Se connecter / S'enregistrer
Votre question

Des fenêtres internet explorer souvrent toutes seules quand je les ferme pc plan

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
20 Mai 2011 18:22:55

je suis un vieux débutant et mon problème commence à me donner des maux de tête. Voilà lorsque j'allume mon pc, sur mon bureau s'affiche " c:\Program files\logitech\.. windows ne parvient pas à accéder au périphérique etc.. puis une fenêtre internet explorer s'ouvre sans aucune demande de ma part et lorsque je la ferme mon pc plante. je pense bien sûr à un virus mais mister Mc Afee ne détecte rien. Merci de me donner un coup de main! j'ajoute que lorsque je déconnecte internet aucune fenêtre ne s'ouvre.

Autres pages sur : fenetres internet explorer souvrent seules ferme plan

a b 8 Sécurité
20 Mai 2011 20:46:30

Salut, on va voir ça ensemble si tu veux bien ;) 


__________________


Pour le bon déroulement de la désinfection :[/#ff]


  • Utilise le moins possible ton PC pendant la procédure, afin de faciliter la désinfection.

  • Suis les procédures données, mais ne tente rien par toi-même : si il y a un souci pendant une procédure, fais-m'en part plutôt que de cliquer au hasard et provoquer une panne sur ton système.

  • Si tu suis déjà une procédure sur un autre forum, merci de le signaler, il est important de ne suivre qu'une seule désinfection à la fois.

  • Même si les symptômes de l'infection ont disparu, le PC n'est pas forcément clean : attends bien que l'on t'ait dit que le PC est désinfecté avant de l'utiliser à nouveau.

  • Même si les désinfections sont faites par des personnes ayant des connaissances approfondies dans la désinfection, il est toujours possible que ton PC plante. Pense à bien sauvegarder tes données ;) 

  • Pour finir, sache que je suis actuellement en formation, ce qui signifie que mes réponses doivent être validées par un helper confirmé avant de les poster, le temps entre mes réponses pourrait donc être allongé.

    __________________


    Si tu es prêt(e), allons-y :

    Ensuite :

    [#ff9000]Diagnostic :


  • Télécharge OTL (de [#ff9000]OldTimer[/#ff]) sur ton Bureau.

  • Si tu es sous XP, double-clique dessus pour le lancer, si tu es sous Vista/7, fais un clic droit dessus et fais Exécuter en tant qu'administrateur pour le lancer.

  • Une fenêtre apparaît.

  • Coche la case : Tous les utilisateurs

  • Coche les cases correspondant à la Recherche LOP et à la Recherche Purity (En bleu vers le bas de la fenêtre).

  • Sous Personnalisation, copie-colle l'ensemble du texte ci-dessous, laisse les autres options par défaut.

    netsvcs
    msconfig
    drivers32
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    %systemroot%\System32\config\*.sav
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.dll /lockedfiles
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    iexplore.exe
    /md5stop
    CREATERESTOREPOINT


  • Enfin, clique sur le bouton Analyse. Pendant la durée du scanne, ne touche à rien. Le scan prendra quelques temps.

  • A la fin du scan, deux rapports s'ouvriront : OTL.Txt et Extras.Txt. Copie/colle ici l'ensemble des rapports.

    Pour les rapports, qui ont tendance à être trop longs pour le forum, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
    21 Mai 2011 11:17:28

    tout d'abord merci pour l'aide, le travail se fait sur mon pc pendant que je te réponds sur le portable de mon gars. nous les anciens, tout nous épate!
    pendant que OTL fait le boulot mc afee a détecté un programme qui tente d'entrer "rx2.exe" qui tente d'accepter des connexions entrantes. que fais-je? je bloque, j'autorise? OTL bosse toujours
    Contenus similaires
    21 Mai 2011 11:36:42

    le scan vient de se terminer mais je ne vois apparaitre aucun rapport.
    21 Mai 2011 11:39:48

    j'ai ça!
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    %systemroot%\System32\config\*.sav
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.dll /lockedfiles
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    iexplore.exe
    /md5stop
    est-ce que cela convient?
    a b 8 Sécurité
    21 Mai 2011 11:42:32

    Salut, rx2.exe est un virus, donc bloque-le avec MCAfee le temps qu'on le supprime.

    Non, le rapport que tu m'as affiché n'est pas le bon ;) 

    Si les rapports ne s'affichent pas, dans ce cas tu peux les afficher manuellement, ils se trouvent dans le dossier dans lequel tu as mis OTL.exe (dans tes téléchargements par exemple), ils s'appellent OTL.txt et Extras.txt.

    :hello: 
    21 Mai 2011 12:05:24


    ça y est!! j'ai trouvé!!
    OTL logfile created on: 21/05/2011 11:03:15 - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\philippe\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8080.16413)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
    6,00 Gb Paging File | 3,00 Gb Available in Paging File | 61,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 139,15 Gb Total Space | 19,24 Gb Free Space | 13,83% Space Free | Partition Type: NTFS
    Drive F: | 142,94 Gb Total Space | 84,06 Gb Free Space | 58,81% Space Free | Partition Type: NTFS

    Computer Name: PC-DE-PHILIPPE | User Name: philippe | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/05/21 11:00:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
    PRC - [2011/05/19 21:43:20 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    PRC - [2011/05/19 21:34:36 | 000,148,480 | ---- | M] () -- C:\Windows\Temp\Rx2.exe
    PRC - [2011/05/19 21:34:32 | 000,152,576 | ---- | M] () -- C:\Windows\Temp\Rx0.exe
    PRC - [2011/05/19 17:34:19 | 000,033,280 | ---- | M] (Yhkgmurv Software) -- C:\Windows\Temp\egio\setup.exe
    PRC - [2011/05/10 09:38:19 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe
    PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2011/03/21 23:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011/03/09 14:30:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    PRC - [2011/03/09 14:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/01/28 18:36:42 | 000,526,336 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
    PRC - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
    PRC - [2010/08/19 14:27:36 | 001,281,696 | ---- | M] (Freecompressor) -- C:\Program Files\FreeCompressor\spointer\freecompressor_air.exe
    PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/07/23 18:52:06 | 000,206,112 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    PRC - [2008/04/25 13:31:40 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
    PRC - [2008/04/25 13:31:24 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
    PRC - [2008/04/25 13:30:26 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    PRC - [2008/03/04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    PRC - [2008/03/04 23:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    PRC - [2008/01/29 12:25:10 | 000,598,016 | ---- | M] () -- C:\Program Files\bin32\nSvcAppFlt.exe
    PRC - [2008/01/29 12:24:46 | 000,163,840 | ---- | M] () -- C:\Program Files\bin32\nSvcIp.exe
    PRC - [2006/11/13 14:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
    PRC - [2005/01/18 17:37:30 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/05/21 11:00:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
    MOD - [2010/08/31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    MOD - [2008/07/23 18:52:10 | 000,012,576 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\saHook.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/05/19 17:34:19 | 000,033,280 | ---- | M] (Yhkgmurv Software) [Auto | Start_Pending] -- C:\Windows\TEMP\egio\setup.exe -- (AMService)
    SRV - [2011/05/19 15:34:26 | 000,795,648 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\tafwyfiw.dll -- (ouvhtwgy)
    SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
    SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
    SRV - [2011/03/09 14:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    SRV - [2010/10/07 22:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2008/07/23 18:52:06 | 000,206,112 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2008/04/25 13:30:26 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
    SRV - [2008/03/04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
    SRV - [2008/01/29 12:25:10 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Program Files\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
    SRV - [2008/01/29 12:24:46 | 000,163,840 | ---- | M] () [Auto | Running] -- C:\Program Files\bin32\nSvcIp.exe -- (nSvcIp)
    SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV - [2006/11/13 14:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe -- (MgiSvr)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2011/04/14 14:01:38 | 000,165,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
    DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2011/04/14 14:01:38 | 000,064,584 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
    DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
    DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2011/03/03 14:19:39 | 000,864,384 | ---- | M] (ITE Technologies ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF9035HB.sys -- (AF9035HB)
    DRV - [2009/09/08 10:40:14 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)
    DRV - [2009/04/30 23:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
    DRV - [2008/09/29 18:12:04 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
    DRV - [2008/04/22 02:49:00 | 007,451,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2008/04/22 02:49:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2008/01/29 07:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2008/01/25 14:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
    DRV - [2007/10/12 10:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2007/09/25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
    DRV - [2007/06/29 16:32:08 | 000,611,584 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
    DRV - [2006/12/07 15:55:40 | 000,017,024 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftVirtualCapture.sys -- (ARCSOFTVIRTUALCAPTURE)
    DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
    DRV - [2005/01/31 10:20:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
    DRV - [2005/01/31 10:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=1&o=v...
    IE - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
    IE - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
    IE - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
    IE - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

    ========== FireFox ==========


    FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/03 02:04:49 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\freecompressor@spointer.com: C:\Program Files\FreeCompressor\spointer\extensions\freecompressor@spointer.com [2010/10/16 19:23:05 | 000,000,000 | ---D | M]

    [2010/08/06 14:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe\AppData\Roaming\mozilla\Extensions
    [2010/08/06 14:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
    [2010/07/15 19:20:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe\AppData\Roaming\mozilla\Extensions\MediaCoder
    [2010/07/14 08:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe\AppData\Roaming\mozilla\Extensions\MediaCoder-MCEX

    Hosts file not found
    O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll ()
    O2 - BHO: () - {341A541E-0313-E4B7-0D8E-95E65828470D} - C:\Windows\System32\tafwyfiw.dll ()
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110515031129.dll (McAfee, Inc.)
    O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
    O2 - BHO: (Interest recogniser for Freecompressor (powered by Spointer)) - {a83c3565-302c-4bf8-b000-6b6f1811d892} - C:\Program Files\FreeCompressor\spointer\extensions\freecompressor_air_ie.dll (Freecompressor)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)
    O4 - HKLM..\Run: [EmpoweringTechnology] File not found
    O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
    O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [PCMMediaSharing] File not found
    O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKU\.DEFAULT..\Run: [Metropolis] C:\Windows\TEMP\sshnas21.dll (Simon Tatham)
    O4 - HKU\.DEFAULT..\Run: [SNJQ66R8MU] C:\Windows\Temp\Rx1.exe ()
    O4 - HKU\S-1-5-18..\Run: [Metropolis] C:\Windows\TEMP\sshnas21.dll (Simon Tatham)
    O4 - HKU\S-1-5-18..\Run: [SNJQ66R8MU] C:\Windows\Temp\Rx1.exe ()
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000..\Run: [EPSON Stylus DX4000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION)
    O4 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
    O4 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000..\Run: [Lpizokesiko] C:\Users\philippe\AppData\Local\ncoral.dll (Acronis)
    O4 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
    O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
    O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\..Trusted Domains: localhost ([]http in Computer)
    O15 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\..Trusted Ranges: GD ([http] in Computer)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\uximert: DllName - C:\Windows\system32\config\systemprofile\AppData\Local\uximert.dll - C:\Windows\System32\config\systemprofile\AppData\Local\uximert.dll ()
    O24 - Desktop WallPaper: C:\Users\philippe\Pictures\voyage de noce\guadeloupe\guadeloupe\DSCF1191.JPG
    O24 - Desktop BackupWallPaper: C:\Users\philippe\Pictures\voyage de noce\guadeloupe\guadeloupe\DSCF1191.JPG
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{70d092e9-b928-11de-9a0f-001d72b264bd}\Shell - "" = AutoRun
    O33 - MountPoints2\{70d092e9-b928-11de-9a0f-001d72b264bd}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
    O33 - MountPoints2\{9e067bf7-3d6d-11de-8d6c-001d72b264bd}\Shell - "" = AutoRun
    O33 - MountPoints2\{9e067bf7-3d6d-11de-8d6c-001d72b264bd}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found
    NetSvcs: ouvhtwgy - C:\Windows\System32\tafwyfiw.dll ()

    MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    MsConfig - StartUpReg: MAGIXautostart - hkey= - key= - File not found
    MsConfig - StartUpReg: MediaDICO4Ut - hkey= - key= - C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe (L'Aventure Multimedia)
    MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
    MsConfig - State: "startup" - 2

    Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM File not found
    Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
    Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
    Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
    Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/21 11:00:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
    [2011/05/21 10:58:02 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{15E587AC-9B11-4BD2-9E18-430105445A64}
    [2011/05/20 18:11:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2011/05/20 16:33:04 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{4022702F-652C-4143-B756-72D3CF208649}
    [2011/05/20 15:03:53 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{F3FEA8F1-0795-48E8-9F54-36B592E7255F}
    [2011/05/19 23:34:09 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2011/05/18 10:21:44 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{DC64B650-7AD5-4940-908F-90067B28DC03}
    [2011/05/15 12:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2011/05/15 09:16:47 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{09FFEFD3-EA6E-452F-BF5A-89506ED6AB3F}
    [2011/05/14 11:37:04 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{9B8F0C3B-1BE0-4DD9-9468-84D4BD0FC591}
    [2011/05/10 09:38:12 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{248325FA-D235-469D-B0D3-648FF63C16D1}
    [2011/04/30 03:55:47 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{B4DA6ABC-A04E-4292-BB13-6BC8715676F7}
    [2011/04/29 15:55:18 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{9BF4B707-EACC-4C0F-A78F-C73C3BF3F43C}
    [2011/04/27 11:07:30 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
    [2011/04/27 11:07:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
    [2011/04/27 11:07:26 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
    [2009/08/07 23:23:03 | 000,095,744 | ---- | C] (Acronis) -- C:\Users\philippe\AppData\Local\ncoral.dll
    [2008/10/05 11:33:00 | 002,741,248 | ---- | C] (Antonio Da Cruz) -- C:\Program Files\PhotoFiltre.exe
    [2008/07/22 10:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/05/21 11:01:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/05/21 11:00:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
    [2011/05/21 11:00:44 | 000,094,208 | ---- | M] () -- C:\Users\philippe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/21 10:57:02 | 000,000,256 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
    [2011/05/21 10:38:02 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
    [2011/05/21 10:09:01 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/05/21 10:09:01 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/05/21 04:01:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/05/20 18:14:21 | 000,678,804 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
    [2011/05/20 18:14:21 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/05/20 18:14:21 | 000,126,420 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
    [2011/05/20 18:14:21 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/05/20 18:11:53 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
    [2011/05/20 18:08:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/05/20 14:34:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
    [2011/05/19 23:34:00 | 307,961,004 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/05/19 15:34:26 | 000,795,648 | ---- | M] () -- C:\Windows\System32\tafwyfiw.dll
    [2011/05/17 16:25:37 | 001,708,730 | ---- | M] () -- C:\Users\philippe\Desktop\marie madeleine phil-said.mp3
    [2011/05/15 19:15:55 | 002,596,379 | ---- | M] () -- C:\Users\philippe\Documents\celineadrien.odp
    [2011/05/15 12:40:16 | 000,005,033 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2
    [2011/05/15 12:37:44 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2011/05/12 13:32:54 | 005,425,215 | ---- | M] () -- C:\Users\philippe\Documents\Catalogue FC IFEN 2012.pdf
    [2011/05/12 13:31:16 | 000,064,441 | ---- | M] () -- C:\Users\philippe\Documents\BT276.pdf
    [2011/05/07 13:19:07 | 000,000,196 | ---- | M] () -- C:\Users\philippe\Desktop\Messenger.url
    [2011/05/07 06:21:31 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
    [2011/05/06 11:49:14 | 000,266,833 | ---- | M] () -- C:\Users\philippe\Documents\CV THIBAULT.pdf
    [2011/05/03 16:32:48 | 000,385,493 | ---- | M] () -- C:\Users\philippe\Documents\dictons_cons.pdf

    ========== Files Created - No Company Name ==========

    [2011/05/19 23:48:09 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
    [2011/05/19 23:34:00 | 307,961,004 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/05/19 21:34:39 | 000,000,252 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
    [2011/05/19 21:34:35 | 000,000,256 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
    [2011/05/19 15:34:26 | 000,795,648 | ---- | C] () -- C:\Windows\System32\tafwyfiw.dll
    [2011/05/17 16:25:22 | 001,708,730 | ---- | C] () -- C:\Users\philippe\Desktop\marie madeleine phil-said.mp3
    [2011/05/15 19:15:49 | 002,596,379 | ---- | C] () -- C:\Users\philippe\Documents\celineadrien.odp
    [2011/05/15 12:37:44 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2011/05/12 13:32:53 | 005,425,215 | ---- | C] () -- C:\Users\philippe\Documents\Catalogue FC IFEN 2012.pdf
    [2011/05/12 13:31:16 | 000,064,441 | ---- | C] () -- C:\Users\philippe\Documents\BT276.pdf
    [2011/05/06 11:49:13 | 000,266,833 | ---- | C] () -- C:\Users\philippe\Documents\CV THIBAULT.pdf
    [2011/05/03 16:32:48 | 000,385,493 | ---- | C] () -- C:\Users\philippe\Documents\dictons_cons.pdf
    [2010/10/15 18:55:02 | 000,000,680 | ---- | C] () -- C:\Users\philippe\AppData\Local\d3d9caps.dat
    [2010/09/03 18:50:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/07/08 17:37:56 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
    [2010/07/08 17:37:48 | 000,094,208 | ---- | C] () -- C:\Users\philippe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/07/08 17:16:28 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.INI
    [2010/05/14 17:08:23 | 000,001,000 | ---- | C] () -- C:\Windows\posteriza.INI
    [2010/05/13 03:06:57 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2010/05/10 11:06:35 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
    [2010/04/30 16:41:37 | 000,031,007 | ---- | C] () -- C:\Users\philippe\AppData\Roaming\UserTile.png
    [2010/04/14 16:26:37 | 002,322,096 | ---- | C] () -- C:\Windows\System32\Incinerator.dll
    [2010/04/14 16:26:37 | 000,030,208 | ---- | C] () -- C:\Windows\System32\iolobtdfg.exe
    [2010/04/14 16:26:37 | 000,012,288 | ---- | C] () -- C:\Windows\System32\smrgdf.exe
    [2010/04/14 16:23:55 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
    [2010/03/10 20:16:08 | 000,000,059 | ---- | C] () -- C:\Windows\RUNAWAY.INI
    [2009/12/31 12:10:23 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll
    [2009/12/02 13:45:19 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
    [2009/12/01 20:31:43 | 000,000,118 | ---- | C] () -- C:\Users\philippe\AppData\Roaming\wklnhst.dat
    [2009/10/20 16:41:34 | 000,081,920 | ---- | C] () -- C:\Windows\bwUnin-6.1.4.68-8876480L.exe
    [2009/10/02 19:06:45 | 000,000,056 | ---- | C] () -- C:\Windows\iltwain.ini
    [2009/09/25 15:33:08 | 000,000,000 | ---- | C] () -- C:\Windows\ka.ini
    [2009/08/07 23:23:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/07 23:23:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/07/18 16:52:06 | 000,001,972 | ---- | C] () -- C:\Windows\Media4Ut.ini
    [2009/06/05 15:37:11 | 000,000,040 | ---- | C] () -- C:\Windows\NAVIGMA.INI
    [2009/06/02 18:08:36 | 000,000,571 | ---- | C] () -- C:\Windows\eReg.dat
    [2009/05/26 17:04:22 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
    [2009/05/26 17:03:28 | 000,000,073 | ---- | C] () -- C:\Windows\magix.ini
    [2009/05/19 16:42:44 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI
    [2009/05/19 16:24:17 | 000,000,032 | ---- | C] () -- C:\Windows\CDMKR32.INI
    [2009/05/17 18:18:13 | 000,000,050 | ---- | C] () -- C:\Windows\Sierra.ini
    [2009/05/08 17:28:21 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2009/05/08 17:28:21 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2009/05/08 17:28:16 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2009/05/08 17:28:16 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009/05/08 17:28:14 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009/04/30 23:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
    [2009/04/10 08:57:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2009/04/09 23:30:27 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2009/04/09 23:30:26 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
    [2009/04/09 23:30:26 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
    [2009/04/09 23:30:26 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
    [2009/04/09 23:30:26 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
    [2009/04/09 23:30:26 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
    [2009/04/09 23:30:26 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
    [2009/04/09 23:30:26 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
    [2009/04/09 23:30:26 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
    [2009/04/09 23:30:26 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
    [2009/04/09 23:30:26 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
    [2009/04/09 23:30:26 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
    [2009/04/09 23:30:26 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
    [2009/04/09 23:30:26 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
    [2009/04/09 23:30:26 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
    [2009/04/09 23:30:26 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
    [2009/04/09 23:30:26 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
    [2009/04/09 23:30:26 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
    [2009/04/09 23:30:26 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
    [2009/04/09 23:18:18 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4000EFDG.ini
    [2008/05/09 04:32:23 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
    [2008/05/09 04:32:23 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
    [2008/05/09 03:53:15 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
    [2008/05/09 03:43:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
    [2008/05/09 03:43:57 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
    [2008/05/09 03:32:41 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2008/01/21 10:40:50 | 000,678,804 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
    [2008/01/21 10:40:50 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
    [2008/01/21 10:40:50 | 000,126,420 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
    [2008/01/21 10:40:50 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
    [2008/01/21 04:23:50 | 000,151,296 | ---- | C] () -- C:\Windows\System32\ztbbpbpj.dat
    [2008/01/21 04:23:50 | 000,135,936 | ---- | C] () -- C:\Windows\System32\ofeppxyi.dat
    [2008/01/21 04:23:50 | 000,034,560 | ---- | C] () -- C:\Windows\System32\amformoe.dat
    [2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 14:47:37 | 000,376,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/10/11 00:32:18 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
    [2006/10/11 00:32:18 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
    [2005/08/29 10:43:34 | 000,008,073 | ---- | C] () -- C:\Program Files\PhotoMasque.htm
    [2005/08/18 10:21:52 | 000,033,369 | ---- | C] () -- C:\Program Files\PhotoFiltre.htm
    [2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
    [2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
    [2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
    [2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
    [1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
    [1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

    ========== LOP Check ==========

    [2008/05/09 04:04:50 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
    [2008/05/09 04:04:50 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
    [2009/12/07 14:50:47 | 000,000,000 | -HSD | M] -- C:\Users\philippe\AppData\Roaming\.#
    [2008/05/09 04:04:50 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Acer GameZone Console
    [2009/12/09 15:42:35 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Amazon
    [2009/12/31 11:56:17 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Apowersoft
    [2010/07/13 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Broad Intelligence
    [2010/01/21 22:56:48 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\CoSoSys
    [2010/09/09 01:09:39 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\CVitae
    [2009/05/27 15:55:57 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\EPSON
    [2009/05/02 15:34:00 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\eSobi
    [2009/04/12 12:09:53 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\FloodLightGames
    [2010/05/10 11:06:38 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\FreeAudioPack
    [2010/10/16 19:23:34 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\freeCompressor
    [2011/05/18 10:49:33 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\FreeVideoConverter
    [2009/05/11 22:30:15 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Gaijin Ent
    [2009/04/23 17:43:10 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Gamelab
    [2011/01/04 16:29:25 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\GlarySoft
    [2009/04/23 13:17:24 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Home Sweet Home
    [2009/06/22 16:28:26 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Home Sweet Home 2
    [2010/04/14 16:50:38 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\iolo
    [2009/05/09 19:17:48 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\iWin
    [2009/11/03 14:38:37 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Leadertech
    [2009/05/11 22:00:33 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\OpenOffice.org
    [2010/04/30 16:41:37 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\PeerNetworking
    [2010/12/15 16:36:37 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\PhotoFiltre
    [2010/08/30 17:24:20 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\PhotoScape
    [2009/06/26 12:21:01 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\PlayFirst
    [2009/05/06 15:40:36 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Sony
    [2009/12/01 20:31:59 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Template
    [2010/08/06 14:37:21 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\TomTom
    [2010/05/22 13:20:33 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\VampireSaga
    [2010/11/09 17:38:39 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\VirginMega.DownloadManager.v3.4AE6D9B37411D7D7A2C457954142B8FA4EE6E198.1
    [2011/02/18 19:41:52 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Windows Live Writer
    [2011/05/20 16:03:52 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/05/21 10:57:02 | 000,000,256 | -H-- | M] () -- C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
    [2011/05/21 10:38:02 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %APPDATA%\*. >
    [2009/12/07 14:50:47 | 000,000,000 | -HSD | M] -- C:\Users\philippe\AppData\Roaming\.#
    [2008/05/09 04:04:50 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Acer GameZone Console
    [2011/05/19 15:19:52 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Adobe
    [2009/12/09 15:42:35 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Amazon
    [2009/12/31 11:56:17 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Apowersoft
    [2010/04/17 11:48:08 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Apple Computer
    [2010/09/12 20:29:26 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\ArcSoft
    [2010/07/13 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Broad Intelligence
    [2010/01/21 22:56:48 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\CoSoSys
    [2010/09/09 01:09:39 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\CVitae
    [2011/03/03 14:39:52 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\CyberLink
    [2010/09/11 17:09:09 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\DivX
    [2011/05/17 15:17:25 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\dvdcss
    [2009/05/27 15:55:57 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\EPSON
    [2009/05/02 15:34:00 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\eSobi
    [2009/04/12 12:09:53 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\FloodLightGames
    [2010/05/10 11:06:38 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\FreeAudioPack
    [2010/10/16 19:23:34 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\freeCompressor
    [2011/05/18 10:49:33 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\FreeVideoConverter
    [2009/05/11 22:30:15 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Gaijin Ent
    [2009/04/23 17:43:10 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Gamelab
    [2011/01/04 16:29:25 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\GlarySoft
    [2009/04/10 08:56:48 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Google
    [2010/09/18 16:17:04 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Help
    [2009/04/23 13:17:24 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Home Sweet Home
    [2009/06/22 16:28:26 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Home Sweet Home 2
    [2009/04/09 22:27:44 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Identities
    [2009/05/06 15:19:59 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\InstallShield
    [2010/04/14 16:50:38 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\iolo
    [2009/05/09 19:17:48 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\iWin
    [2009/11/03 14:38:37 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Leadertech
    [2009/04/09 22:28:08 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Macromedia
    [2006/11/02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Media Center Programs
    [2010/11/16 15:00:08 | 000,000,000 | --SD | M] -- C:\Users\philippe\AppData\Roaming\Microsoft
    [2010/07/14 08:38:18 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Mozilla
    [2009/05/11 22:00:33 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\OpenOffice.org
    [2010/04/30 16:41:37 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\PeerNetworking
    [2010/12/15 16:36:37 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\PhotoFiltre
    [2010/08/30 17:24:20 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\PhotoScape
    [2009/06/26 12:21:01 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\PlayFirst
    [2011/05/20 18:09:40 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Skype
    [2011/03/28 16:07:50 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\skypePM
    [2009/05/06 15:40:36 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Sony
    [2009/12/01 20:31:59 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Template
    [2010/08/06 14:37:21 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\TomTom
    [2010/11/08 13:08:11 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\U3
    [2010/05/22 13:20:33 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\VampireSaga
    [2010/11/09 17:38:39 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\VirginMega.DownloadManager.v3.4AE6D9B37411D7D7A2C457954142B8FA4EE6E198.1
    [2011/04/20 14:03:47 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\vlc
    [2011/02/18 19:41:52 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Windows Live Writer
    [2009/07/03 21:16:21 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\WinRAR

    < %APPDATA%\*.exe /s >
    [2010/11/09 17:37:38 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\philippe\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    [2010/02/27 16:11:28 | 000,010,134 | R--- | M] () -- C:\Users\philippe\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
    [2008/05/04 17:02:26 | 004,603,904 | ---- | M] () -- C:\Users\philippe\AppData\Roaming\U3\26056216AEC319E8\LaunchPad.exe
    [2007/10/23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Users\philippe\AppData\Roaming\U3\temp\cleanup.exe
    [2008/05/02 11:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\philippe\AppData\Roaming\U3\temp\Launchpad Removal.exe

    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008/05/08 21:20:09 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2006/09/18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2010/04/24 07:39:33 | 000,000,051 | ---- | M] () -- C:\EventLOG.txt
    [2009/05/08 17:42:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/10/20 16:41:43 | 000,000,183 | ---- | M] () -- C:\LogiSetup.log
    [2009/05/08 17:42:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/05/20 18:08:51 | 3265,060,864 | -HS- | M] () -- C:\pagefile.sys
    [2008/05/09 03:44:29 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2011/02/15 15:34:36 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
    [2011/02/15 15:34:36 | 000,223,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
    [2011/02/15 15:34:37 | 000,117,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll


    < MD5 for: EXPLORER.EXE >
    [2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
    [2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
    [2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
    [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
    [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
    [2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
    [2008/01/21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

    < MD5 for: IEXPLORE.EXE >
    [2009/01/15 06:14:36 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=0844F5B9CB3BB85A917D347EF1565B6C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
    [2008/02/22 04:44:11 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=182CAF7403705ACCB51211A761080B8F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe
    [2009/11/21 08:42:38 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=1B6362BB14FCEB9E76BCF9A953B04788 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_120f459f2ff7e1f8\iexplore.exe
    [2009/03/03 06:18:52 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=1DD66A2851DACDEC32EAE8F9A8865ABD -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\iexplore.exe
    [2009/04/24 18:25:27 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1F44940EF1D07D0BDAF80E55853DFBD0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\iexplore.exe
    [2010/02/23 17:06:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=25DB705A7DC85C208B3CF2D20F118AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\iexplore.exe
    [2009/04/11 08:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
    [2009/08/27 07:23:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=2E48756F12C21F46895036AC089AAD97 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_123d862d2fd4be39\iexplore.exe
    [2010/01/02 16:58:26 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=3D8DA00B028DEA9517066F1CECBFC4A2 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_128c11ea491f6b05\iexplore.exe
    [2010/05/04 08:32:18 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=48A6109E8DF0365195298CC527B7426A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_12d2cb5048e98eab\iexplore.exe
    [2010/09/08 08:26:34 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4A719476A6393B1DCACFEB4F3AC6599C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23067_none_129abb204913e7b2\iexplore.exe
    [2009/07/22 08:04:09 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4B5AEA50CE77FBA4C2D169622DC9B489 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\iexplore.exe
    [2008/01/21 04:23:50 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=5B92133D3E7FB2644677686305E29E81 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
    [2010/05/04 08:00:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=5C9B1062EA7A44E8F6BFDE994B68C7AA -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_123d88132fd4bb60\iexplore.exe
    [2010/06/26 08:06:48 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7420BE0E7D3D1320054F7ACA0594953D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\iexplore.exe
    [2009/08/27 15:31:08 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=7DD482E4A2E3CBB0A72F718C342F5B75 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_12d1f2e448ea4212\iexplore.exe
    [2010/01/02 08:40:20 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=88BD42DAE7CFFEB256CA7145A15E4843 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_11f6a4e9300acdd5\iexplore.exe
    [2009/03/03 06:32:44 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=8BA2B7A05F88BE0D45237A0994AD8366 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\iexplore.exe
    [2008/02/21 06:43:03 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=9437CA21CD48C9B6BFD6F5AC0143D251 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe
    [2009/03/03 06:40:22 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=9E6C1527D9A2C64BFD780AA23075380F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\iexplore.exe
    [2010/02/23 08:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=9F52FBE99C749E3F32C75124F09F1B03 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\iexplore.exe
    [2009/03/08 23:09:24 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
    [2011/02/15 15:34:38 | 000,745,784 | ---- | M] (Microsoft Corporation) MD5=BA4F0F6D114A44F51893C5206DD5A4CA -- C:\Program Files\Internet Explorer\iexplore.exe
    [2011/02/15 15:34:38 | 000,745,784 | ---- | M] (Microsoft Corporation) MD5=BA4F0F6D114A44F51893C5206DD5A4CA -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8080.16413_none_8158bf363a0cd3f3\iexplore.exe
    [2009/07/21 23:53:43 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=C33BD196A0301F9B23D9A003D30ED8B0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\iexplore.exe
    [2009/04/24 18:03:18 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D5271AC4A06AD9D1E2EA0151B79B2657 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\iexplore.exe
    [2010/09/08 08:02:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=D5A730DFDEAE005373E62BC2A866E3BB -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18975_none_120477992ffffb10\iexplore.exe
    [2009/04/24 18:01:36 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D6157423C117F24D24695866A1D0A93F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\iexplore.exe
    [2009/11/21 17:05:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=E7F8DF50E483D165BB01F367D3519AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_12a4b2a0490c7f28\iexplore.exe
    [2009/03/03 06:22:10 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=EA4BE33726155F89D89A3FE7142878E0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\iexplore.exe
    [2010/06/26 08:52:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=F05B3A2C6CB319DD1377AD566CF5ECE5 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\iexplore.exe
    [2009/01/15 06:18:47 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=F0B1CA517977BA2FF6DA33F1B966C488 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe
    [2009/04/24 18:08:04 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=F294D8EEB05C835EC44A12CE0A1DFE7A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\iexplore.exe

    < MD5 for: SVCHOST.EXE >
    [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
    [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
    [2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
    [2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
    [2008/01/21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.180
    a b 8 Sécurité
    21 Mai 2011 21:23:48

    Salut, le rapport n'est pas complet ;) 

    Et il me manque extras.txt ;) 

    IMPORTANT :

    Pour les rapports, qui ont tendance à être trop longs pour le forum, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
    a b 8 Sécurité
    23 Mai 2011 18:51:26

    Hello, oki, peux-tu faire de même avec le rapport OTL.txt s'il te plaît ? Parce que la fin du rapport a été tronquée. Merci de passer par cijoint pour le poster :) 
    a b 8 Sécurité
    25 Mai 2011 14:02:39

    Yop,

    La suite :) 

    tu es infecté par pas mal de choses, dont une backdoor spigot et searchsettings.

    1)

    Scan Ad-Remover

  • Télécharge Ad-Remover (de C_XX[/#ff]) sur ton Bureau.

    [#ff0000]Déconnecte-toi et ferme toutes applications en cours[/#ff]


  • Double-clique sur AD-R présent sur ton bureau. (Clic droit -> "Exécuter en tant qu'administrateur" pour VISTA/7)

  • Patiente jusqu'à l'apparition du menu principal. A partir de là, clique sur Scanner. On te demandera de confirmer, clique sur Oui et patiente jusqu'à la fin du scan.

    [#ff0000]Laisse travailler l'outil [/#ff]


  • Une fenêtre contenant le rapport va s'ouvrir, poste-moi le rapport dans ta prochaine réponse.
    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
    Ensuite clique sur Quitter pour fermer Ad-Remover.

    Note : Le rapport que Ad-Remover viens de générer se trouve ici : C:\Ad-Report-SCAN

    [#ff9d00]Pour t'aider :
  • Tuto sur AD-R

    2)

    Fix OTL :[/#ff]

  • Relance OTL.exe.

  • Copie exactement le texte ci-dessous :

    :OTL
    SRV - [2011/05/19 17:34:19 | 000,033,280 | ---- | M] (Yhkgmurv Software) [Auto | Start_Pending] -- C:\Windows\TEMP\egio\setup.exe -- (AMService)
    SRV - [2011/05/19 15:34:26 | 000,795,648 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\tafwyfiw.dll -- (ouvhtwgy)
    SRV - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    IE - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
    O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: () - {341A541E-0313-E4B7-0D8E-95E65828470D} - C:\Windows\System32\tafwyfiw.dll ()
    O2 - BHO: (Interest recogniser for Freecompressor (powered by Spointer)) - {a83c3565-302c-4bf8-b000-6b6f1811d892} - C:\Program Files\FreeCompressor\spointer\extensions\freecompressor_air_ie.dll (Freecompressor)
    O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
    O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    O4 - HKU\.DEFAULT..\Run: [Metropolis] C:\Windows\TEMP\sshnas21.dll (Simon Tatham)
    O4 - HKU\.DEFAULT..\Run: [SNJQ66R8MU] C:\Windows\Temp\Rx1.exe ()
    O4 - HKU\S-1-5-18..\Run: [Metropolis] C:\Windows\TEMP\sshnas21.dll (Simon Tatham)
    O4 - HKU\S-1-5-18..\Run: [SNJQ66R8MU] C:\Windows\Temp\Rx1.exe ()
    O4 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
    O4 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000..\Run: [Lpizokesiko] C:\Users\philippe\AppData\Local\ncoral.dll (Acronis)
    O20 - Winlogon\Notify\uximert: DllName - C:\Windows\system32\config\systemprofile\AppData\Local\uximert.dll - C:\Windows\System32\config\systemprofile\AppData\Local\uximert.dll ()
    NetSvcs: ouvhtwgy - C:\Windows\System32\tafwyfiw.dll ()
    [2010/05/13 03:06:57 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
    @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:DA3C6C07
    @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:700CD00E
    @Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:8AB6C1D7
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:204BEE0F
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:EB603FE4
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:F50F1555
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:793F316E
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:FC420CE6
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C95B63DA
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:131C0EE9
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:567AC0A6
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:18AE7C5A
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:87FA5E8A
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E1982A23
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:37CE0F2E
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:580E04D8
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:30376ACC
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:FF818E2B
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5D10517E
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:8173A019

    :Files
    C:\Windows\System32\tafwyfiw.dll
    C:\Users\philippe\AppData\Roaming\.#
    C:\Windows\Temp\Rx2.exe
    C:\Windows\Temp\Rx0.exe
    C:\Program Files\Common Files\Spigot
    C:\Program Files\Application Updater
    C:\Windows\Temp\egio\setup.exe

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]


  • Colle-le dans le cadre Personnalisation en bas à gauche.

  • Clique sur le bouton [#ff9000]Correction[/#ff] en haut à gauche.

  • Si le pc te demande de redémarrer, confirme l'opération.

  • Un rapport après le redémarrage va apparaître, copie/colle-le dans ta prochaine réponse.

    3)

    [#ff9000]Analyse et suppression des logiciels malveillants


  • Télécharge Malwarebytes' Anti-Malware (MBAM) (de Marcin Kleczynski et Bruce Harriss).

  • Installe-le, puis mets bien à jour le programme à la fin de l'installation.

  • Une fois l'opération terminée, MBAM se lance. Vérifie que la case Examen rapide est bien cochée, puis appuye sur Rechercher (encadré en rouge dans l'image ci-dessous )



  • A la fin de l'analyse, un message va s'afficher :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    ou bien :
    L'examen s'est terminé normalement. Aucun élément nuisible n'a été détecté.


  • Clique sur OK pour continuer. Si MBAM n'a rien trouvé, fais-le moi savoir et quitte le programme.

  • Si il a trouvé des malwares (donc si tu obtiens le message "Afficher les résultats' pour afficher tous les objets trouvés"), continue :

    Ferme toutes les applications en cours (à part MBAM) [/#ff]

  • Clique sur Afficher les résultats.

  • Coche toutes les cases et clique sur Supprimer la sélection. Ainsi, les malwares vont être mis en quarantaine.

  • Un rapport va s'afficher. Colle ce rapport dans ta prochaine réponse stp ;) 

    [#ffb200]Pour t'aider
  • : Tuto sur MBAM

    4)

  • Va sur le site Virustotal , un site qui analyse des fichiers avec tous les antivirus présents sur le marché.

  • Clique sur Choisissez un fichier .

  • Dans la fenêtre qui s'ouvre alors, en bas, il est marqué Nom du fichier . Mets alors
    C:\Users\philippe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    (copie et colle avec Ctrl+V)

  • Appuie sur Ouvrir , puis clique sur Envoyer le fichier .

  • Attends quelques secondes. Si c'est marqué que le fichier a déjà été analysé, clique sur Reanalyser le fichier maintenant .

  • Ton fichier est alors analysé. Attends bien que ce soit marqué Situation actuelle : terminé .

  • Sélectionne le tableau (avec les anti-virus, la version, la dernière mise à jour, le résultat), et Colle-le dans ta prochaine réponse stp .

  • Fais de même avec

    C:\Windows\avisplitter.ini
    25 Mai 2011 14:18:38

    ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 12/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 14:12:39 le 25/05/2011, Mode normal

    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86)
    philippe@PC-DE-PHILIPPE (Acer Aspire X3200)

    ============== RECHERCHE ==============

    Service: "Application Updater" Présent

    Dossier trouvé: C:\Program Files\Dealio Toolbar
    Dossier trouvé: C:\Program Files\Application Updater
    Dossier trouvé: C:\Program Files\GamesBar
    Dossier trouvé: C:\Users\philippe\AppData\LocalLow\Search Settings
    Dossier trouvé: C:\Program Files\Common Files\Spigot
    Dossier trouvé: C:\Program Files\FreeCompressor

    Clé trouvée: HKLM\Software\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
    Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
    Clé trouvée: HKLM\Software\Classes\CLSID\{20FE21D0-8895-4F5F-A5D2-709170290006}
    Clé trouvée: HKLM\Software\Classes\Interface\{20FE21D0-8895-4F5F-A5D2-709170290006}
    Clé trouvée: HKLM\Software\Classes\CLSID\{6ad30cb8-7064-4664-8039-d9bb95cba878}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6ad30cb8-7064-4664-8039-d9bb95cba878}
    Clé trouvée: HKLM\Software\Classes\CLSID\{85fe1096-281b-4cb9-82b6-d8eba5830035}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{85fe1096-281b-4cb9-82b6-d8eba5830035}
    Clé trouvée: HKLM\Software\Classes\CLSID\{a83c3565-302c-4bf8-b000-6b6f1811d892}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a83c3565-302c-4bf8-b000-6b6f1811d892}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a83c3565-302c-4bf8-b000-6b6f1811d892}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a83c3565-302c-4bf8-b000-6b6f1811d892}
    Clé trouvée: HKLM\Software\Classes\CLSID\{E9E9C4BC-BD4D-4486-9092-C43FDF8F911B}
    Clé trouvée: HKLM\Software\Classes\Interface\{E9E9C4BC-BD4D-4486-9092-C43FDF8F911B}
    Clé trouvée: HKLM\Software\Classes\CLSID\{f011f437-ee07-463c-8217-97c0522117ab}
    Clé trouvée: HKLM\Software\Classes\Interface\{6BB301AC-528E-4545-B03E-9B8EE56382BC}
    Clé trouvée: HKLM\Software\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
    Clé trouvée: HKLM\Software\Classes\Interface\{7713A018-8482-48FA-8BD3-46A9D319693F}
    Clé trouvée: HKLM\Software\Classes\Interface\{7894081D-0CF3-4663-B371-79DB59C32FC3}
    Clé trouvée: HKLM\Software\Classes\Interface\{9D2F73EA-AA92-4C9C-9FA5-666B725E8E75}
    Clé trouvée: HKLM\Software\Classes\Interface\{C382B99A-E317-4842-8448-70ADDAC750CA}
    Clé trouvée: HKLM\Software\Classes\Interface\{E6E1D9F5-DC91-458F-89B8-FACFBD132A91}
    Clé trouvée: HKLM\Software\Classes\TypeLib\{11109EB1-7D52-4512-88AD-9D837AEED46F}
    Clé trouvée: HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
    Clé trouvée: HKLM\Software\Classes\TypeLib\{DD68F52E-1436-4C5C-8191-A1FA6AE566D4}
    Clé trouvée: HKLM\Software\Classes\TypeLib\{ED846B6D-C294-4DFF-9AF6-44BDA49C0ED1}
    Clé trouvée: HKLM\Software\Application Updater
    Clé trouvée: HKLM\Software\Dealio
    Clé trouvée: HKLM\Software\freeCompressor
    Clé trouvée: HKLM\Software\GamesBarSetup
    Clé trouvée: HKLM\Software\Search Settings
    Clé trouvée: HKCU\Software\freeCompressor
    Clé trouvée: HKCU\Software\Spointer
    Clé trouvée: HKCU\Software\AppDataLow\Software\Dealio
    Clé trouvée: HKCU\Software\AppDataLow\Software\Search Settings
    Clé trouvée: HKU\.DEFAULT\Software\Spointer
    Clé trouvée: HKU\S-1-5-18\Software\Spointer
    Clé trouvée: HKLM\Software\Classes\Installer\Products\59B0DDD9E3F1E354F921AEBCD06D6BFC
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\59B0DDD9E3F1E354F921AEBCD06D6BFC
    Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b13e6377-ec0a-4c07-ac89-dcd48b57203d}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5F05C28D-DEA9-4AD6-A73A-064175988EAB}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{9DDD0B95-1F3E-453E-9F12-EACB0DD6B6CF}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C878CD69-85DB-426B-81A3-E71175AAEB91}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9DDD0B95-1F3E-453E-9F12-EACB0DD6B6CF}

    Valeur trouvée: HKLM\Software\Mozilla\Firefox\Extensions|freecompressor@spointer.com
    Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings
    Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
    Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}


    ============== SCAN ADDITIONNEL ==============

    **** Internet Explorer Version [9.0.8080.16413] ****

    HKCU_Main|Default_Page_URL - hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=1&o=vp32&d=1006&m=aspire_x3200
    HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKCU_Main|Start Page - hxxp://www.google.com/
    HKLM_Main|Default_Page_URL - hxxp://fr.fr.acer.yahoo.com
    HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Start Page - hxxp://fr.fr.acer.yahoo.com
    HKCU_URLSearchHooks|{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - "Dealio Toolbar" (C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll)
    HKCU_SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} - "Google Desktop" (hxxp://127.0.0.1:4664/search&s=3NjQCGAbRt33gftix1SohZIhP7E?q={searchTerms})
    HKCU_Toolbar\ShellBrowser|{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} (C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll)
    HKLM_Toolbar|{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} (C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll)
    HKLM_Toolbar|{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} (c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll)
    HKLM_Toolbar|{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll)
    HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} ("C:\Program Files\Microsoft\BingBar\BingExt.dll") (x)
    HKLM_ElevationPolicy\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\WidgiHelper.exe (Spigot, Inc.)
    HKLM_ElevationPolicy\{1239CC52-59EF-4DFA-8C61-90FFA846DF7F} - C:\Program Files\Musicnotes\Player\musnotes.exe (Musicnotes, Inc.)
    HKLM_ElevationPolicy\{1239CC52-59EF-4DFA-8C61-90FFA846DF80}} - C:\Program Files\Musicnotes\GuitarGuru\mnguitar.exe (Musicnotes, Inc.)
    HKLM_ElevationPolicy\{1FCCD250-A453-4348-86C1-E5EA9B76FADB} - C:\Program Files\McAfee\VirusScan\mcvsmap.exe (McAfee, Inc.)
    HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
    HKLM_ElevationPolicy\{74351F14-5437-4d87-805B-04D409B09976} - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files\Common Files\Oberon Media\OberonBroker\1.0.0.63\OberonBroker.exe (?)
    HKLM_ElevationPolicy\{A8F94DF3-F6C6-422a-8BFC-7EE0F60A8609} - C:\Program Files\McAfee\VirusScan\mcvsshld.exe (McAfee, Inc.)
    HKLM_ElevationPolicy\{aa851425-0109-43f3-9ed2-7b7090125861} - C:\Program Files\Microsoft\BingBar\BingBar.exe (Microsoft Corporation.)
    HKLM_ElevationPolicy\{b13e6377-ec0a-4c07-ac89-dcd48b57203d} - C:\Program Files\FreeCompressor\spointer\freecompressor_air.exe (Freecompressor)
    HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.)
    HKLM_ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC5F} - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (?)
    BHO\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - "Dealio Toolbar" (C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll)
    BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?)
    BHO\{27B4851A-3207-45A2-B947-BE8AFE6163AB} - "McAfee Phishing Filter" (c:\progra~1\mcafee\msk\mskapbho.dll)
    BHO\{341A541E-0313-E4B7-0D8E-95E65828470D} - "?" (c:\windows\system32\tafwyfiw.dll)
    BHO\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} - "scriptproxy" (C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110515031129.dll)
    BHO\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - "ShowBarObj Class" (C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll)
    BHO\{a83c3565-302c-4bf8-b000-6b6f1811d892} - "Interest recogniser for Freecompressor (powered by Spointer)" (C:\Program Files\FreeCompressor\spointer\extensions\freecompressor_air_ie.dll)
    BHO\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} - "McAfee SiteAdvisor BHO" (c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll)
    BHO\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "Bing Bar Helper" ("C:\Program Files\Microsoft\BingBar\BingExt.dll") (x)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

    C:\Ad-Report-SCAN[1].txt - 25/05/2011 14:14:07 (9546 Octet(s))

    Fin à: 14:16:26, 25/05/2011

    ============== E.O.F ==============
    voila le rapport all remover
    25 Mai 2011 16:37:50

    avec malwarebytes:
    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Version de la base de données: 6674

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8080.16413

    25/05/2011 16:34:52
    mbam-log-2011-05-25 (16-34-52).txt

    Type d'examen: Examen rapide
    Elément(s) analysé(s): 159550
    Temps écoulé: 9 minute(s), 29 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\OO1310T0QS (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OO1310T0QS (Trojan.FakeAlert.SA) -> Value: OO1310T0QS -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    25 Mai 2011 16:47:06



    Antivirus

    Version

    Dernière mise à jour

    Résultat



    AhnLab-V3

    2011.05.25.01

    2011.05.25

    -



    AntiVir

    7.11.8.135

    2011.05.25

    -



    Antiy-AVL

    2.0.3.7

    2011.05.25

    -



    Avast

    4.8.1351.0

    2011.05.25

    -



    Avast5

    5.0.677.0

    2011.05.25

    -



    AVG

    10.0.0.1190

    2011.05.25

    -



    BitDefender

    7.2

    2011.05.25

    -



    CAT-QuickHeal

    11.00

    2011.05.25

    -



    ClamAV

    0.97.0.0

    2011.05.25

    -



    Commtouch

    5.3.2.6

    2011.05.25

    -



    Comodo

    8829

    2011.05.25

    -



    DrWeb

    5.0.2.03300

    2011.05.25

    -



    Emsisoft

    5.1.0.5

    2011.05.25

    -



    eSafe

    7.0.17.0

    2011.05.24

    -



    eTrust-Vet

    36.1.8347

    2011.05.25

    -



    F-Prot

    4.6.2.117

    2011.05.24

    -



    F-Secure

    9.0.16440.0

    2011.05.25

    -



    Fortinet

    4.2.257.0

    2011.05.25

    -



    GData

    22

    2011.05.25

    -



    Ikarus

    T3.1.1.104.0

    2011.05.25

    -



    Jiangmin

    13.0.900

    2011.05.25

    -



    K7AntiVirus

    9.103.4713

    2011.05.24

    -



    Kaspersky

    9.0.0.837

    2011.05.25

    -



    McAfee

    5.400.0.1158

    2011.05.25

    -



    McAfee-GW-Edition

    2010.1D

    2011.05.25

    -



    Microsoft

    1.6903

    2011.05.25

    -



    NOD32

    6151

    2011.05.25

    -



    Norman

    6.07.07

    2011.05.25

    -



    nProtect

    2011-05-25.03

    2011.05.25

    -



    Panda

    10.0.3.5

    2011.05.25

    -



    PCTools

    7.0.3.5

    2011.05.19

    -



    Prevx

    3.0

    2011.05.25

    -



    Rising

    23.59.02.05

    2011.05.25

    -



    Sophos

    4.65.0

    2011.05.25

    -



    SUPERAntiSpyware

    4.40.0.1006

    2011.05.25

    -



    Symantec

    20111.1.0.186

    2011.05.25

    -



    TheHacker

    6.7.0.1.207

    2011.05.25

    -



    TrendMicro

    9.200.0.1012

    2011.05.25

    -



    TrendMicro-HouseCall

    9.200.0.1012

    2011.05.25

    -



    VBA32

    3.12.16.0

    2011.05.25

    -



    VIPRE

    9384

    2011.05.25

    -



    ViRobot

    2011.5.25.4478

    2011.05.25

    -



    VirusBuster

    13.6.370.1

    2011.05.24

    -





    Informations complémentaires

    Afficher tous



    MD5 : 4026fd6e3139187bc7dde672927daa33



    SHA1 : 03cc77b78a98d192a9389e141441f3be932788d6



    SHA256: c7d4b44bd6f7eb9f6a2b51645b99fcd6f8365f52fb45592be3d6573085b1ec54









































    VT Communauté






    Ce fichier n'a jamais été examiné par un membre de la Communauté VT. Soyez le premier à commenter!
    VirusTotal équipe
    a b 8 Sécurité
    25 Mai 2011 17:25:38

    Re, y a certaines manip' que tu n'as pas faites correctement :) 

    Donc :

    -> Relance Ad-Remover et choisis l'option Nettoyage ! (et non analyse)

    -> Refais un scan OTL et poste-moi le rapport s'il te plaît :) 
    25 Mai 2011 17:32:31


    AhnLab-V3

    2011.05.25.01

    2011.05.25
    AntiVir

    7.11.8.135

    2011.05.25
    Antiy-AVL

    2.0.3.7

    2011.05.25
    Avast

    4.8.1351.0

    2011.05.25
    Avast5

    5.0.677.0

    2011.05.25
    AVG

    10.0.0.1190

    2011.05.25
    BitDefender

    7.2

    2011.05.25
    CAT-QuickHeal

    11.00

    2011.05.25
    ClamAV

    0.97.0.0

    2011.05.25
    Commtouch

    5.3.2.6

    2011.05.25
    Comodo

    8829

    2011.05.25
    DrWeb

    5.0.2.03300

    2011.05.25
    eSafe

    7.0.17.0

    2011.05.24
    eTrust-Vet

    36.1.8347

    2011.05.25
    F-Prot

    4.6.2.117

    2011.05.24
    F-Secure

    9.0.16440.0

    2011.05.25
    Fortinet

    4.2.257.0

    2011.05.25
    GData

    22

    2011.05.25
    Ikarus

    T3.1.1.104.0

    2011.05.25
    Jiangmin

    13.0.900

    2011.05.25
    K7AntiVirus

    9.103.4713

    2011.05.24
    Kaspersky

    9.0.0.837

    2011.05.25
    McAfee

    5.400.0.1158

    2011.05.25
    McAfee-GW-Edition

    2010.1D

    2011.05.25
    Microsoft

    1.6903

    2011.05.25
    NOD32

    6151

    2011.05.25
    Norman

    6.07.07

    2011.05.25
    nProtect
    2011-05-25.03 2011.05.25
    Panda
    10.0.3.5 2011.05.25
    PCTools
    7.0.3.5 2011.05.19
    Prevx
    3.0 2011.05.25
    Rising
    23.59.02.05 2011.05.25
    Sophos
    4.65.0 2011.05.25
    SUPERAntiSpyware
    4.40.0.1006 2011.05.25
    Symantec
    20111.1.0.186 2011.05.25
    TheHacker
    6.7.0.1.207 2011.05.25
    TrendMicro
    9.200.0.1012 2011.05.25
    TrendMicro-HouseCall
    9.200.0.1012 2011.05.25
    VBA32
    3.12.16.0 2011.05.25
    VIPRE
    9384 2011.05.25
    ViRobot
    2011.5.25.4478 2011.05.25
    VirusBuster
    13.6.370.1 2011.05.24

    Informations complémentaires

    Afficher tous

    MD5 : 8b138ed363128bff2c2e1e7fea9793b4

    SHA1 : a1070566438d9dc25ee031be9b42d96a197df7c8

    SHA256: 4146ba434249edf36f06f39178fc82da6137b3d5ff58d3f3ba9281d188380bdb

    VT Communauté
    a b 8 Sécurité
    25 Mai 2011 18:20:15

    Yop,

    Nos messages se sont peut-être croisés, si c'est le cas :

    Citation :
    Re, y a certaines manip' que tu n'as pas faites correctement :) 

    Donc :

    -> Relance Ad-Remover et choisis l'option Nettoyage ! (et non analyse)

    -> Refais un scan OTL et poste-moi le rapport s'il te plaît :) 


    ;) 
    26 Mai 2011 02:09:15

    ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 12/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (CLEAN [2]) -> Lancé à 01:57:08 le 26/05/2011, Mode normal

    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86)
    philippe@PC-DE-PHILIPPE (Acer Aspire X3200)

    ============== ACTION(S) ==============



    (!) -- Fichiers temporaires supprimés.




    ============== SCAN ADDITIONNEL ==============

    **** Internet Explorer Version [9.0.8080.16413] ****

    HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
    HKCU_Main|Start Page - hxxp://fr.msn.com/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
    HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Start Page - hxxp://fr.msn.com/
    HKCU_SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} - "Google Desktop" (hxxp://127.0.0.1:4664/search&s=3NjQCGAbRt33gftix1SohZIhP7E?q={searchTerms})
    HKCU_Toolbar\ShellBrowser|{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} (C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll)
    HKLM_Toolbar|{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} (C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll)
    HKLM_Toolbar|{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} (c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll)
    HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} ("C:\Program Files\Microsoft\BingBar\BingExt.dll") (x)
    HKLM_ElevationPolicy\{1239CC52-59EF-4DFA-8C61-90FFA846DF7F} - C:\Program Files\Musicnotes\Player\musnotes.exe (Musicnotes, Inc.)
    HKLM_ElevationPolicy\{1239CC52-59EF-4DFA-8C61-90FFA846DF80}} - C:\Program Files\Musicnotes\GuitarGuru\mnguitar.exe (Musicnotes, Inc.)
    HKLM_ElevationPolicy\{1FCCD250-A453-4348-86C1-E5EA9B76FADB} - C:\Program Files\McAfee\VirusScan\mcvsmap.exe (McAfee, Inc.)
    HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
    HKLM_ElevationPolicy\{74351F14-5437-4d87-805B-04D409B09976} - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files\Common Files\Oberon Media\OberonBroker\1.0.0.63\OberonBroker.exe (?)
    HKLM_ElevationPolicy\{A8F94DF3-F6C6-422a-8BFC-7EE0F60A8609} - C:\Program Files\McAfee\VirusScan\mcvsshld.exe (McAfee, Inc.)
    HKLM_ElevationPolicy\{aa851425-0109-43f3-9ed2-7b7090125861} - C:\Program Files\Microsoft\BingBar\BingBar.exe (Microsoft Corporation.)
    HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.)
    HKLM_ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC5F} - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (?)
    BHO\{27B4851A-3207-45A2-B947-BE8AFE6163AB} - "McAfee Phishing Filter" (c:\progra~1\mcafee\msk\mskapbho.dll)
    BHO\{341A541E-0313-E4B7-0D8E-95E65828470D} - "?" (c:\windows\system32\tafwyfiw.dll) (x)
    BHO\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} - "scriptproxy" (C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110515031129.dll)
    BHO\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - "ShowBarObj Class" (C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll)
    BHO\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} - "McAfee SiteAdvisor BHO" (c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll)
    BHO\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "Bing Bar Helper" ("C:\Program Files\Microsoft\BingBar\BingExt.dll") (x)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 68 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 17 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 26/05/2011 01:44:38 (7802 Octet(s))
    C:\Ad-Report-CLEAN[2].txt - 26/05/2011 01:57:13 (4146 Octet(s))
    C:\Ad-Report-SCAN[1].txt - 25/05/2011 14:14:07 (9684 Octet(s))

    Fin à: 01:58:24, 26/05/2011

    ============== E.O.F ==============
    OTL logfile created on: 26/05/2011 02:01:23 - Run 2
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\philippe\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8080.16413)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
    6,00 Gb Paging File | 4,00 Gb Available in Paging File | 73,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 139,15 Gb Total Space | 26,57 Gb Free Space | 19,09% Space Free | Partition Type: NTFS
    Drive F: | 142,94 Gb Total Space | 84,06 Gb Free Space | 58,81% Space Free | Partition Type: NTFS

    Computer Name: PC-DE-PHILIPPE | User Name: philippe | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/05/21 11:00:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
    PRC - [2011/05/19 21:43:20 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    PRC - [2011/05/10 09:38:19 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe
    PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2011/03/09 14:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/07/23 18:52:06 | 000,206,112 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    PRC - [2008/04/25 13:31:40 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
    PRC - [2008/04/25 13:31:24 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
    PRC - [2008/04/25 13:30:26 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    PRC - [2008/03/04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    PRC - [2008/03/04 23:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    PRC - [2008/01/29 12:25:10 | 000,598,016 | ---- | M] () -- C:\Program Files\bin32\nSvcAppFlt.exe
    PRC - [2008/01/29 12:24:46 | 000,163,840 | ---- | M] () -- C:\Program Files\bin32\nSvcIp.exe
    PRC - [2006/11/13 14:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/05/21 11:00:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
    MOD - [2010/08/31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    MOD - [2008/07/23 18:52:10 | 000,012,576 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\saHook.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (ouvhtwgy)
    SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
    SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
    SRV - [2011/03/09 14:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/10/07 22:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2008/07/23 18:52:06 | 000,206,112 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2008/04/25 13:30:26 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
    SRV - [2008/03/04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
    SRV - [2008/01/29 12:25:10 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Program Files\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
    SRV - [2008/01/29 12:24:46 | 000,163,840 | ---- | M] () [Auto | Running] -- C:\Program Files\bin32\nSvcIp.exe -- (nSvcIp)
    SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV - [2006/11/13 14:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe -- (MgiSvr)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2011/04/14 14:01:38 | 000,165,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
    DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2011/04/14 14:01:38 | 000,064,584 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
    DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
    DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2011/03/03 14:19:39 | 000,864,384 | ---- | M] (ITE Technologies ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF9035HB.sys -- (AF9035HB)
    DRV - [2009/09/08 10:40:14 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)
    DRV - [2009/04/30 23:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
    DRV - [2008/09/29 18:12:04 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
    DRV - [2008/04/22 02:49:00 | 007,451,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2008/04/22 02:49:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2008/01/29 07:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2008/01/25 14:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
    DRV - [2007/10/12 10:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2007/09/25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
    DRV - [2007/06/29 16:32:08 | 000,611,584 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
    DRV - [2006/12/07 15:55:40 | 000,017,024 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftVirtualCapture.sys -- (ARCSOFTVIRTUALCAPTURE)
    DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
    DRV - [2005/01/31 10:20:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
    DRV - [2005/01/31 10:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

    ========== FireFox ==========


    FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/03 02:04:49 | 000,000,000 | ---D | M]

    [2010/08/06 14:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe\AppData\Roaming\mozilla\Extensions
    [2010/08/06 14:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
    [2010/07/15 19:20:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe\AppData\Roaming\mozilla\Extensions\MediaCoder
    [2010/07/14 08:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe\AppData\Roaming\mozilla\Extensions\MediaCoder-MCEX

    Hosts file not found
    O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll ()
    O2 - BHO: () - {341A541E-0313-E4B7-0D8E-95E65828470D} - File not found
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110515031129.dll (McAfee, Inc.)
    O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)
    O4 - HKLM..\Run: [EmpoweringTechnology] File not found
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
    O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\philippe\Pictures\voyage de noce\guadeloupe\guadeloupe\DSCF1191.JPG
    O24 - Desktop BackupWallPaper: C:\Users\philippe\Pictures\voyage de noce\guadeloupe\guadeloupe\DSCF1191.JPG
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{70d092e9-b928-11de-9a0f-001d72b264bd}\Shell - "" = AutoRun
    O33 - MountPoints2\{70d092e9-b928-11de-9a0f-001d72b264bd}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
    O33 - MountPoints2\{9e067bf7-3d6d-11de-8d6c-001d72b264bd}\Shell - "" = AutoRun
    O33 - MountPoints2\{9e067bf7-3d6d-11de-8d6c-001d72b264bd}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: fastuserswitchingcompatibility - File not found
    NetSvcs: ias - File not found
    NetSvcs: nla - File not found
    NetSvcs: ntmssvc - File not found
    NetSvcs: nwcworkstation - File not found
    NetSvcs: nwsapagent - File not found
    NetSvcs: srservice - File not found
    NetSvcs: wmdmpmsp - File not found
    NetSvcs: ouvhtwgy - File not found
    NetSvcs: logonhours - File not found
    NetSvcs: pcaudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    [CREATERESTOREPOINT]
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/26 01:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2011/05/25 17:38:48 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{D1580BC6-9097-4F06-B3BA-96B04C8C1576}
    [2011/05/25 16:18:16 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Roaming\Malwarebytes
    [2011/05/25 16:18:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/05/25 16:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/05/25 16:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/05/25 16:18:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/05/25 16:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/05/25 15:57:52 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{F7F65056-47F4-4EB6-853F-1302483D859A}
    [2011/05/25 14:20:50 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/05/25 14:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
    [2011/05/25 09:17:34 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{45A3AEC0-8270-4228-BCB3-692EB97631E4}
    [2011/05/24 09:34:16 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{2E3E7802-01DC-410E-BCF6-48E96490AC07}
    [2011/05/23 10:12:03 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{2D96F98F-36F8-4F45-8DE4-59B36C2D87FD}
    [2011/05/22 11:35:25 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{AA9648D8-C33D-4320-859B-5FFE6F5861F8}
    [2011/05/22 11:29:57 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{33FFDF43-8455-46CC-8A99-13BD47E0C497}
    [2011/05/21 11:00:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
    [2011/05/21 10:58:02 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{15E587AC-9B11-4BD2-9E18-430105445A64}
    [2011/05/20 16:33:04 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{4022702F-652C-4143-B756-72D3CF208649}
    [2011/05/20 15:03:53 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{F3FEA8F1-0795-48E8-9F54-36B592E7255F}
    [2011/05/19 23:34:09 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2011/05/18 10:21:44 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{DC64B650-7AD5-4940-908F-90067B28DC03}
    [2011/05/15 12:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2011/05/15 09:16:47 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{09FFEFD3-EA6E-452F-BF5A-89506ED6AB3F}
    [2011/05/14 11:37:04 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{9B8F0C3B-1BE0-4DD9-9468-84D4BD0FC591}
    [2011/05/10 09:38:12 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{248325FA-D235-469D-B0D3-648FF63C16D1}
    [2011/04/30 03:55:47 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{B4DA6ABC-A04E-4292-BB13-6BC8715676F7}
    [2011/04/29 15:55:18 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{9BF4B707-EACC-4C0F-A78F-C73C3BF3F43C}
    [2011/04/27 11:07:30 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
    [2011/04/27 11:07:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
    [2011/04/27 11:07:26 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
    [2008/10/05 11:33:00 | 002,741,248 | ---- | C] (Antonio Da Cruz) -- C:\Program Files\PhotoFiltre.exe
    [2008/07/22 10:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/05/26 02:01:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/05/26 01:51:48 | 000,678,804 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
    [2011/05/26 01:51:48 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/05/26 01:51:48 | 000,126,420 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
    [2011/05/26 01:51:48 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/05/26 01:47:30 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
    [2011/05/26 01:47:16 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/05/26 01:47:16 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/05/26 01:47:15 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/05/26 01:47:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/05/25 16:18:09 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/25 14:12:38 | 000,001,680 | ---- | M] () -- C:\Users\philippe\Desktop\AD-R.lnk
    [2011/05/25 11:17:06 | 000,014,406 | ---- | M] () -- C:\Users\philippe\Desktop\texte montage.odt
    [2011/05/23 16:50:09 | 000,013,062 | ---- | M] () -- C:\Users\philippe\Desktop\je veux.odt
    [2011/05/23 16:44:20 | 004,179,008 | ---- | M] () -- C:\Users\philippe\Desktop\Jean-Louis_Aubert_Demain_sera_parfait_(Instrumental)_93094 (1).mp3
    [2011/05/21 11:00:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
    [2011/05/21 11:00:44 | 000,094,208 | ---- | M] () -- C:\Users\philippe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/20 14:34:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
    [2011/05/19 23:34:00 | 307,961,004 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/05/17 16:25:37 | 001,708,730 | ---- | M] () -- C:\Users\philippe\Desktop\marie madeleine phil-said.mp3
    [2011/05/15 19:15:55 | 002,596,379 | ---- | M] () -- C:\Users\philippe\Documents\celineadrien.odp
    [2011/05/15 12:40:16 | 000,005,033 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2
    [2011/05/15 12:37:44 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2011/05/12 13:32:54 | 005,425,215 | ---- | M] () -- C:\Users\philippe\Documents\Catalogue FC IFEN 2012.pdf
    [2011/05/12 13:31:16 | 000,064,441 | ---- | M] () -- C:\Users\philippe\Documents\BT276.pdf
    [2011/05/07 13:19:07 | 000,000,196 | ---- | M] () -- C:\Users\philippe\Desktop\Messenger.url
    [2011/05/07 06:21:31 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
    [2011/05/06 11:49:14 | 000,266,833 | ---- | M] () -- C:\Users\philippe\Documents\CV THIBAULT.pdf
    [2011/05/03 16:32:48 | 000,385,493 | ---- | M] () -- C:\Users\philippe\Documents\dictons_cons.pdf

    ========== Files Created - No Company Name ==========

    [2011/05/25 16:18:09 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/25 14:12:38 | 000,001,680 | ---- | C] () -- C:\Users\philippe\Desktop\AD-R.lnk
    [2011/05/25 11:35:38 | 000,014,406 | ---- | C] () -- C:\Users\philippe\Desktop\texte montage.odt
    [2011/05/23 16:45:31 | 004,179,008 | ---- | C] () -- C:\Users\philippe\Desktop\Jean-Louis_Aubert_Demain_sera_parfait_(Instrumental)_93094 (1).mp3
    [2011/05/23 16:45:25 | 000,013,062 | ---- | C] () -- C:\Users\philippe\Desktop\je veux.odt
    [2011/05/19 23:48:09 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
    [2011/05/19 23:34:00 | 307,961,004 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/05/17 16:25:22 | 001,708,730 | ---- | C] () -- C:\Users\philippe\Desktop\marie madeleine phil-said.mp3
    [2011/05/15 19:15:49 | 002,596,379 | ---- | C] () -- C:\Users\philippe\Documents\celineadrien.odp
    [2011/05/15 12:37:44 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2011/05/12 13:32:53 | 005,425,215 | ---- | C] () -- C:\Users\philippe\Documents\Catalogue FC IFEN 2012.pdf
    [2011/05/12 13:31:16 | 000,064,441 | ---- | C] () -- C:\Users\philippe\Documents\BT276.pdf
    [2011/05/06 11:49:13 | 000,266,833 | ---- | C] () -- C:\Users\philippe\Documents\CV THIBAULT.pdf
    [2011/05/03 16:32:48 | 000,385,493 | ---- | C] () -- C:\Users\philippe\Documents\dictons_cons.pdf
    [2010/10/15 18:55:02 | 000,000,680 | ---- | C] () -- C:\Users\philippe\AppData\Local\d3d9caps.dat
    [2010/09/03 18:50:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/07/08 17:37:56 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
    [2010/07/08 17:37:48 | 000,094,208 | ---- | C] () -- C:\Users\philippe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/07/08 17:16:28 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.INI
    [2010/05/14 17:08:23 | 000,001,000 | ---- | C] () -- C:\Windows\posteriza.INI
    [2010/05/10 11:06:35 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
    [2010/04/30 16:41:37 | 000,031,007 | ---- | C] () -- C:\Users\philippe\AppData\Roaming\UserTile.png
    [2010/04/14 16:26:37 | 002,322,096 | ---- | C] () -- C:\Windows\System32\Incinerator.dll
    [2010/04/14 16:26:37 | 000,030,208 | ---- | C] () -- C:\Windows\System32\iolobtdfg.exe
    [2010/04/14 16:26:37 | 000,012,288 | ---- | C] () -- C:\Windows\System32\smrgdf.exe
    [2010/04/14 16:23:55 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
    [2009/12/31 12:10:23 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll
    [2009/12/02 13:45:19 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
    [2009/12/01 20:31:43 | 000,000,118 | ---- | C] () -- C:\Users\philippe\AppData\Roaming\wklnhst.dat
    [2009/10/20 16:41:34 | 000,081,920 | ---- | C] () -- C:\Windows\bwUnin-6.1.4.68-8876480L.exe
    [2009/10/02 19:06:45 | 000,000,056 | ---- | C] () -- C:\Windows\iltwain.ini
    [2009/09/25 15:33:08 | 000,000,000 | ---- | C] () -- C:\Windows\ka.ini
    [2009/08/07 23:23:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/07 23:23:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/07/18 16:52:06 | 000,001,972 | ---- | C] () -- C:\Windows\Media4Ut.ini
    [2009/06/05 15:37:11 | 000,000,040 | ---- | C] () -- C:\Windows\NAVIGMA.INI
    [2009/06/02 18:08:36 | 000,000,571 | ---- | C] () -- C:\Windows\eReg.dat
    [2009/05/26 17:04:22 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
    [2009/05/26 17:03:28 | 000,000,073 | ---- | C] () -- C:\Windows\magix.ini
    [2009/05/19 16:42:44 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI
    [2009/05/19 16:24:17 | 000,000,032 | ---- | C] () -- C:\Windows\CDMKR32.INI
    [2009/05/17 18:18:13 | 000,000,050 | ---- | C] () -- C:\Windows\Sierra.ini
    [2009/05/08 17:28:21 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2009/05/08 17:28:21 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2009/05/08 17:28:16 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2009/05/08 17:28:16 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009/05/08 17:28:14 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009/04/30 23:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
    [2009/04/10 08:57:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2009/04/09 23:30:27 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2009/04/09 23:30:26 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
    [2009/04/09 23:30:26 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
    [2009/04/09 23:30:26 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
    [2009/04/09 23:30:26 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
    [2009/04/09 23:30:26 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
    [2009/04/09 23:30:26 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
    [2009/04/09 23:30:26 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
    [2009/04/09 23:30:26 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
    [2009/04/09 23:30:26 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
    [2009/04/09 23:30:26 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
    [2009/04/09 23:30:26 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
    [2009/04/09 23:30:26 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
    [2009/04/09 23:30:26 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
    [2009/04/09 23:30:26 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
    [2009/04/09 23:30:26 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
    [2009/04/09 23:30:26 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
    [2009/04/09 23:30:26 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
    [2009/04/09 23:30:26 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
    [2009/04/09 23:18:18 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4000EFDG.ini
    [2008/05/09 04:32:23 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
    [2008/05/09 04:32:23 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
    [2008/05/09 03:53:15 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
    [2008/05/09 03:43:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
    [2008/05/09 03:43:57 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
    [2008/05/09 03:32:41 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2008/01/21 10:40:50 | 000,678,804 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
    [2008/01/21 10:40:50 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
    [2008/01/21 10:40:50 | 000,126,420 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
    [2008/01/21 10:40:50 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
    [2008/01/21 04:23:50 | 000,151,296 | ---- | C] () -- C:\Windows\System32\ztbbpbpj.dat
    [2008/01/21 04:23:50 | 000,135,936 | ---- | C] () -- C:\Windows\System32\ofeppxyi.dat
    [2008/01/21 04:23:50 | 000,034,560 | ---- | C] () -- C:\Windows\System32\amformoe.dat
    [2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 14:47:37 | 000,376,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/10/11 00:32:18 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
    [2006/10/11 00:32:18 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
    [2005/08/29 10:43:34 | 000,008,073 | ---- | C] () -- C:\Program Files\PhotoMasque.htm
    [2005/08/18 10:21:52 | 000,033,369 | ---- | C] () -- C:\Program Files\PhotoFiltre.htm
    [2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
    [2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
    [2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
    [2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
    [1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
    [1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

    ========== Custom Scans ==========


    < :o TL >

    < SRV - [2011/05/19 17:34:19 | 000,033,280 | ---- | M] (Yhkgmurv Software) [Auto | Start_Pending] -- C:\Windows\TEMP\egio\setup.exe -- (AMService) >
    Invalid Switch: 19 17:34:19 | 000,033,280 | ---- | M] (Yhkgmurv Software) [Auto | Start_Pending] -- C:\Windows\TEMP\egio\setup.exe -- (AMService)


    < SRV - [2011/05/19 15:34:26 | 000,795,648 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\tafwyfiw.dll -- (ouvhtwgy) >
    Invalid Switch: 19 15:34:26 | 000,795,648 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\tafwyfiw.dll -- (ouvhtwgy)


    < SRV - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater) >
    Invalid Switch: 28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)


    < IE - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.) >

    < O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.) >

    < O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. >

    < O2 - BHO: () - {341A541E-0313-E4B7-0D8E-95E65828470D} - C:\Windows\System32\tafwyfiw.dll () >

    < O2 - BHO: (Interest recogniser for Freecompressor (powered by Spointer)) - {a83c3565-302c-4bf8-b000-6b6f1811d892} - C:\Program Files\FreeCompressor\spointer\extensions\freecompressor_air_ie.dll (Freecompressor) >

    < O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.) >

    < O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) >

    < O4 - HKU\.DEFAULT..\Run: [Metropolis] C:\Windows\TEMP\sshnas21.dll (Simon Tatham) >

    < O4 - HKU\.DEFAULT..\Run: [SNJQ66R8MU] C:\Windows\Temp\Rx1.exe () >

    < O4 - HKU\S-1-5-18..\Run: [Metropolis] C:\Windows\TEMP\sshnas21.dll (Simon Tatham) >

    < O4 - HKU\S-1-5-18..\Run: [SNJQ66R8MU] C:\Windows\Temp\Rx1.exe () >

    < O4 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.) >

    < O4 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000..\Run: [Lpizokesiko] C:\Users\philippe\AppData\Local\ncoral.dll (Acronis) >

    < O20 - Winlogon\Notify\uximert: DllName - C:\Windows\system32\config\systemprofile\AppData\Local\uximert.dll - C:\Windows\System32\config\systemprofile\AppData\Local\uximert.dll () >

    < [2010/05/13 03:06:57 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI >
    Invalid Switch: 13 03:06:57 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI


    < @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:D A3C6C07 >

    < @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:700CD00E >

    < @Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:8AB6C1D7 >

    < @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:204BEE0F >

    < @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:EB603FE4 >

    < @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:F50F1555 >

    < @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:793F316E >

    < @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:FC420CE6 >

    < @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C95B63DA >

    < @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:131C0EE9 >

    < @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:567AC0A6 >

    < @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:18AE7C5A >

    < @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:87FA5E8A >

    < @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E1982A23 >

    < @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:37CE0F2E >

    < @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:580E04D8 >

    < @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:30376ACC >

    < @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:FF818E2B >

    < @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5D10517E >

    < @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:8173A019 >

    < >

    < :Files >

    < C:\Windows\System32\tafwyfiw.dll >

    < C:\Users\philippe\AppData\Roaming\.# >

    < C:\Windows\Temp\Rx2.exe >

    < C:\Windows\Temp\Rx0.exe >

    < C:\Program Files\Common Files\Spigot >

    < C:\Program Files\Application Updater >

    < C:\Windows\Temp\egio\setup.exe >

    < >

    < :Commands >

    < [purity] >

    < [emptytemp] >

    < [emptyflash] >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 809 bytes -> C:\Users\philippe\Documents\Cédric Charbonnier.eml:o ECustomProperty

    < End of report >
    la il y a les 2 rapports Ad-remover et OTL
    a b 8 Sécurité
    26 Mai 2011 20:58:20

    Yop,

    Oula, les rapports sont tout mélangés dans ton post !

    Peux-tu s'il te plaît dans un premier temps copier-coller le rapport de suppression d'AD-Remover, puis dans un deuxième temps poste le rapport OTL que tu viens de faire. Par contre, pour le rapport OTL, pense bien à cela :

    Pour les rapports, qui ont tendance à être trop longs pour le forum, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.

    ;) 
    a b 8 Sécurité
    30 Mai 2011 15:29:54

    Yop,

    Comment se comporte le PC ? Du mieux ? Toujours des pubs intempestives ?
    1 Juin 2011 09:09:09

    guigui0001 a dit :
    Yop,

    Comment se comporte le PC ? Du mieux ? Toujours des pubs intempestives ?

    pour le moment, ca à l'ar de le faire! plus de bug, plus de fenêtre intempestive! encore une fois merci pour le dépannage! si un jour tu as besoin d'un groupe gospel c'est toutes mes compétences! merci et A+
    a b 8 Sécurité
    1 Juin 2011 13:36:19

    Re,

    Oki, bon ben on termine :

    1)

    Important : purge de la restauration du système[/#ff]


    --> Il y a toujours des virus dans tes points de restauration. Suis ce tuto pour la purger.

    N'oublie pas de créer un nouveau point de restauration une fois l'opération effectuée (en appuyant sur le bouton créer)

    2)

    [#0033ff]
    Prévention



    Les menaces diverses sur Internet étant de plus en plus nombreuses, je te conseille vivement de consulter ces liens, afin de mieux te protéger sur le Net :



    Les dangers du P2P (comme emule, limewire...) : http://forum.zebulon.fr/index.php?showtopic=85544

    Pour télécharger gratuitement et légalement, je te conseille Beezik , qui a pour avantages :

  • Une meilleure qualité de son

  • Pas de virus !

    Les dangers des cracks, des keygens : http://forum.malekal.com/danger-des-cracks-t893.html

    Rappels sur les OS piratés : http://redirectingat.com/?id=1402X522807&xs=1&url=http%...

    ********************************

    Logiciels de sécurité conseillés :

    Anti-virus : Avast 6.0

    Pour scanner tes fichiers : MBAM

    ********************************

    Attention, contrairement aux idées reçues :

  • Ne jamais avoir deux anti-virus avec la protection en temps réelle activée, c'est la meilleure façon de créer des conflits. Plusieurs anti-virus actifs peuvent s'entraver, et, au final, le PC que l'on croyait plus sécurisé devient une vraie passoire...

  • Les anti-spywares ne servent à rien !!

  • Je te conseille fortement de ne pas installer des packs de "transformation', qui donnent par exemple l'allure de Windows Vista à un Windows XP. Ce genre de programmes posent beaucoup de problèmes !!!

    Enfin, n'oublie pas que la meilleure manière de protéger ton ordinateur c'est toi !

    3)

    Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre de ton sujet :

  • Clique, dans ton premier message, sur le bouton Editer .

  • Ajoute [Résolu] devant le titre.

  • Clique ensuite sur Valider votre message.

    Sois plus vigilant(e) sur Internet ! ;) 

    A+ sur Tom's Guide :hello: 

    PS :

    Citation :
    si un jour tu as besoin d'un groupe gospel c'est toutes mes compétences!


    Tu es choriste ? Sympa :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS