)
    HKCU_Toolbar\ShellBrowser|{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} (C:\WINDOWS\system32\eDStoolbar.dll)
    HKCU_Toolbar\ShellBrowser|{C4069E3A-68F1-403E-B40E-20066696354B} (x)
    HKCU_Toolbar\WebBrowser|{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} (x)
    HKCU_Toolbar\WebBrowser|{D3028143-6145-4318-99D3-3EDCE54A95A9} (x)
    HKLM_Toolbar|{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} (C:\WINDOWS\system32\eDStoolbar.dll)
    HKLM_ElevationPolicy\{6A4E5109-F35C-469e-BEBC-A9241C14D8B3} - C:\Program Files\Hp\Common\iPAQDetection2.exe (?)
    HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files\Fichiers communs\Oberon Media\OberonBroker\1.0.0.76\OberonBroker.exe (x)
    HKCU_Extensions\{1462651F-F4BA-4C76-A001-C4284D0FE16E} - "Orange" (C:\PROGRA~1\Wanadoo\Audience\Icones\Orange.ico)
    HKLM_Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66} - "?" (?)
    HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
    BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
    BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
    BHO\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - "Google Dictionary Compression sdch" (C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll) (x)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

    C:\Ad-Report-SCAN[1].txt - 11/06/2011 17:23:47 (7059 Octet(s))

    Fin à: 17:24:52, 11/06/2011

    ============== E.O.F ==============
    a c 295 8 Sécurité
    11 Juin 2011 17:38:54

  • Relance Ad-Remover, choisis l'option "Nettoyer" et poste le rapport.
    11 Juin 2011 18:16:46

    voici le rapport :
    ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 12/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 17:54:04 le 11/06/2011, Mode normal

    Microsoft Windows XP Édition familiale Service Pack 3 (X86)
    SANDRA@LELIAN ( )

    ============== ACTION(S) ==============


    Erreur suppression dossier: C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default\conduit
    Dossier supprimé: C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default\ConduitEngine
    Dossier supprimé: C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default\extensions\engine@conduit.com
    Fichier supprimé: C:\Documents and Settings\SANDRA\scriptjava.html
    Dossier supprimé: C:\Program Files\GamesBar

    (!) -- Fichiers temporaires supprimés.


    -- Fichier ouvert: C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default\Prefs.js --
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/FR", "\"0\"")...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20...
    Ligne supprimée: user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
    Ligne supprimée: user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
    Ligne supprimée: user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
    Ligne supprimée: user_pref("CommunityToolbar.IsEngineShown", true);
    Ligne supprimée: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
    Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
    Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
    Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
    Ligne supprimée: user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine");
    Ligne supprimée: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed May 25 2011 17:16:40 GMT+02...
    Ligne supprimée: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
    Ligne supprimée: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jun 09 2011 14:09:46 GMT+0200");
    Ligne supprimée: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Ligne supprimée: user_pref("CommunityToolbar.alert.locale", "en");
    Ligne supprimée: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
    Ligne supprimée: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 11 2011 17:10:13 GMT+0200");
    Ligne supprimée: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
    Ligne supprimée: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
    Ligne supprimée: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Ligne supprimée: user_pref("CommunityToolbar.alert.showTrayIcon", false);
    Ligne supprimée: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
    Ligne supprimée: user_pref("CommunityToolbar.alert.userId", "0ab812d2-9460-4b4f-8dfa-75fe80f1881e");
    Ligne supprimée: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Ligne supprimée: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Ligne supprimée: user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jun 09 2011 14:10:50 GMT+0200");
    Ligne supprimée: user_pref("ConduitEngine.CTID", "ConduitEngine");
    Ligne supprimée: user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Jun 11 2011 16:35:36 GMT+0200");
    Ligne supprimée: user_pref("ConduitEngine.FirstServerDate", "05/25/2011 18");
    Ligne supprimée: user_pref("ConduitEngine.FirstTime", true);
    Ligne supprimée: user_pref("ConduitEngine.FirstTimeFF3", true);
    Ligne supprimée: user_pref("ConduitEngine.HasUserGlobalKeys", true);
    Ligne supprimée: user_pref("ConduitEngine.Initialize", true);
    Ligne supprimée: user_pref("ConduitEngine.InitializeCommonPrefs", true);
    Ligne supprimée: user_pref("ConduitEngine.InstalledDate", "Wed May 25 2011 17:16:41 GMT+0200");
    Ligne supprimée: user_pref("ConduitEngine.IsMulticommunity", false);
    Ligne supprimée: user_pref("ConduitEngine.IsOpenThankYouPage", false);
    Ligne supprimée: user_pref("ConduitEngine.IsOpenUninstallPage", true);
    Ligne supprimée: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Jun 11 2011 17:10:17 GMT+0200");
    Ligne supprimée: user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Jun 11 2011 17:09:17 GMT+0200");
    Ligne supprimée: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
    Ligne supprimée: user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Jun 11 2011 17:09:17 GMT+0200");
    Ligne supprimée: user_pref("ConduitEngine.UserID", "UN93707602833734585");
    Ligne supprimée: user_pref("ConduitEngine.componentAlertEnabled", false);
    Ligne supprimée: user_pref("ConduitEngine.engineLocale", "fr");
    Ligne supprimée: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Jun 11 2011 17:10:17 GMT+0200");
    Ligne supprimée: user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Jun 11 2011 14:49:09 GMT+0200");
    Ligne supprimée: user_pref("ConduitEngine.initDone", true);
    Ligne supprimée: user_pref("ConduitEngine.isAppTrackingManagerOn", true);
    -- Fichier Fermé --


    Clé supprimée: HKLM\Software\GamesBarSetup


    ============== SCAN ADDITIONNEL ==============

    **** Mozilla Firefox Version [4.0.1 (fr)] ****

    HKLM_MozillaPlugins\@oberon-media.com/ONCAdapter (x)
    HKLM_MozillaPlugins\@zylom.com/ZylomGamesPlayer (x)
    Searchplugins\bing.xml ( hxxp://www.bing.com/search)
    Components\browsercomps.dll (Mozilla Foundation)

    -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\FireFox\Profiles\07ait0d4.default --
    Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
    Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} (HP Detect)
    Extensions\{fcbf663e-8530-46f8-a880-ac5abe9d2b23} (mobilewitch Community Toolbar)
    Searchplugins\search-the-web.xml (?)
    Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\SANDRA\\Bureau
    Prefs.js - browser.search.defaultenginename, Google
    Prefs.js - browser.startup.homepage, hxxp://www.google.fr/
    Prefs.js - browser.startup.homepage_override.buildID, 20110413222027
    Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1
    Prefs.js - keyword.URL, hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=61101&p=

    ========================================

    **** Internet Explorer Version [7.0.5730.11] ****

    Plugins\NPWMin32.dll (SYNERSOFT)
    HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
    HKCU_Main|Start Page - hxxp://fr.msn.com/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
    HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Start Page - hxxp://fr.msn.com/
    HKCU_URLSearchHooks|{08C06D61-F1F3-4799-86F8-BE1A89362C85} - "Search Class" (C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll)
    HKCU_SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193} - "search-web.net" (hxxp://search-web.net/results.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&...)
    HKCU_Toolbar\ShellBrowser|{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} (C:\WINDOWS\system32\eDStoolbar.dll)
    HKCU_Toolbar\ShellBrowser|{C4069E3A-68F1-403E-B40E-20066696354B} (x)
    HKCU_Toolbar\WebBrowser|{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} (x)
    HKCU_Toolbar\WebBrowser|{D3028143-6145-4318-99D3-3EDCE54A95A9} (x)
    HKLM_Toolbar|{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} (C:\WINDOWS\system32\eDStoolbar.dll)
    HKLM_ElevationPolicy\{6A4E5109-F35C-469e-BEBC-A9241C14D8B3} - C:\Program Files\Hp\Common\iPAQDetection2.exe (?)
    HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files\Fichiers communs\Oberon Media\OberonBroker\1.0.0.76\OberonBroker.exe (x)
    HKCU_Extensions\{1462651F-F4BA-4C76-A001-C4284D0FE16E} - "Orange" (C:\PROGRA~1\Wanadoo\Audience\Icones\Orange.ico)
    HKLM_Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66} - "?" (?)
    HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
    BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
    BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
    BHO\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - "Google Dictionary Compression sdch" (C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll) (x)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 100 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 11/06/2011 17:54:20 (8567 Octet(s))
    C:\Ad-Report-SCAN[1].txt - 11/06/2011 17:23:47 (9750 Octet(s))

    Fin à: 17:56:18, 11/06/2011

    ============== E.O.F ==============
    a c 295 8 Sécurité
    14 Juin 2011 13:20:10

    Comment va le PC ?

  • Relance Ad-Remover et choisis Désinstaller.

  • Relance OTL et poste le rapport OTL.
    14 Juin 2011 14:31:46

    bonjour, mon PC va bien tout est redevenu normal......par contre je ne trouve plus "document and setting dans mon disque dur???

    voici le rapport OTL
    OTL logfile created on: 14/06/2011 14:26:24 - Run 5
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\SANDRA\Mes documents\Téléchargements
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    447,48 Mb Total Physical Memory | 73,67 Mb Available Physical Memory | 16,46% Memory free
    1,13 Gb Paging File | 0,51 Gb Available in Paging File | 45,50% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 71,84 Gb Total Space | 31,77 Gb Free Space | 44,23% Space Free | Partition Type: NTFS
    Drive D: | 72,31 Gb Total Space | 72,30 Gb Free Space | 99,99% Space Free | Partition Type: FAT32

    Computer Name: LELIAN | User Name: SANDRA | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\SANDRA\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
    PRC - C:\Program Files\orange\Systray\SystrayApp.exe (France Telecom SA)
    PRC - C:\Program Files\Fichiers communs\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe (France Telecom SA)
    PRC - C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe (France Telecom SA)
    PRC - C:\Program Files\Acer\Acer eMode Management\AspireService.exe (Acer Inc.)
    PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
    PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
    PRC - C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
    PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
    PRC - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe (Acer Inc.)
    PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
    PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.)
    PRC - C:\WINDOWS\system32\SysMonitor.exe ( )
    PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
    PRC - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
    PRC - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe (X-Micro Technology Corp.)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\SANDRA\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\sysenv.dll (HiTRUST)
    MOD - C:\WINDOWS\system32\MSNChatHook.dll (HiTRUST)
    MOD - C:\WINDOWS\system32\CryptoAPI.dll (HiTRUST)
    MOD - C:\WINDOWS\system32\mfc71u.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (HidServ) -- File not found
    SRV - (AppMgmt) -- File not found
    SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
    SRV - (FTRTSVC) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe (France Telecom SA)
    SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
    SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
    SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
    SRV - (Acer Media Server) -- C:\Program Files\Acer\Acer eConsole\MediaServerService.exe (Acer Inc.)
    SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.)
    SRV - (LightScribeService) -- c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
    SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
    SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


    ========== Driver Services (SafeList) ==========

    DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
    DRV - (ndisrd) -- C:\WINDOWS\system32\drivers\ndisrd.sys (NT Kernel Resources)
    DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
    DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
    DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
    DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
    DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
    DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
    DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
    DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
    DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
    DRV - (GT72NDISIPXP) -- C:\WINDOWS\system32\drivers\Gt51Ip.sys (Option NV)
    DRV - (GT72UBUS) -- C:\WINDOWS\system32\drivers\gt72ubus.sys (Option N.V.)
    DRV - (GTPTSER) -- C:\WINDOWS\system32\drivers\gtptser.sys (Option N.V.)
    DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS (Macrovision Europe Ltd)
    DRV - (MobileAdapter) -- C:\WINDOWS\system32\drivers\hmumdm.sys (Huawei Technologies Co., Ltd.)
    DRV - (eeCtrl) -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
    DRV - (se2Bunic) Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (WDM) -- C:\WINDOWS\system32\drivers\se2Bunic.sys (MCCI)
    DRV - (SE2Bobex) -- C:\WINDOWS\system32\drivers\SE2Bobex.sys (MCCI)
    DRV - (se2Bnd5) Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (NDIS) -- C:\WINDOWS\system32\drivers\se2Bnd5.sys (MCCI)
    DRV - (SE2Bmgmt) Sony Ericsson Device 043 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\SE2Bmgmt.sys (MCCI)
    DRV - (SE2Bmdm) -- C:\WINDOWS\system32\drivers\SE2Bmdm.sys (MCCI)
    DRV - (SE2Bmdfl) -- C:\WINDOWS\system32\drivers\SE2Bmdfl.sys (MCCI)
    DRV - (SE2Bbus) Sony Ericsson Device 043 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\SE2Bbus.sys (MCCI)
    DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
    DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
    DRV - (PCANDIS5) -- C:\WINDOWS\system32\pcandis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (SG762_XP) -- C:\WINDOWS\system32\drivers\WlanBZXP.sys (ZyDAS Technology Corporation)
    DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI)
    DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI)
    DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI)
    DRV - (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation)
    DRV - (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
    DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI)
    DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI)
    DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI)
    DRV - (ssm_mdm) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys (MCCI)
    DRV - (ssm_mdfl) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys (MCCI)
    DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ssm_bus.sys (MCCI)
    DRV - (PD0620VID) -- C:\WINDOWS\system32\drivers\P0620Vid.sys (Creative Technology Ltd.)
    DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
    DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
    DRV - (ZDPNDIS5) -- C:\WINDOWS\system32\ZDPNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (cdrbsvsd) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys (B.H.A Corporation)
    DRV - (PCAMPR5) -- C:\WINDOWS\system32\pcampr5.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (STIrUsb) -- C:\WINDOWS\system32\drivers\irstusb.sys (SigmaTel, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\orange\SearchURLHook\SearchPageURL.dll ()
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.defaultthis.engineName: "mobilewitch Customized Web Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
    FF - prefs.js..extensions.enabledItems: {636fae0b-69b4-4324-9fea-80fc7fb887dc}:1.300.306
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {fcbf663e-8530-46f8-a880-ac5abe9d2b23}:2.7.2.0
    FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
    FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark..."

    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/25 11:26:45 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/25 11:26:45 | 000,000,000 | ---D | M]

    [2010/12/14 22:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Extensions
    [2010/12/14 22:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Extensions\home2@tomtom.com
    [2009/04/21 15:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2011/06/11 17:55:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Firefox\Profiles\07ait0d4.default\extensions
    [2010/08/20 15:19:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Firefox\Profiles\07ait0d4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/06/07 11:35:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Firefox\Profiles\07ait0d4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2011/02/24 16:18:37 | 000,000,000 | ---D | M] (HP Detect) -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Firefox\Profiles\07ait0d4.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
    [2011/05/25 17:16:25 | 000,000,000 | ---D | M] (mobilewitch Community Toolbar) -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Firefox\Profiles\07ait0d4.default\extensions\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}
    [2009/03/02 16:30:01 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Firefox\Profiles\07ait0d4.default\searchplugins\live-search.xml
    [2010/10/04 08:38:07 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Firefox\Profiles\07ait0d4.default\searchplugins\search-the-web.xml
    [2011/05/25 10:12:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    File not found (No name found) --
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\SANDRA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\07AIT0D4.DEFAULT\EXTENSIONS\{636FAE0B-69B4-4324-9FEA-80FC7FB887DC}.XPI
    [2009/06/25 17:15:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/05/25 11:26:30 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
    [2005/04/27 22:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
    [2006/09/26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
    [2011/05/25 11:26:37 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
    [2011/05/25 11:26:37 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
    [2011/05/25 11:26:37 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2011/05/25 11:26:38 | 000,001,154 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
    [2011/05/25 11:26:38 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
    [2011/05/25 11:26:38 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2011/02/12 11:45:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - File not found
    O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
    O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
    O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe ( )
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe (Acer Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
    O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
    O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
    O4 - HKLM..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe (Acer Inc.)
    O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
    O4 - HKLM..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files\orange\SessionManager\SessionManager.exe (France Telecom SA)
    O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [PD0620 STISvc] C:\WINDOWS\System32\P0620Pin.dll (Creative Technology Ltd.)
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [SystrayORAHSS] C:\Program Files\Orange\Systray\SystrayApp.exe (France Telecom SA)
    O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe (X-Micro Technology Corp.)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk = File not found
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = File not found
    O4 - Startup: C:\Documents and Settings\SANDRA\Menu Démarrer\Programmes\Démarrage\Anti-Pub.lnk = File not found
    O4 - Startup: C:\Documents and Settings\SANDRA\Menu Démarrer\Programmes\Démarrage\BoontyBox 01net.lnk = File not found
    O4 - Startup: C:\Documents and Settings\SANDRA\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: chat-land.org ([]* in Sites de confiance)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/direc... (Shockwave ActiveX Control)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/dir... (Shockwave ActiveX Control)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {596B26AA-E941-4FB5-8F91-0762447578F0} http://games.bigfishgames.com/fr_dream-chronicles/onlin... (CPlayFirstdreamControl Object)
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.... (Solitaire Showdown Class)
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.extrafilm.fr/ImageUploader5.cab (Image Uploader Control)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab (BDSCANONLINE Control)
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.photobox.fr/assets/aurigma/ImageUploader4.ca... (Image Uploader Control)
    O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} http://www.gamehouse.com/realarcade-webgames/dreamchron... (CPlayFirstdreamControl Object)
    O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} http://photos.orange.fr/al/presentation/pc/resources/ac... (Upload Class)
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://jeuxenligne.orange.fr/gameshell/online/fr/chainz... (MJLauncherCtrl Class)
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://lausanlelian.spaces.live.com/PhotoUpload/MsnPUpl... (Windows Live Photo Upload Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-wind... (Java Plug-in 1.6.0_14)
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/MessengerStatsClie... (MessengerStatsClient Class)
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} http://www.securitoo.com/fra/pages/navol/fscax.cab (F-Secure Online Scanner)
    O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} http://www.gamehouse.com/realarcade-webgames/mysterypil... (SpinTop Games Launcher)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
    O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} http://www.colorclub.fr/Components/Upload/ImageUploader... (Aurigma Image Uploader 3.5 Combo Control)
    O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} http://games.bigfishgames.com/fr_bigcityadventuresa/onl... (Jolly Bear Games Player)
    O16 - DPF: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5} http://cora.fujifilmnet.com/MCLPhoto.CAB (MCLPhoto_Upload.PhotoUpload)
    O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} http://copainsdavant.linternaute.com/html_include_bibli... (Image Uploader Control)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPACl... (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-wind... (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-wind... (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-wind... (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-wind... (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-wind... (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-wind... (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-wind... (Java Plug-in 1.6.0_14)
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://www.photobox.fr/discount/clients/uploader_v2.2.0... (PB_Uploader Class)
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://jeuxentelechargement.orange.fr/Gameshell/GameHos... (Oberon Flash Game Host)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/fl... (Shockwave Flash Object)
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valueactive.com/Register/Branding/olr33... (FlashXControl Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\SANDRA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\SANDRA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/08/07 10:12:54 | 000,000,050 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/06/13 17:40:25 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2011/06/09 15:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SANDRA\Mes documents\HomeVideo-Maker
    [2011/06/09 14:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SANDRA\Bureau\RK_Quarantine
    [2011/06/09 14:58:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SANDRA\Recent
    [2011/06/09 07:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SANDRA\Menu Démarrer\Programmes\Windows XP Restore
    [2011/06/08 21:51:48 | 000,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\beep.sys
    [2011/06/08 21:47:20 | 000,000,000 | ---D | C] -- C:\spoolerlogs
    [2011/05/24 15:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SANDRA\historique_ChatLand
    [2009/02/05 20:24:03 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\SANDRA\Application Data\pcouffin.sys
    [2006/12/24 13:21:08 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe
    [2006/12/24 13:19:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll
    [2006/12/24 13:19:32 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\SysMonitor.exe
    [1 C:\Documents and Settings\SANDRA\*.tmp files -> C:\Documents and Settings\SANDRA\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/06/14 08:38:50 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/06/14 08:36:22 | 000,054,156 | ---- | M] () -- C:\WINDOWS\QTFont.qfn
    [2011/06/14 08:36:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2011/06/14 08:35:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/06/14 08:35:17 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
    [2011/06/13 17:40:25 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2011/06/09 17:47:19 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
    [2011/06/09 14:26:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\8613F.sys
    [2011/06/09 08:03:59 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17489700
    [2011/06/09 08:03:08 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17489700
    [2011/06/09 08:03:07 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17489700r
    [2011/06/09 07:51:43 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\SANDRA\Bureau\Windows XP Restore.lnk
    [2011/05/30 20:59:03 | 000,233,472 | -H-- | M] () -- C:\Documents and Settings\SANDRA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/05/24 16:09:16 | 000,039,063 | ---- | M] () -- C:\Documents and Settings\SANDRA\binternet.jar
    [2011/05/24 16:08:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\SANDRA\tmp1.14
    [2011/05/24 15:06:18 | 000,009,258 | ---- | M] () -- C:\Documents and Settings\SANDRA\F_ajour.jar
    [1 C:\Documents and Settings\SANDRA\*.tmp files -> C:\Documents and Settings\SANDRA\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/06/09 15:06:03 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
    [2011/06/09 15:06:03 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Gestionnaire Internet.lnk
    [2011/06/09 15:06:03 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Navigateur Orange.lnk
    [2011/06/09 15:06:03 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
    [2011/06/09 15:06:03 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\OpenOffice.org 3.0.lnk
    [2011/06/09 15:06:03 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011/06/09 15:06:03 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
    [2011/06/09 15:06:03 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Picasa 3.lnk
    [2011/06/09 15:06:03 | 000,000,188 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Livebox.url
    [2011/06/09 15:06:02 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
    [2011/06/09 15:06:02 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
    [2011/06/09 15:06:02 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\BoontyBox 01net.lnk
    [2011/06/09 15:06:02 | 000,001,624 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/06/09 15:06:02 | 000,001,370 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\Vos allocations.lnk
    [2011/06/09 15:06:02 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk
    [2011/06/09 15:06:02 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Easy Burner.lnk
    [2011/06/09 15:06:02 | 000,000,114 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL
    [2011/06/09 15:06:02 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureau.scf
    [2011/06/09 15:06:01 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Windows Live Messenger .lnk
    [2011/06/09 15:06:01 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk
    [2011/06/09 15:05:56 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Microsoft Office PowerPoint Viewer 2003.lnk
    [2011/06/09 15:05:56 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk
    [2011/06/09 15:05:54 | 000,001,465 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk
    [2011/06/09 15:05:53 | 000,001,761 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
    [2011/06/09 15:05:53 | 000,001,585 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer Empowering Technology.lnk
    [2011/06/09 15:05:53 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk
    [2011/06/09 15:05:53 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer WLAN 11g USB Dongle.lnk
    [2011/06/09 15:05:53 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk
    [2011/06/09 15:05:51 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Apple Software Update.lnk
    [2011/06/09 15:05:51 | 000,002,092 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Photoshop Album Edition Découverte 3.2.lnk
    [2011/06/09 15:05:51 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 9.lnk
    [2011/06/09 14:43:51 | 469,291,008 | -HS- | C] () -- C:\hiberfil.sys
    [2011/06/09 14:26:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\8613F.sys
    [2011/06/09 07:52:41 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~17489700r
    [2011/06/09 07:52:40 | 000,000,144 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~17489700
    [2011/06/09 07:51:43 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\SANDRA\Bureau\Windows XP Restore.lnk
    [2011/06/09 07:51:16 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17489700
    [2011/05/24 16:09:16 | 000,039,063 | ---- | C] () -- C:\Documents and Settings\SANDRA\binternet.jar
    [2011/05/24 16:08:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\SANDRA\tmp1.14
    [2011/05/24 15:06:18 | 000,009,258 | ---- | C] () -- C:\Documents and Settings\SANDRA\F_ajour.jar
    [2011/02/12 11:29:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/02/12 11:29:38 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/11/17 17:16:39 | 000,000,190 | -H-- | C] () -- C:\WINDOWS\settings.ini
    [2010/08/26 11:35:48 | 000,565,248 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
    [2010/07/23 17:30:53 | 000,025,520 | ---- | C] () -- C:\Documents and Settings\SANDRA\Local Settings\Application Data\slot1.mm1
    [2009/10/05 14:38:09 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll
    [2009/06/02 18:35:57 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2009/02/05 20:24:04 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\pcouffin.cat
    [2009/02/05 20:24:03 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\pcouffin.inf
    [2009/02/05 17:09:51 | 000,000,057 | -H-- | C] () -- C:\WINDOWS\DcmLtbox-WS.ini
    [2009/02/01 23:55:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2009/02/01 23:55:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2009/02/01 23:55:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2008/11/03 16:26:58 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
    [2008/11/03 16:26:53 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2008/10/27 11:52:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2008/07/03 20:21:47 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/07/03 20:19:09 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
    [2008/06/04 16:09:16 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
    [2008/05/14 21:51:16 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
    [2008/03/20 19:44:36 | 000,000,048 | ---- | C] () -- C:\WINDOWS\DDMv3.INI
    [2008/03/17 11:45:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\off-road-uninst.exe
    [2008/03/13 22:12:29 | 000,000,182 | -H-- | C] () -- C:\WINDOWS\cncscore.ini
    [2008/02/11 10:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
    [2008/02/11 10:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
    [2008/02/08 14:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
    [2008/02/05 09:48:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerUninstaller.exe
    [2007/12/20 20:40:48 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
    [2007/12/20 20:40:48 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
    [2007/12/20 20:40:48 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
    [2007/12/20 20:40:48 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
    [2007/12/20 20:40:48 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
    [2007/12/20 20:40:48 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
    [2007/12/20 20:40:48 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
    [2007/12/20 20:40:48 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
    [2007/12/20 20:40:48 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
    [2007/12/20 20:40:48 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
    [2007/12/20 20:40:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
    [2007/12/20 20:40:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
    [2007/12/20 20:40:48 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
    [2007/12/20 20:40:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
    [2007/12/20 20:40:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
    [2007/12/20 20:40:48 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
    [2007/12/20 20:40:48 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
    [2007/12/20 20:40:48 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
    [2007/12/20 20:40:48 | 000,000,097 | -H-- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2007/12/20 20:22:32 | 000,000,027 | -H-- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
    [2007/11/25 18:55:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
    [2007/11/06 20:48:04 | 000,000,022 | -H-- | C] () -- C:\WINDOWS\logger.ini
    [2007/09/22 12:31:09 | 000,003,160 | -H-- | C] () -- C:\WINDOWS\zibouille.ini
    [2007/09/22 12:27:50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe
    [2007/09/21 15:15:46 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\SANDRA\Application Data\com.koingosw.SuperFrog.xml
    [2007/09/10 23:28:22 | 000,000,080 | -H-- | C] () -- C:\WINDOWS\funkycity.ini
    [2007/09/10 21:30:24 | 000,000,018 | -H-- | C] () -- C:\WINDOWS\gfact.ini
    [2007/09/08 17:32:53 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
    [2007/07/27 15:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
    [2007/07/27 15:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
    [2007/05/07 17:53:28 | 002,067,140 | R--- | C] () -- C:\WINDOWS\System32\avcodec.dll
    [2007/05/07 17:28:39 | 000,000,499 | -H-- | C] () -- C:\WINDOWS\wininit.ini
    [2007/04/23 22:09:10 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2007/04/23 14:43:28 | 000,002,607 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2007/03/23 20:07:56 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
    [2007/03/20 19:53:01 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2007/03/15 16:14:16 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\eDataSecurity.dat
    [2007/03/07 12:05:28 | 000,146,303 | ---- | C] () -- C:\WINDOWS\System32\cdsmbw.exe
    [2007/02/09 23:10:54 | 000,000,040 | ---- | C] () -- C:\WINDOWS\Navigma.INI
    [2007/01/22 15:17:25 | 000,002,681 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
    [2007/01/10 16:51:35 | 000,000,066 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
    [2007/01/02 15:17:52 | 000,001,318 | ---- | C] () -- C:\WINDOWS\eReg.dat
    [2006/12/30 18:20:06 | 000,000,133 | -H-- | C] () -- C:\WINDOWS\funpok.ini
    [2006/12/25 18:13:22 | 000,384,000 | ---- | C] () -- C:\WINDOWS\adeins.exe
    [2006/12/24 14:26:22 | 000,233,472 | -H-- | C] () -- C:\Documents and Settings\SANDRA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/12/24 13:23:50 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
    [2006/12/24 13:21:37 | 000,114,688 | ---- | C] () -- C:\WINDOWS\PowerOption.exe
    [2006/12/24 13:21:37 | 000,000,294 | -H-- | C] () -- C:\WINDOWS\PowerOption.ini
    [2006/12/24 13:19:32 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll
    [2006/12/24 13:14:31 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\SANDRA\Local Settings\Application Data\fusioncache.dat
    [2006/08/07 10:16:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2006/08/07 10:16:38 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/08/07 10:14:32 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MWLPS.dll
    [2006/08/07 10:14:24 | 000,000,050 | -H-- | C] () -- C:\WINDOWS\commercial.ini
    [2006/08/07 10:13:14 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
    [2006/08/07 10:12:32 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
    [2006/08/07 10:12:32 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
    [2006/08/07 10:12:32 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
    [2006/08/07 10:12:32 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
    [2006/08/07 10:10:34 | 000,545,344 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
    [2006/08/07 10:10:34 | 000,472,444 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2006/08/07 10:10:34 | 000,102,322 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
    [2006/08/07 10:10:34 | 000,085,762 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2006/08/07 10:07:20 | 000,228,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2006/08/07 09:57:46 | 000,004,555 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2006/08/07 09:56:54 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2006/07/12 00:19:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2006/07/12 00:19:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2006/07/12 00:19:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2006/07/12 00:19:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
    [2006/07/12 00:19:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2006/07/12 00:19:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006/07/12 00:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2006/07/12 00:19:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2006/07/12 00:19:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2006/07/12 00:19:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2006/07/12 00:19:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2006/05/29 16:05:58 | 000,303,104 | ---- | C] () -- C:\WINDOWS\CreateLnk.exe
    [2006/05/25 01:22:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
    [2006/04/23 17:15:36 | 000,000,095 | -H-- | C] () -- C:\WINDOWS\ALaunch.ini
    [2006/04/12 15:08:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll
    [2006/03/08 18:19:28 | 001,421,824 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll
    [2006/03/08 18:11:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
    [2006/03/02 20:35:48 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin
    [2005/12/05 20:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
    [2005/12/05 13:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
    [2005/11/16 22:11:52 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\Kill1211.exe
    [2005/11/10 12:27:42 | 000,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys
    [2005/10/31 04:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2005/10/26 08:25:28 | 000,008,073 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/07/15 02:48:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
    [2005/03/14 14:38:28 | 000,000,469 | -H-- | C] () -- C:\WINDOWS\bdoscandellang.ini
    [2004/12/17 04:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
    [2004/08/05 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/05 07:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
    [2004/08/05 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/05 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/05 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/05 07:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
    [2004/08/05 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/05 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/05 07:00:00 | 000,003,712 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/05 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/05 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
    [2003/08/07 09:51:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\reboot.exe
    [2003/03/14 12:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
    [2002/05/23 17:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMOVE.EXE
    [2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
    [2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
    [2001/08/25 19:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2001/08/25 19:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
    [2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A9D0E7
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BC95BE9
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:331B76C7
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D31DA45
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:067F588D
    @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB5DB76D
    @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D FC5A2B2
    @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:965253AF
    @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6CEB2458
    @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A392155
    @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECE19DD1
    @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D 2D4B33E
    @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A56D6987
    @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F25B38E8
    @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A4138A0
    @Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEF2A14E
    @Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2CD146E
    @Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BA6C9F8
    @Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7776B809
    @Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43301D1D
    @Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7123C4C
    @Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D60AEC3
    @Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:861A898F
    @Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:481DAC2B
    @Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:204BEE0F
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2F115B4
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D 8EA2847
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5925E400
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30997E0F
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8B102B9
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A967571A
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45BC0AAA
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B310C233
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14168AA3
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FC027DE
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1FDDA142
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF2C26D2
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37F44C44
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED51D3ED
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E463CA56
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:706CFC8E
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F0FA039
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED6C8CBA
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63A71C6F
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:580E04D8
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9CB5ECC
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CCBF0D67
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0405560
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D722CD6
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE601F5
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81B52FA6
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A724744F
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D1BE4C6
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDD78BE5
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D E47A3DA
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD9F7E4E
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373C6DC2
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D DEB08FD
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DD87D86
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54997B77
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D 507B5A8
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB5B8755
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95B7F1EC
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FC9D9C0
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26946BE8
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:970A6A7C
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A18D1F5
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:666FB4AA
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50A11A00
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C9CF9A7
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2871B698
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20FFCF0B
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B52F176
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E4A7758
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C12E68D
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48FEA089
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:437B9941
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84F494D
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:949483BD
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:940ECC98
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69B9AAE7
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B812EE0
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07241935
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D 31BE97C
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A296A63F
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A118E9A3
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AB6C1D7
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F22DA14
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A73A758
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6433F27
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C80FAD6
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C64BB1A
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55F44B88
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6C58E14
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D A723860
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D 1979811
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BABA07C2
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89123481
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81ED9272
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:557AD709
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:315B4A13
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDDD8917
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F14D1F80
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E945C214
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E736CE6B
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:994AEA06
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E1404CE
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38B32B54
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20DB61D6
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:090FB735
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A97C459
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:488F7244
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:053BAE56
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF8F1AE3
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F65733F1
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1013B07C
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D CF7E75A
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D AAE6F43
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D 055FC10
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B652B720
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C443193
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76BE9842
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:417F5F46
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:275AA066
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F0A5896
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE7C61DF
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:857F
    a c 295 8 Sécurité
    14 Juin 2011 15:14:09

    Le dossier n'est pas caché ?

  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant (entre les deux espaces) :

    :OTL
    2010/10/04 08:38:07 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\SANDRA\Application Data\Mozilla\Firefox\Profiles\07ait0d4.default\searchplugins\search-the-web.xml
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/j [...] s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Java Plug-in 1.6.0_14)
    [2011/06/09 07:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SANDRA\Menu Démarrer\Programmes\Windows XP Restore
    [2011/06/09 14:26:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\8613F.sys
    [2011/06/09 08:03:59 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17489700
    [2011/06/09 08:03:08 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17489700
    [2011/06/09 08:03:07 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17489700r
    [2011/06/09 07:51:43 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\SANDRA\Bureau\Windows XP Restore.lnk
    [2011/05/24 16:09:16 | 000,039,063 | ---- | C] () -- C:\Documents and Settings\SANDRA\binternet.jar
    [2011/05/24 16:08:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\SANDRA\tmp1.14
    [2011/05/24 15:06:18 | 000,009,258 | ---- | C] () -- C:\Documents and Settings\SANDRA\F_ajour.jar

    :commands
    [emptytemp]

  • Puis clique sur le bouton Correction en haut de la fenêtre.
  • Laisse le programme travailler, redémarre une fois le fix terminé.
  • Poste le rapport qui s'affichera après redémarrage.
    14 Juin 2011 17:02:26

    je l'ai pas trouve.....
    enfin c'est pas grave!!!
    voici mon rapport :
    All processes killed
    ========== OTL ==========
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    C:\Documents and Settings\SANDRA\Menu Démarrer\Programmes\Windows XP Restore folder moved successfully.
    C:\WINDOWS\system32\drivers\8613F.sys moved successfully.
    C:\Documents and Settings\All Users\Application Data\17489700 moved successfully.
    C:\Documents and Settings\All Users\Application Data\~17489700 moved successfully.
    C:\Documents and Settings\All Users\Application Data\~17489700r moved successfully.
    C:\Documents and Settings\SANDRA\Bureau\Windows XP Restore.lnk moved successfully.
    C:\Documents and Settings\SANDRA\binternet.jar moved successfully.
    C:\Documents and Settings\SANDRA\tmp1.14 moved successfully.
    C:\Documents and Settings\SANDRA\F_ajour.jar moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 75 bytes

    User: All Users

    User: BEBE

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 75 bytes

    User: LAURENT

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 405 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: SANDRA
    ->Temp folder emptied: 14411366 bytes
    ->Temporary Internet Files folder emptied: 34381630 bytes
    ->Java cache emptied: 1554163 bytes
    ->FireFox cache emptied: 236929866 bytes
    ->Flash cache emptied: 3119100 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 68718981 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12913566 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 1035502662 bytes

    Total Files Cleaned = 1 343,00 mb


    OTL by OldTimer - Version 3.2.23.0 log created on 06142011_164419

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
    a c 295 8 Sécurité
    14 Juin 2011 20:13:03

    Citation :
    C:\Documents and Settings\

    --> Il est bien là, le virus lui a peut-être mis le statut "Caché".

    Pour finir :


    1/

  • Télécharge DelFix sur ton Bureau.
  • Lance DelFix puis clique sur le bouton Suppression.
  • Poste le rapport (C:\DelFixSuppr.txt).
  • Supprime DelFix.


    2/

  • Télécharge et installe CCleaner.
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


    ==Prévention==

    Voici un dossier sur la prévention et sécurité sur Internet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    --> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Ajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    ;) 
    14 Juin 2011 21:19:21

    et bien voici un virus cachotier.....comment je le retrouve????

    voici mon rapport delfix :
    # DelFix v8.0 - Rapport créé le 14/06/2011 à 21:17
    # Mis à jour le 01/06/11 à 13h par Xplode
    # Système d'exploitation : Microsoft Windows XP (32 bits) [version 5.1.2600] Service Pack 3
    # Nom d'utilisateur : SANDRA - LELIAN (Administrateur)
    # Exécuté depuis : C:\Documents and Settings\SANDRA\Mes documents\Téléchargements\DelFix.exe
    # Option [Suppression]


    ~~~~~~ Dossier(s) ~~~~~~

    Supprimé : C:\_OTL
    Supprimé : C:\Qoobox
    Supprimé : C:\Documents and Settings\SANDRA\Bureau\RK_Quarantine

    ~~~~~~ Fichier(s) ~~~~~~

    Supprimé : C:\ComboFix.txt
    Supprimé : C:\TCleaner.txt
    Supprimé : C:\WINDOWS\grep.exe
    Supprimé : C:\WINDOWS\MBR.exe
    Supprimé : C:\WINDOWS\NIRCMD.exe
    Supprimé : C:\WINDOWS\PEV.exe
    Supprimé : C:\WINDOWS\sed.exe
    Supprimé : C:\WINDOWS\SWREG.exe
    Supprimé : C:\WINDOWS\SWSC.exe
    Supprimé : C:\WINDOWS\SWXCACLS.exe
    Supprimé : C:\WINDOWS\zip.exe
    Supprimé : C:\WINDOWS\System32\reboot.exe
    Supprimé : C:\Documents and Settings\SANDRA\Mes documents\Téléchargements\OTL.exe
    Supprimé : C:\Documents and Settings\SANDRA\Mes documents\Téléchargements\OTL.Txt

    ~~~~~~ Registre ~~~~~~

    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\HijackThis
    Clé Supprimée : HKLM\Software\OldTimer Tools
    Clé Supprimée : HKLM\Software\Swearware
    Clé Supprimée : HKLM\Software\Classes\.cfxxe
    Clé Supprimée : HKLM\Software\Classes\cfxxefile
    Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

    ~~~~~~ Autre ~~~~~~

    -> BitDefender Online Scanner ... Désinstallé avec succès
    -> Prefetch vidé

    ########## EOF - "C:\DelFixSuppr.txt" - [1715 octets] ##########
    15 Juin 2011 10:15:59

    ok je vais aller voir ca!!!merci beaucoup pour ton aide bonne continuation....
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS