Votre question

[Résolu] Intrusion dans mon PC

Tags :
  • Mot de passe
  • Sécurité
Dernière réponse : dans Sécurité et virus
4 Avril 2011 22:32:01

Salut à tous,

Voila j'ai un problème depuis dimanche après-midi, un petit rigolo s'amuse à fermer tout mes programmes et à ouvrir une boite de dialogue sur mon pc sans que je puisse rien faire...

Il me menace même de me faire griller mon pc. Même si je doute de ça..

Il s'amuse aussi à me l'éteindre c'est vraiment chiant il a même choppé mon mot de passe de msn sans le changer, pour l'instant je suis tranquille j'ai un peu de temps, mais il va revenir surement, j'ai tenté de faire une restauration du système, ça n'a pas marché, j'ai lancé des scans avec avast, rien non plus, j'ai installé un firewall inutile.

J'aimerais ne pas avoir à formater, donc voila si vous avez des conseils pour m'aider à nettoyer et à virer cette mer** de mon PC aidez moi !!

MERCI !

Autres pages sur : resolu intrusion

a c 327 8 Sécurité
4 Avril 2011 22:33:14

Bonjour,

  • Télécharge OTL (par OldTimer) sur ton Bureau.
  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.
  • Coche également les cases à côté de Recherche Lop et Recherche Purity.
  • Enfin, clique sur le bouton Analyse. Le scan ne prend pas beaucoup de temps.
  • Une fois l'analyse terminée, deux fenêtres Bloc-notes vont s'ouvrir : OTL.txt et Extras.txt. Ils se trouvent au même endroit qu'OTL.

    Pour me transmettre les rapports :
  • Clique sur ce lien : http://www.cijoint.fr/
  • Clique sur Parcourir... et cherche le fichier du rapport que tu souhaites me transmettre.
  • Clique sur Ouvrir.
  • Clique sur Cliquez ici pour déposer le fichier.
  • Un lien de cette forme, hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt, est ajouté dans la page.
  • Copie-colle ce lien dans ta réponse.
    Contenus similaires
    5 Avril 2011 22:09:20

    Bon, j'ai désinstallé les programmes que tu ma dis de désinstaller, puis fais un scan avec Malwarebytes, (que j'ai du faire en mode sans echec, étant donné que toutes les fonctions touchant à la sécurité sont bloqué par le trojan ou virus .. Je peut même plus lancer google chrome, ça se ferme automatiquement, pareil avec FF et IE9. Autre éxemple, je ne peut pas aller dans : Panneau de configuration => Paramètre et système, dès que je clique dessus ça se ferme. :( 












    Mon premier rapport :










    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Version de la base de données: 6268

    Windows 6.1.7600
    Internet Explorer 9.0.8112.16421

    04/04/2011 18:40:44
    mbam-log-2011-04-04 (18-40-44).txt

    Type d'examen: Examen rapide
    Elément(s) analysé(s): 169702
    Temps écoulé: 6 minute(s), 37 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 17
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 14
    Fichier(s) infecté(s): 17

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.CntntDic (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.CntntDisp (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.517.0 (Adware.HotBar) -> Value: ShopperReports 3.0.517.0 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790777BD76555132A093 (Malware.Trace) -> Value: SRS_IT_E8790777BD76555132A093 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    c:\Users\catherine\AppData\Roaming\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files (x86)\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files (x86)\shopperreports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files (x86)\shopperreports3\bin\3.0.517.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\shopperreports (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files (x86)\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0} (Adware.QuestBrowse) -> Quarantined and deleted successfully.
    c:\program files (x86)\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\chrome (Adware.QuestBrowse) -> Quarantined and deleted successfully.
    c:\program files (x86)\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\defaults (Adware.QuestBrowse) -> Quarantined and deleted successfully.
    c:\program files (x86)\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\defaults\preferences (Adware.QuestBrowse) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    c:\program files (x86)\shopperreports3\bin\3.0.517.0\cntntcntr.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\downloads\call of duty keygen - by willou.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
    c:\program files (x86)\shopperreports3\bin\3.0.517.0\CmndFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files (x86)\shopperreports3\bin\3.0.517.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files (x86)\shopperreports3\bin\3.0.517.0\mozillaps.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\customer support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files (x86)\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\chrome.manifest (Adware.QuestBrowse) -> Quarantined and deleted successfully.
    c:\program files (x86)\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\install.rdf (Adware.QuestBrowse) -> Quarantined and deleted successfully.
    c:\program files (x86)\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\chrome\questbrowse.jar (Adware.QuestBrowse) -> Quarantined and deleted successfully.
    c:\program files (x86)\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\defaults\preferences\prefs.js (Adware.QuestBrowse) -> Quarantined and deleted successfully.










    Voici un second rapport, après avoir effacé tout ce qu'avait détecter le premier :

    (Je suis entrain de faire l'examen complet, celui est le rapide.)








    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Version de la base de données: 6269

    Windows 6.1.7600 (Safe Mode)
    Internet Explorer 9.0.8112.16421

    05/04/2011 21:49:40
    mbam-log-2011-04-05 (21-49-40).txt

    Type d'examen: Examen rapide
    Elément(s) analysé(s): 170745
    Temps écoulé: 2 minute(s), 35 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)










    Voila le complet, je sais si ça change grand chose ..










    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Version de la base de données: 6269

    Windows 6.1.7600 (Safe Mode)
    Internet Explorer 9.0.8112.16421

    05/04/2011 22:52:14
    mbam-log-2011-04-05 (22-52-14).txt

    Type d'examen: Examen complet (C:\|D:\|)
    Elément(s) analysé(s): 391643
    Temps écoulé: 39 minute(s), 52 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    a c 327 8 Sécurité
    5 Avril 2011 23:35:46

  • Relance Malwarebytes' Anti-Malware, va dans Quarantaine et supprime tout.

  • Télécharge SystemLook sur ton Bureau.
  • Clique droit sur SystemLook.exe et choisis Exécuter en tant qu'administrateur.
  • Copie-colle le contenu du cadre ci-dessous dans la zone texte de SystemLook :

    :dir
    C:\Windows\SysWOW64\Online
    C:\Windows\SysWOW64\Updater

  • Clique sur le bouton Look pour démarrer l'examen.
  • A la fin, le Bloc-notes s'ouvre avec le résultat de l'analyse. Copie-colle le rapport dans ta prochaine réponse.
    Note : Le rapport peut aussi être trouvé sur ton Bureau sous le nom SystemLook.txt
    6 Avril 2011 06:41:09

    Impossible d'aller sur le site apparemment, je bloque les adresses IP, mais je suis obligé d'être en mode sans échec avec prise en charge réseau, si je peut pas lancer de navigateur ..

    Merci de ton aide en tout cas
    6 Avril 2011 18:05:54

    Voila la compte rendu :

    SystemLook 04.09.10 by jpshortstuff
    Log created at 18:04 on 06/04/2011 by CATHERINE
    Administrator - Elevation successful
    WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

    ========== dir ==========

    C:\Windows\SysWOW64\Online - Parameters: "(none)"

    ---Files---
    services.exe --a---- 16384 bytes [16:07 21/11/2010] [16:07 21/11/2010]

    ---Folders---
    None found.

    C:\Windows\SysWOW64\Updater - Parameters: "(none)"

    ---Files---
    None found.

    ---Folders---
    None found.

    -= EOF =-








    MERCI encore une fois !
    a c 327 8 Sécurité
    6 Avril 2011 19:59:24

  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant (entre les deux espaces) :

    :OTL
    O4 - HKLM\..\Run: [C:\Windows\SysWOW64\Online\services.exe] C:\Windows\SysWOW64\Online\services.exe ()
    O4 - HKLM\..\Run: [C:\Windows\SysWOW64\Updater\services.exe] File not found
    O4 - HKCU\..\Run: [C:\Windows\SysWOW64\Online\services.exe] C:\Windows\SysWOW64\Online\services.exe ()
    O4 - HKCU\..\Run: [C:\Windows\SysWOW64\Updater\services.exe] File not found

    :files
    C:\Windows\SysWOW64\Online
    C:\Windows\SysWOW64\Updater

    :commands
    [emptytemp]
    [zipfiles]

  • Puis clique sur le bouton Correction en haut de la fenêtre.
  • Laisse le programme travailler, redémarre une fois le fix terminé.
  • Poste le rapport qui s'affichera après redémarrage.
    6 Avril 2011 20:17:55

    OTL logfile created on: 04/04/2011 22:40:31 - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 70,00% Memory free
    16,00 Gb Paging File | 14,00 Gb Available in Paging File | 85,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 459,45 Gb Total Space | 106,13 Gb Free Space | 23,10% Space Free | Partition Type: NTFS
    Drive D: | 459,96 Gb Total Space | 311,12 Gb Free Space | 67,64% Space Free | Partition Type: NTFS
    Drive E: | 654,53 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

    Computer Name: CATHERINE-PC | User Name: CATHERINE | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Users\CATHER~1\AppData\Local\Temp\7408f9dca38b70dcd7a6b77a9f9c9534\netmnt.exe ()
    PRC - C:\Users\CATHER~1\AppData\Local\Temp\6299ce8213259a8f940262ce17da04d1\svchost.exe ()
    PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
    PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    PRC - C:\Windows\SysWOW64\Online\services.exe ()
    PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
    PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
    PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
    PRC - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
    PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
    PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
    PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
    PRC - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
    PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
    PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
    PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
    PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
    PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe (D-Link Corp.)
    PRC - C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
    PRC - C:\Windows\SysWOW64\ANIWConnService.exe ()
    PRC - C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Wireless Service)
    PRC - C:\Windows\Pixart\Pac7311\Monitor.exe (PixArt Imaging Incorporation)


    ========== Modules (SafeList) ==========

    MOD - C:\downloads\OTL.exe (OldTimer Tools)
    MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
    MOD - C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll (Check Point Software Technologies)
    MOD - C:\Windows\SysWOW64\wintrust.dll (Microsoft Corporation)
    MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation)
    MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (maconfservice) -- C:\Program Files\ma-config.com\x64\maconfservice.exe (CybelSoft)
    SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
    SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
    SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
    SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
    SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
    SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
    SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
    SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
    SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
    SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    SRV - (ANIWConnService) -- C:\Windows\SysWOW64\ANIWConnService.exe ()
    SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
    SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)
    SRV - (ANIWZCSdService) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Wireless Service)
    SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
    DRV:64bit: - (driverhardwarev2x64) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys (CybelSoft)
    DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
    DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
    DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
    DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
    DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation)
    DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
    DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
    DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
    DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
    DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
    DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
    DRV:64bit: - (rt2870) -- C:\Windows\SysNative\drivers\rt2870.sys (Ralink Technology, Corp.)
    DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
    DRV:64bit: - (PAC7311) -- C:\Windows\SysNative\drivers\PA707UCM.SYS (PixArt Imaging Inc.)
    DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspir...
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspir...
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {2d46002d-7fb3-41a9-bb48-20e005d5ae39} - File not found
    IE - HKLM\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspir...
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\URLSearchHook: {2d46002d-7fb3-41a9-bb48-20e005d5ae39} - File not found
    IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
    IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
    FF - prefs.js..browser.startup.homepage: "www.google.fr"
    FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:2.23b2
    FF - prefs.js..extensions.enabledItems: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}:2.0.2
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
    FF - prefs.js..extensions.enabledItems: {b1d89840-39fe-11db-a98b-0800200c9a66}:0.51
    FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
    FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0
    FF - prefs.js..extensions.enabledItems: {3e9a3920-1b27-11da-8cd6-0800200c9a66}:3.4.1
    FF - prefs.js..extensions.enabledItems: {038dc421-b19e-4711-a218-1fd10de9163b}:1.0.0.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
    FF - prefs.js..extensions.enabledItems: 5
    FF - prefs.js..extensions.enabledItems: 3
    FF - prefs.js..extensions.enabledItems: 1
    FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
    FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
    FF - prefs.js..extensions.enabledItems: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}:0.3.8.1
    FF - prefs.js..extensions.enabledItems: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}:1.0
    FF - prefs.js..extensions.enabledItems: ShopperReports@ShopperReports.com:3.0.517.0
    FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009
    FF - prefs.js..keyword.URL: "http://fr.search.yahoo.com/search?fr=greentree_ff1&ei=u..."
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011/04/04 22:37:36 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/22 19:48:22 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/23 09:46:44 | 000,000,000 | ---D | M]

    [2011/03/31 20:15:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CATHERINE\AppData\Roaming\mozilla\Extensions
    [2011/03/31 20:15:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CATHERINE\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
    [2011/04/04 22:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CATHERINE\AppData\Roaming\mozilla\Firefox\Profiles\b9ngnra0.default\extensions
    [2011/01/06 23:00:08 | 000,000,000 | ---D | M] (Add N Edit Cookies) -- C:\Users\CATHERINE\AppData\Roaming\mozilla\Firefox\Profiles\b9ngnra0.default\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}
    [2011/01/03 21:29:10 | 000,000,000 | ---D | M] (Charles Autoconfiguration) -- C:\Users\CATHERINE\AppData\Roaming\mozilla\Firefox\Profiles\b9ngnra0.default\extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66}
    [2011/04/04 22:37:17 | 000,000,000 | ---D | M] (ZoneAlarm Community Toolbar) -- C:\Users\CATHERINE\AppData\Roaming\mozilla\Firefox\Profiles\b9ngnra0.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
    [2010/10/14 22:57:59 | 000,000,000 | ---D | M] (JeuxVideo.Fox) -- C:\Users\CATHERINE\AppData\Roaming\mozilla\Firefox\Profiles\b9ngnra0.default\extensions\{b1d89840-39fe-11db-a98b-0800200c9a66}
    [2011/04/03 21:34:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\CATHERINE\AppData\Roaming\mozilla\Firefox\Profiles\b9ngnra0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/04/03 21:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CATHERINE\AppData\Roaming\mozilla\Firefox\Profiles\b9ngnra0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/08/18 14:38:45 | 000,000,000 | ---D | M] (Tiny Menu) -- C:\Users\CATHERINE\AppData\Roaming\mozilla\Firefox\Profiles\b9ngnra0.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
    [2011/02/06 21:01:16 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\CATHERINE\AppData\Roaming\mozilla\Firefox\Profiles\b9ngnra0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2011/02/06 21:09:19 | 000,000,000 | ---D | M] (Edit Cookies) -- C:\Users\CATHERINE\AppData\Roaming\mozilla\Firefox\Profiles\b9ngnra0.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
    [2010/11/20 12:00:29 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\CATHERINE\AppData\Roaming\mozilla\Firefox\Profiles\b9ngnra0.default\extensions\battlefieldheroespatcher@ea.com
    [2011/03/20 00:22:05 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Users\CATHERINE\AppData\Roaming\mozilla\Firefox\Profiles\b9ngnra0.default\extensions\fastdial@telega.phpnet.us
    [2011/01/16 21:30:11 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\CATHERINE\AppData\Roaming\mozilla\Firefox\Profiles\b9ngnra0.default\extensions\firefox@tvunetworks.com
    [2010/10/10 19:47:17 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Users\CATHERINE\AppData\Roaming\mozilla\Firefox\Profiles\b9ngnra0.default\extensions\nasanightlaunch@example.com
    [2011/02/11 00:05:10 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\CATHERINE\AppData\Roaming\mozilla\Firefox\Profiles\b9ngnra0.default\extensions\toolbar@ask.com
    [2011/04/04 18:40:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/12/07 16:07:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2011/02/03 22:47:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    File not found (No name found) --
    [2011/03/02 18:38:41 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
    [2011/03/02 18:38:41 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF
    () (No name found) -- C:\USERS\CATHERINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B9NGNRA0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    () (No name found) -- C:\USERS\CATHERINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B9NGNRA0.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI
    [2011/03/18 19:58:47 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
    [2011/02/03 22:47:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/01/01 10:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
    [2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
    [2010/01/01 10:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2010/01/01 10:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
    [2010/01/01 10:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
    [2010/01/01 10:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (FC Girondins de Bordeaux Toolbar) - {2d46002d-7fb3-41a9-bb48-20e005d5ae39} - File not found
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
    O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
    O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (FC Girondins de Bordeaux Toolbar) - {2d46002d-7fb3-41a9-bb48-20e005d5ae39} - File not found
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (FC Girondins de Bordeaux Toolbar) - {2D46002D-7FB3-41A9-BB48-20E005D5AE39} - File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
    O4:64bit: - HKLM..\Run: [PAC7311_Monitor] C:\Windows\Pixart\Pac7311\Monitor.exe (PixArt Imaging Incorporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
    O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
    O4 - HKLM..\Run: [C:\Windows\SysWOW64\Online\services.exe] C:\Windows\SysWOW64\Online\services.exe ()
    O4 - HKLM..\Run: [C:\Windows\SysWOW64\Updater\services.exe] File not found
    O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe (D-Link Corp.)
    O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
    O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    O4 - HKLM..\Run: [NPSStartup] File not found
    O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
    O4 - HKLM..\Run: [RDesc] File not found
    O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    O4 - HKCU..\Run: [C:\Windows\SysWOW64\Online\services.exe] C:\Windows\SysWOW64\Online\services.exe ()
    O4 - HKCU..\Run: [C:\Windows\SysWOW64\Updater\services.exe] File not found
    O4 - HKCU..\Run: [EPSON SX100 Series] File not found
    O4 - HKCU..\Run: [Google Update] File not found
    O4 - HKCU..\Run: [TomTomHOME.exe] File not found
    O4 - Startup: C:\Users\CATHERINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O4 - Startup: C:\Users\CATHERINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 149
    O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://d1ylr6sba64qi3.cloudfront.net/global/bin/srldete... (SysInfo Class)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/direc... (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-wind... (Java Plug-in 1.6.0_23)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffic... (WRC Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-wind... (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-wind... (Java Plug-in 1.6.0_23)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2001/04/18 09:23:00 | 000,000,041 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\{dd9ddb40-4fa9-11e0-8716-1caff765e040}\Shell - "" = AutoRun
    O33 - MountPoints2\{dd9ddb40-4fa9-11e0-8716-1caff765e040}\Shell\AutoRun\command - "" = L:\autorun.exe
    O33 - MountPoints2\{e30af94f-ea50-11de-8a91-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{e30af94f-ea50-11de-8a91-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2001/04/30 11:33:00 | 000,032,768 | R--- | M] ()
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1036" /heur:80 /pup /archives /IA:0 /KBD:2 /wow /dir:"C:\Program Files\Alwil Software\Avast5") - C:\Windows\SysWow64\aswBoot.exe (AVAST Software)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/04/04 22:37:39 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\Documents\ForceField Shared Files
    [2011/04/04 22:37:39 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Roaming\CheckPoint
    [2011/04/04 22:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoneAlarm
    [2011/04/04 22:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
    [2011/04/04 22:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
    [2011/04/04 22:36:52 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsregexp.dll
    [2011/04/04 22:36:50 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcommdb.dll
    [2011/04/04 22:36:50 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcomm.dll
    [2011/04/04 22:36:48 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vswmi.dll
    [2011/04/04 22:36:47 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zpeng25.dll
    [2011/04/04 22:36:47 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vspubapi.dll
    [2011/04/04 22:36:47 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsxml.dll
    [2011/04/04 22:36:47 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsmonapi.dll
    [2011/04/04 22:36:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
    [2011/04/04 22:36:46 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsdata.dll
    [2011/04/04 22:36:42 | 000,458,840 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysNative\drivers\vsdatant.sys
    [2011/04/04 22:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
    [2011/04/04 22:36:21 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
    [2011/04/04 22:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
    [2011/04/04 22:36:20 | 000,712,192 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsutil.dll
    [2011/04/04 22:36:20 | 000,228,352 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsinit.dll
    [2011/04/04 22:06:03 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Roaming\QuickScan
    [2011/04/04 21:52:35 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Local\{D565D62C-A8AD-49CF-883A-2A8C448CA915}
    [2011/04/04 21:01:58 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Local\{7BBD71FA-22C9-473C-8791-10F2E5399DE0}
    [2011/04/04 18:43:39 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Local\{86F61F21-D620-4A15-961C-44EF12207681}
    [2011/04/04 18:32:40 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Roaming\Malwarebytes
    [2011/04/04 18:32:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/04/04 18:32:30 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/04/04 11:39:33 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Local\{2A439195-8C47-4D7C-80B2-0E979B403E7D}
    [2011/04/04 06:48:18 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Local\{051784A6-C7E4-4B5B-AE2F-5652872FF97B}
    [2011/04/03 21:40:30 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Local\{5BB0F431-AB24-427B-8F41-51CFD776A996}
    [2011/04/03 20:38:12 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Local\{8E3F9DCE-F116-443E-BB73-6894B29B6919}
    [2011/04/03 19:44:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
    [2011/04/03 08:36:04 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Local\{5EBEE743-D5AE-4E1D-92B6-4AF69585B591}
    [2011/04/02 19:03:02 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Local\freetvradio Air
    [2011/04/02 19:02:58 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Roaming\freeTVRadio
    [2011/04/02 15:40:49 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Local\{14B84D01-AB6A-4334-9E32-08A84B71634D}
    [2011/04/02 15:03:26 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Local\{0684CF56-53B0-4798-891B-D4E94DE32DFB}
    [2011/04/02 00:14:31 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Local\{045D33EB-B361-415E-89EF-662E6FEFA9D7}
    [2011/04/01 21:57:23 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Local\{8956B64C-73B6-4677-AEBF-1D350D9A1CD3}
    [2011/04/01 09:17:13 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Local\{EC903449-6157-4780-B615-536C155FB9B4}
    [2011/03/31 20:15:17 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\Documents\TomTom
    [2011/03/31 20:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom
    [2011/03/31 20:15:04 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Roaming\TomTom
    [2011/03/31 20:15:04 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Local\TomTom
    [2011/03/31 11:31:12 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Local\{3FA34208-64D3-47F6-8973-5C319AE4E6BF}
    [2011/03/30 16:34:38 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Roaming\DarksporeData
    [2011/03/30 16:34:38 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\Documents\Darkspore
    [2011/03/29 14:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
    [2011/03/28 14:42:11 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\Documents\Green Gamer
    [2011/03/28 14:41:20 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fashion Fortune
    [2011/03/28 14:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fashion Fortune
    [2011/03/28 14:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fashion Fortune
    [2011/03/22 21:46:58 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kill-ID für Chrome
    [2011/03/22 21:46:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kill-ID für Chrome
    [2011/03/22 17:57:33 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Roaming\SulusGames
    [2011/03/22 17:56:09 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Burger Bustle
    [2011/03/22 17:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Burger Bustle
    [2011/03/22 17:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Burger Bustle
    [2011/03/20 15:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Futuremark Shared
    [2011/03/20 03:13:13 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Local\Hook Network
    [2011/03/20 00:32:50 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
    [2011/03/20 00:32:50 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
    [2011/03/20 00:32:50 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2011/03/20 00:32:50 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
    [2011/03/20 00:32:50 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2011/03/20 00:32:50 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2011/03/20 00:32:50 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2011/03/20 00:32:50 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2011/03/20 00:32:50 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2011/03/20 00:32:50 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2011/03/20 00:32:50 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
    [2011/03/20 00:32:50 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2011/03/20 00:32:50 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
    [2011/03/20 00:32:50 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
    [2011/03/20 00:32:50 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2011/03/20 00:32:50 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
    [2011/03/20 00:32:50 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
    [2011/03/20 00:32:50 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
    [2011/03/20 00:32:50 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
    [2011/03/20 00:32:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2011/03/20 00:32:50 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2011/03/20 00:32:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2011/03/20 00:32:50 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
    [2011/03/20 00:32:50 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
    [2011/03/20 00:32:50 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
    [2011/03/20 00:32:50 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2011/03/20 00:32:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2011/03/20 00:32:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2011/03/20 00:32:50 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
    [2011/03/20 00:32:50 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
    [2011/03/20 00:32:50 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
    [2011/03/20 00:32:50 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2011/03/20 00:32:50 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
    [2011/03/20 00:32:50 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
    [2011/03/20 00:32:50 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
    [2011/03/20 00:32:50 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
    [2011/03/20 00:32:50 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
    [2011/03/20 00:32:50 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
    [2011/03/20 00:32:50 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
    [2011/03/20 00:32:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2011/03/20 00:32:50 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
    [2011/03/20 00:32:50 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
    [2011/03/20 00:32:50 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
    [2011/03/20 00:32:50 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2011/03/20 00:32:50 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
    [2011/03/20 00:32:50 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2011/03/20 00:32:50 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
    [2011/03/20 00:32:50 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
    [2011/03/20 00:32:50 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
    [2011/03/20 00:32:50 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2011/03/20 00:32:50 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
    [2011/03/20 00:32:50 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2011/03/20 00:32:50 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2011/03/20 00:32:50 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2011/03/20 00:32:50 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2011/03/20 00:32:50 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
    [2011/03/20 00:32:50 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
    [2011/03/20 00:32:50 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
    [2011/03/20 00:32:50 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
    [2011/03/20 00:32:50 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2011/03/20 00:32:50 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2011/03/20 00:32:50 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
    [2011/03/20 00:32:50 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2011/03/20 00:32:50 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
    [2011/03/20 00:32:50 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
    [2011/03/20 00:32:50 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
    [2011/03/20 00:32:50 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
    [2011/03/20 00:32:50 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
    [2011/03/20 00:32:50 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
    [2011/03/20 00:32:50 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
    [2011/03/20 00:32:50 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2011/03/20 00:32:50 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
    [2011/03/20 00:32:50 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2011/03/20 00:32:50 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
    [2011/03/20 00:32:50 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
    [2011/03/20 00:32:50 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
    [2011/03/20 00:32:50 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2011/03/20 00:32:50 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
    [2011/03/19 13:36:17 | 000,000,000 | ---D | C] -- C:\ProgramData\FarmFrenzy2
    [2011/03/17 19:28:43 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Local\Ubisoft Game Launcher
    [2011/03/16 23:25:50 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Roaming\PunkBuster
    [2011/03/14 18:34:03 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Roaming\SevenSails
    [2011/03/09 12:42:24 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2011/03/09 12:42:24 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
    [2011/03/09 12:42:24 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2011/03/09 12:42:24 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
    [2011/03/09 12:42:23 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
    [2011/03/09 12:42:23 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
    [2011/03/09 12:42:23 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
    [2011/03/09 12:42:23 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
    [2011/03/09 12:42:23 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
    [2011/03/09 12:42:23 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
    [2011/03/09 12:42:23 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
    [2011/03/09 12:42:23 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
    [2011/03/09 12:42:22 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
    [2011/03/09 12:42:22 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
    [2011/03/09 12:42:22 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
    [2011/03/09 12:42:22 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
    [2011/03/07 15:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Farm Fishes
    [2011/03/07 15:37:29 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm Frenzy - Gone Fishing
    [2011/03/07 15:37:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm Frenzy - Gone Fishing
    [2011/03/07 15:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Farm Frenzy - Gone Fishing
    [2011/03/07 00:14:35 | 000,000,000 | ---D | C] -- C:\Users\CATHERINE\AppData\Roaming\vlc
    [2009/10/13 03:44:26 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/04/04 22:37:54 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
    [2011/04/04 22:36:54 | 000,001,070 | ---- | M] () -- C:\Users\CATHERINE\Desktop\ZoneAlarm Security.lnk
    [2011/04/04 21:59:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/04/04 21:59:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/04/04 21:57:07 | 001,578,180 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/04/04 21:57:07 | 000,714,094 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
    [2011/04/04 21:57:07 | 000,624,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/04/04 21:57:07 | 000,135,410 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
    [2011/04/04 21:57:07 | 000,110,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/04/04 21:52:36 | 000,003,284 | ---- | M] () -- C:\Users\CATHERINE\AppData\Roaming\ANIWZCS{EB003A82-C43F-41D0-82A2-CD5975F0408A}
    [2011/04/04 21:52:36 | 000,000,008 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME{EB003A82-C43F-41D0-82A2-CD5975F0408A}
    [2011/04/04 21:52:17 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/04/04 21:52:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/04/04 21:50:44 | 2146,807,807 | -HS- | M] () -- C:\hiberfil.sys
    [2011/04/04 21:50:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/04/04 20:58:29 | 000,003,284 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCS{EB003A82-C43F-41D0-82A2-CD5975F0408A}
    [2011/04/04 18:43:12 | 000,000,008 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME
    [2011/03/31 17:29:07 | 000,000,506 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for CATHERINE.job
    [2011/03/30 21:06:42 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
    [2011/03/30 21:06:42 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
    [2011/03/29 14:56:30 | 000,001,134 | ---- | M] () -- C:\Users\CATHERINE\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
    [2011/03/22 19:48:23 | 000,002,052 | ---- | M] () -- C:\Users\CATHERINE\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/03/21 21:47:18 | 001,440,032 | ---- | M] () -- C:\PA7311.DAT
    [2011/03/20 03:13:10 | 000,001,457 | ---- | M] () -- C:\Users\CATHERINE\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/03/20 00:32:50 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
    [2011/03/20 00:32:50 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
    [2011/03/20 00:32:50 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2011/03/20 00:32:50 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
    [2011/03/20 00:32:50 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2011/03/20 00:32:50 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2011/03/20 00:32:50 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2011/03/20 00:32:50 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2011/03/20 00:32:50 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2011/03/20 00:32:50 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2011/03/20 00:32:50 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
    [2011/03/20 00:32:50 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2011/03/20 00:32:50 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
    [2011/03/20 00:32:50 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
    [2011/03/20 00:32:50 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2011/03/20 00:32:50 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
    [2011/03/20 00:32:50 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
    [2011/03/20 00:32:50 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
    [2011/03/20 00:32:50 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
    [2011/03/20 00:32:50 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2011/03/20 00:32:50 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2011/03/20 00:32:50 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2011/03/20 00:32:50 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
    [2011/03/20 00:32:50 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
    [2011/03/20 00:32:50 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
    [2011/03/20 00:32:50 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2011/03/20 00:32:50 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2011/03/20 00:32:50 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2011/03/20 00:32:50 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
    [2011/03/20 00:32:50 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
    [2011/03/20 00:32:50 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
    [2011/03/20 00:32:50 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2011/03/20 00:32:50 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
    [2011/03/20 00:32:50 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
    [2011/03/20 00:32:50 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
    [2011/03/20 00:32:50 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
    [2011/03/20 00:32:50 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
    [2011/03/20 00:32:50 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
    [2011/03/20 00:32:50 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
    [2011/03/20 00:32:50 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2011/03/20 00:32:50 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
    [2011/03/20 00:32:50 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
    [2011/03/20 00:32:50 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
    [2011/03/20 00:32:50 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2011/03/20 00:32:50 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
    [2011/03/20 00:32:50 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2011/03/20 00:32:50 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
    [2011/03/20 00:32:50 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
    [2011/03/20 00:32:50 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
    [2011/03/20 00:32:50 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2011/03/20 00:32:50 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
    [2011/03/20 00:32:50 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2011/03/20 00:32:50 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2011/03/20 00:32:50 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2011/03/20 00:32:50 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2011/03/20 00:32:50 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
    [2011/03/20 00:32:50 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
    [2011/03/20 00:32:50 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
    [2011/03/20 00:32:50 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
    [2011/03/20 00:32:50 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2011/03/20 00:32:50 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2011/03/20 00:32:50 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
    [2011/03/20 00:32:50 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2011/03/20 00:32:50 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2011/03/20 00:32:50 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2011/03/20 00:32:50 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
    [2011/03/20 00:32:50 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
    [2011/03/20 00:32:50 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
    [2011/03/20 00:32:50 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
    [2011/03/20 00:32:50 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
    [2011/03/20 00:32:50 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
    [2011/03/20 00:32:50 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
    [2011/03/20 00:32:50 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2011/03/20 00:32:50 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
    [2011/03/20 00:32:50 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2011/03/20 00:32:50 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
    [2011/03/20 00:32:50 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
    [2011/03/20 00:32:50 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
    [2011/03/20 00:32:50 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2011/03/20 00:32:50 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
    [2011/03/17 16:34:39 | 000,007,493 | ---- | M] () -- C:\Users\CATHERINE\Documents\BILAN HEPATOLOGIQUE TRANSFUSIONNEL DU 21.pdf
    [2011/03/16 23:25:58 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2011/03/16 23:25:55 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2011/03/16 22:48:00 | 000,000,632 | ---- | M] () -- C:\Windows\CoD.INI
    [2011/03/16 11:49:05 | 000,006,508 | ---- | M] () -- C:\User
    a c 327 8 Sécurité
    6 Avril 2011 20:42:24

    Ce n'est pas le bon rapport.
    6 Avril 2011 21:00:30

    Mince ..

    C'est peut-être celui la alors :



    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
    File C:\Windows\SysWOW64\Online\services.exe not found.
    Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
    Registry key HKEY_CURRENT_USER\\Software\Microsoft\Windows\CurrentVersion\Run not found.
    File C:\Windows\SysWOW64\Online\services.exe not found.
    Registry key HKEY_CURRENT_USER\\Software\Microsoft\Windows\CurrentVersion\Run not found.
    ========== FILES ==========
    File\Folder C:\Windows\SysWOW64\Online not found.
    File\Folder C:\Windows\SysWOW64\Updater not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData

    User: CATHERINE
    ->Temp folder emptied: 1240 bytes
    ->Temporary Internet Files folder emptied: 841143 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 104641716 bytes
    ->Flash cache emptied: 865 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1955417 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 102,00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 04062011_205416

    Files\Folders moved on Reboot...
    File move failed. C:\Users\CATHERINE\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
    File\Folder C:\Windows\temp\ZLT03d49.TMP not found!

    Registry entries deleted on Reboot...
    a c 327 8 Sécurité
    6 Avril 2011 21:03:55

    Ok, le PC refonctionne correctement en mode normal ?

    Tu peux m'envoyer par email (destrio5@free.fr) l'archive qui se trouve dans C:\_OTL ?
    6 Avril 2011 21:32:12

    Oui en partis , je peux retourner sur internet en mode normal, mais par contre toujours impossible de lancer Avast ou encore "Système et sécurité" dans panneau de configuration !

    Et aussi je ne peux plus accéder à certains documents, il y'a un cadenas dessus avec écrit :

    " C:/ User ... / Mes images n'est pas accessible "
    Accès refusé.

    J'ai aussi des fichiers "Dekstop.ini" un peu partout avec des fichiers bizarre ..

    http://s3.noelshack.com/upload/16679079825210_hyh.png

    Sinon désolé mais tu me parles de quoi en disant "L'archive de C:/_OTL" ?

    Mon dossier est comme ça :

    http://s3.noelshack.com/upload/21065916587661_otl.png

    Avec plusieurs sous dossiers
    a c 327 8 Sécurité
    6 Avril 2011 21:36:49

    Dans 04062011_201148, il y a quoi ?
    6 Avril 2011 21:44:12

    Il y a :

    C_Users => Username => AppData => Local => Temp => FXSAPIDebugLogFile.txt (avec rien dedans)

    C_Windows => SysWOW64 => Online => services.exe

    (au même niveau que Online) => Updater (se ferme quand je clique dessus)
    a c 327 8 Sécurité
    6 Avril 2011 21:45:44

    C'est le fichier services.exe qui m'intéresse.
    6 Avril 2011 22:02:43

    Quand je veux l'ouvrir ZoneAlarm me le bloque.
    a c 327 8 Sécurité
    6 Avril 2011 22:23:18

    Il ne faut pas l'ouvrir, c'est un virus. Tu peux le mettre dans une archive WinRar et me l'envoyer par mail ?
    6 Avril 2011 22:37:46

    Comme un idiot j'ai tenté de l'ouvrir, du coup je peux plus retourner sur cette section du forum, dès que j'y vais ça me ferme la navigateur.

    Je t'ai envoyé l'e-mail

    EDIT : J'ai refais l'étape avec OTL, ça re fonctionne pour internet. ;) 
    a c 327 8 Sécurité
    6 Avril 2011 23:14:50

    Merci.

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

  • Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur.

  • Réponds Oui au message d'avertissement pour que ComboFix commence l'analyse de ton PC.

  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    6 Avril 2011 23:30:57

    Heu j'ai pas Avast de lancé, j'ai vérifié dans le gestionnaire de tache, mais il me dit qu'il l'est toujours ? C'est important ou pas ?
    a c 327 8 Sécurité
    6 Avril 2011 23:49:10

    Tant pis.
    7 Avril 2011 06:30:39

    Ok, j'ai fais ça voila mon rapport :




    ComboFix 11-04-06.02 - CATHERINE 07/04/2011 6:20.1.2 - x64 NETWORK
    Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.8191.6961 [GMT 2:00]
    Lancé depuis: c:\downloads\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
    SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Un nouveau point de restauration a été créé
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\_otl\MovedFiles\04062011_201148\C_Windows\SysWOW64\Online\services.exe
    C:\Images
    c:\users\CATHERINE\AppData\Roaming\.#
    c:\windows\SysWow64\update
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-03-07 au 2011-04-07 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-04-07 04:26 . 2011-04-07 04:26 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-04-06 19:09 . 2011-04-06 19:09 -------- d-----w- c:\users\CATHERINE\AppData\Local\{8C9ABFD4-54C4-406A-8080-878C6A8EB8AC}
    2011-04-06 18:11 . 2011-04-06 18:11 -------- d-----w- C:\_OTL
    2011-04-06 18:05 . 2011-04-06 18:05 -------- d-----w- c:\users\CATHERINE\AppData\Local\{917F3523-4477-4C02-8733-13DDF9AE9ABF}
    2011-04-06 16:48 . 2011-04-06 16:48 -------- d-----w- c:\users\CATHERINE\AppData\Local\{74FB46B9-AA05-4338-98E7-0188D043BBE4}
    2011-04-06 04:24 . 2011-04-06 04:24 -------- d-----w- c:\users\CATHERINE\AppData\Local\{572B04C6-EF5C-4940-AA27-2139CF95FA17}
    2011-04-05 17:36 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5413F8D4-E1AF-417C-9F50-4019CC84AE4B}\mpengine.dll
    2011-04-05 16:13 . 2011-04-05 16:14 -------- d-----w- c:\users\CATHERINE\AppData\Local\{71F083B8-2284-4E03-90FF-9AFD0CBD2B08}
    2011-04-05 16:08 . 2011-04-05 16:08 -------- d-----w- c:\users\CATHERINE\AppData\Local\{539858C1-4891-4D7C-921E-E5754E063837}
    2011-04-05 16:05 . 2011-04-05 16:05 -------- d-----w- c:\users\CATHERINE\AppData\Local\{80AD348F-52B1-479E-8907-BC60F755A977}
    2011-04-05 16:01 . 2011-04-05 16:01 -------- d-----w- c:\users\CATHERINE\AppData\Local\{A80AF37E-0137-4DDC-8129-B32490D05762}
    2011-04-05 15:59 . 2011-04-05 15:59 -------- d-----w- c:\users\CATHERINE\AppData\Local\{0D9715A6-5912-4B88-BE71-DDA68827EE73}
    2011-04-05 15:59 . 2011-04-05 15:59 -------- d-----w- c:\users\CATHERINE\Tracing
    2011-04-05 15:55 . 2011-04-05 15:55 -------- d-----w- c:\users\CATHERINE\AppData\Local\{E8585B92-FC34-4D76-8ECF-1E252C7F3AC4}
    2011-04-05 07:53 . 2011-04-05 07:53 -------- d-----w- c:\users\CATHERINE\AppData\Local\{E84E8699-ED31-4FE1-9EA0-D311040E64CB}
    2011-04-04 21:08 . 2010-11-29 15:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-04-04 21:08 . 2011-04-04 21:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-04-04 20:37 . 2011-04-04 20:37 -------- d-----w- c:\users\CATHERINE\AppData\Roaming\CheckPoint
    2011-04-04 20:37 . 2011-04-04 21:07 -------- d-----w- c:\program files (x86)\ZoneAlarm
    2011-04-04 20:37 . 2011-04-04 20:37 -------- d-----w- c:\users\AppData
    2011-04-04 20:06 . 2011-04-04 20:06 -------- d-----w- c:\users\CATHERINE\AppData\Roaming\QuickScan
    2011-04-04 19:52 . 2011-04-04 19:52 -------- d-----w- c:\users\CATHERINE\AppData\Local\{D565D62C-A8AD-49CF-883A-2A8C448CA915}
    2011-04-04 19:01 . 2011-04-04 19:01 -------- d-----w- c:\users\CATHERINE\AppData\Local\{7BBD71FA-22C9-473C-8791-10F2E5399DE0}
    2011-04-04 16:43 . 2011-04-04 16:43 -------- d-----w- c:\users\CATHERINE\AppData\Local\{86F61F21-D620-4A15-961C-44EF12207681}
    2011-04-04 16:32 . 2011-04-04 16:32 -------- d-----w- c:\users\CATHERINE\AppData\Roaming\Malwarebytes
    2011-04-04 16:32 . 2011-04-04 16:32 -------- d-----w- c:\programdata\Malwarebytes
    2011-04-04 16:32 . 2010-11-29 15:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-04 09:39 . 2011-04-04 09:39 -------- d-----w- c:\users\CATHERINE\AppData\Local\{2A439195-8C47-4D7C-80B2-0E979B403E7D}
    2011-04-04 04:48 . 2011-04-04 04:48 -------- d-----w- c:\users\CATHERINE\AppData\Local\{051784A6-C7E4-4B5B-AE2F-5652872FF97B}
    2011-04-03 19:40 . 2011-04-03 19:40 -------- d-----w- c:\users\CATHERINE\AppData\Local\{5BB0F431-AB24-427B-8F41-51CFD776A996}
    2011-04-03 18:38 . 2011-04-03 18:38 -------- d-----w- c:\users\CATHERINE\AppData\Local\{8E3F9DCE-F116-443E-BB73-6894B29B6919}
    2011-04-03 17:44 . 2011-04-03 19:34 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
    2011-04-03 06:36 . 2011-04-03 06:36 -------- d-----w- c:\users\CATHERINE\AppData\Local\{5EBEE743-D5AE-4E1D-92B6-4AF69585B591}
    2011-04-02 17:03 . 2011-04-02 17:10 -------- d-----w- c:\users\CATHERINE\AppData\Local\freetvradio Air
    2011-04-02 17:02 . 2011-04-02 17:05 -------- d-----w- c:\users\CATHERINE\AppData\Roaming\freeTVRadio
    2011-04-02 13:40 . 2011-04-02 13:41 -------- d-----w- c:\users\CATHERINE\AppData\Local\{14B84D01-AB6A-4334-9E32-08A84B71634D}
    2011-04-02 13:03 . 2011-04-02 13:03 -------- d-----w- c:\users\CATHERINE\AppData\Local\{0684CF56-53B0-4798-891B-D4E94DE32DFB}
    2011-04-01 22:14 . 2011-04-01 22:14 -------- d-----w- c:\users\CATHERINE\AppData\Local\{045D33EB-B361-415E-89EF-662E6FEFA9D7}
    2011-04-01 19:57 . 2011-04-01 19:57 -------- d-----w- c:\users\CATHERINE\AppData\Local\{8956B64C-73B6-4677-AEBF-1D350D9A1CD3}
    2011-04-01 07:17 . 2011-04-01 07:17 -------- d-----w- c:\users\CATHERINE\AppData\Local\{EC903449-6157-4780-B615-536C155FB9B4}
    2011-03-31 18:15 . 2011-03-31 18:15 -------- d-----w- c:\programdata\TomTom
    2011-03-31 18:15 . 2011-03-31 18:15 -------- d-----w- c:\users\CATHERINE\AppData\Roaming\TomTom
    2011-03-31 18:15 . 2011-03-31 18:15 -------- d-----w- c:\users\CATHERINE\AppData\Local\TomTom
    2011-03-31 09:31 . 2011-03-31 09:31 -------- d-----w- c:\users\CATHERINE\AppData\Local\{3FA34208-64D3-47F6-8973-5C319AE4E6BF}
    2011-03-30 19:06 . 2011-03-30 19:06 1409 ----a-w- c:\windows\QTFont.for
    2011-03-30 14:34 . 2011-03-30 14:34 -------- d-----w- c:\users\CATHERINE\AppData\Roaming\DarksporeData
    2011-03-28 12:41 . 2011-03-28 12:41 -------- d-----w- c:\program files (x86)\Fashion Fortune
    2011-03-22 19:46 . 2011-03-22 19:46 -------- d-----w- c:\program files (x86)\Kill-ID für Chrome
    2011-03-22 15:57 . 2011-03-22 15:57 -------- d-----w- c:\users\CATHERINE\AppData\Roaming\SulusGames
    2011-03-22 15:56 . 2011-03-22 15:56 -------- d-----w- c:\program files (x86)\Burger Bustle
    2011-03-20 13:42 . 2011-03-20 13:42 -------- d-----w- c:\program files (x86)\Common Files\Futuremark Shared
    2011-03-20 01:13 . 2011-03-20 01:13 -------- d-----w- c:\users\CATHERINE\AppData\Local\Hook Network
    2011-03-20 01:11 . 2011-03-20 01:11 -------- d-----w- c:\windows\SysWow64\wbem\en-US
    2011-03-20 01:11 . 2011-03-20 01:11 -------- d-----w- c:\windows\system32\wbem\en-US
    2011-03-19 22:21 . 2011-03-18 17:58 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
    2011-03-19 22:21 . 2011-03-18 17:58 728024 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
    2011-03-19 22:21 . 2011-03-18 17:58 1975768 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
    2011-03-19 22:21 . 2011-03-18 17:58 1893336 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
    2011-03-19 22:21 . 2011-03-18 17:58 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
    2011-03-19 22:21 . 2011-03-18 17:58 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
    2011-03-19 22:21 . 2011-03-18 17:58 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
    2011-03-19 22:21 . 2011-03-18 17:58 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
    2011-03-19 11:36 . 2011-03-19 11:36 -------- d-----w- c:\programdata\FarmFrenzy2
    2011-03-17 17:28 . 2011-03-17 17:28 -------- d-----w- c:\users\CATHERINE\AppData\Local\Ubisoft Game Launcher
    2011-03-16 21:25 . 2011-03-16 21:25 -------- d-----w- c:\users\CATHERINE\AppData\Roaming\PunkBuster
    2011-03-14 16:34 . 2011-03-14 16:34 -------- d-----w- c:\users\CATHERINE\AppData\Roaming\SevenSails
    2011-03-12 11:28 . 2011-03-12 11:28 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2011-03-12 11:28 . 2011-03-12 11:28 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-16 21:25 . 2010-08-05 13:36 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2011-03-16 21:25 . 2010-08-05 13:36 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2011-03-10 16:45 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-06 13:17 . 2010-08-05 13:36 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2011-03-01 20:10 . 2011-02-24 21:55 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2011-02-03 20:47 . 2010-12-07 14:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-02-02 17:11 . 2010-10-09 18:42 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-26 06:53 . 2011-02-10 10:59 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-01-26 06:53 . 2011-02-10 10:59 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-01-26 06:31 . 2011-02-10 10:59 144384 ----a-w- c:\windows\system32\cdd.dll
    2011-01-13 08:47 . 2010-10-09 18:23 38848 ----a-w- c:\windows\avastSS.scr
    2011-01-13 08:47 . 2010-10-09 18:23 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-01-13 08:47 . 2011-01-24 13:03 237168 ----a-w- c:\windows\system32\aswBoot.exe
    2011-01-13 08:41 . 2010-10-09 18:23 273488 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-01-13 08:40 . 2010-10-09 18:23 51792 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-01-13 08:37 . 2010-10-09 18:23 29264 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-01-13 08:37 . 2010-10-09 18:23 62032 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-01-13 08:37 . 2010-10-09 18:23 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-01-08 03:27 . 2011-02-24 22:18 67176 ----a-w- c:\windows\system32\OpenCL.dll
    2011-01-08 03:27 . 2011-02-24 22:18 6604904 ----a-w- c:\windows\system32\nvcuda.dll
    2011-01-08 03:27 . 2011-02-24 22:18 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2011-01-08 03:27 . 2011-02-24 22:18 5653096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2011-01-08 03:27 . 2011-02-24 22:18 4941928 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2011-01-08 03:27 . 2011-02-24 22:18 3112040 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-01-08 03:27 . 2011-02-24 22:18 2895976 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2011-01-08 03:27 . 2011-02-24 22:18 2479720 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-01-08 03:27 . 2011-02-24 22:18 2251368 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2011-01-08 03:27 . 2011-02-24 22:18 20471912 ----a-w- c:\windows\system32\nvoglv64.dll
    2011-01-08 03:27 . 2011-02-24 22:18 1965672 ----a-w- c:\windows\SysWow64\nvapi.dll
    2011-01-08 03:27 . 2011-02-24 22:18 18580072 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-01-08 03:27 . 2011-02-24 22:18 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll
    2011-01-08 03:27 . 2011-02-24 22:18 15047272 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2011-01-08 03:27 . 2011-02-24 22:18 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll
    2011-01-08 03:27 . 2011-02-24 22:18 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2011-01-08 03:27 . 2011-02-24 22:18 12961640 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-01-08 03:27 . 2010-10-16 23:11 10078312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2011-01-08 03:27 . 2009-10-13 02:17 7729256 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2011-01-08 03:27 . 2009-10-13 02:17 12859496 ----a-w- c:\windows\system32\nvd3dumx.dll
    2011-01-08 03:27 . 2009-10-13 02:17 2200680 ----a-w- c:\windows\system32\nvapi64.dll
    2011-01-07 19:50 . 2011-01-07 19:50 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
    2011-01-07 19:50 . 2011-01-07 19:50 6143080 ----a-w- c:\windows\system32\nvcpl.dll
    2011-01-07 19:49 . 2011-01-07 19:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
    2011-01-07 19:49 . 2011-01-07 19:49 117864 ----a-w- c:\windows\system32\nvmctray.dll
    2011-01-07 19:49 . 2011-01-07 19:49 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
    2011-01-07 19:49 . 2011-01-07 19:49 1005160 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-01-07 08:07 . 2011-02-23 10:57 662528 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-07 08:07 . 2011-02-23 10:57 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-07 08:06 . 2011-02-10 10:58 46080 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-07 07:31 . 2011-02-23 10:57 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2011-01-07 07:31 . 2011-02-23 10:57 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2011-01-07 07:27 . 2011-02-10 10:58 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2011-01-07 05:49 . 2011-02-10 10:58 366080 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-07 05:33 . 2011-02-10 10:58 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
    2006-05-03 09:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
    2007-02-21 10:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
    2008-03-16 12:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files (x86)\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
    .
    [HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
    2010-05-09 10:50 2517088 ----a-w- c:\program files (x86)\ZoneAlarm\tbZone.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files (x86)\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
    .
    [HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-13 39408]
    "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
    "Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
    "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-29 128296]
    "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-09-29 181480]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2007-12-11 286720]
    "D-Link D-Link Wireless N DWA-140"="c:\program files (x86)\D-Link\DWA-140 revB\AirNCFG.exe" [2009-05-07 1683456]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-01-28 526336]
    "ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-20 1043968]
    "Recycler Recovery"="c:\recovery\services.exe" [2011-04-04 40960]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" [X]
    .
    c:\users\CATHERINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-2-6 100352]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    R1 aswSP;aswSP; [x]
    R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
    R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
    R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
    R2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-01-28 387072]
    R2 aswFsBlk;aswFsBlk; [x]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
    R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-04 135664]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-05-18 33008]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-05-18 823272]
    R2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
    R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
    R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
    R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [x]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-01-13 129440]
    R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [x]
    R3 netr28ux;Pilote de carte réseau sans fil RT2870 USB pour Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
    R3 PAC7311;PAC7312 VGA USB Camera;c:\windows\system32\DRIVERS\PA707UCM.SYS [x]
    R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-08-24 16392]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 2101640]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
    .
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-04 13:47]
    .
    2011-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-04 13:47]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
    "PAC7311_Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488]
    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-18 1115624]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_cyri_4.1.71.0.cab
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    FF - ProfilePath - c:\users\CATHERINE\AppData\Roaming\Mozilla\Firefox\Profiles\b9ngnra0.default\
    FF - prefs.js: browser.startup.homepage - www.google.fr
    FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    URLSearchHooks-{2d46002d-7fb3-41a9-bb48-20e005d5ae39} - c:\program files (x86)\FC_Girondins_de_Bordeaux\tbFC_G.dll
    BHO-{2d46002d-7fb3-41a9-bb48-20e005d5ae39} - c:\program files (x86)\FC_Girondins_de_Bordeaux\tbFC_G.dll
    BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\ConduitEngine.dll
    BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    Toolbar-Locked - (no file)
    Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    Toolbar-{2d46002d-7fb3-41a9-bb48-20e005d5ae39} - c:\program files (x86)\FC_Girondins_de_Bordeaux\tbFC_G.dll
    Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\ConduitEngine.dll
    Wow6432Node-HKCU-Run-c:\windows\SysWOW64\Updater\services.exe - c:\windows\SysWOW64\Updater\services.exe
    Wow6432Node-HKCU-Run-c:\windows\SysWOW64\Online\services.exe - c:\windows\SysWOW64\Online\services.exe
    Wow6432Node-HKCU-Run-Google Update - c:\users\CATHERINE\AppData\Local\Google\Update\GoogleUpdate.exe
    Wow6432Node-HKCU-Run-TomTomHOME.exe - c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
    Wow6432Node-HKCU-Run-c:\_otl\MovedFiles\04062011_201148\C_Windows\SysWOW64\Online\services.exe - c:\_otl\MovedFiles\04062011_201148\C_Windows\SysWOW64\Online\services.exe
    Wow6432Node-HKLM-Run-RDesc - (no file)
    Wow6432Node-HKLM-Run-c:\windows\SysWOW64\Updater\services.exe - c:\windows\SysWOW64\Updater\services.exe
    Wow6432Node-HKLM-Run-NPSStartup - (no file)
    Wow6432Node-HKLM-Run-ANIWZCS2Service - c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    Wow6432Node-HKLM-Run-c:\windows\SysWOW64\Online\services.exe - c:\windows\SysWOW64\Online\services.exe
    Wow6432Node-HKLM-Run-c:\_otl\MovedFiles\04062011_201148\C_Windows\SysWOW64\Online\services.exe - c:\_otl\MovedFiles\04062011_201148\C_Windows\SysWOW64\Online\services.exe
    Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{2D46002D-7FB3-41A9-BB48-20E005D5AE39} - (no file)
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-conduitEngine - c:\progra~2\CONDUI~1\ConduitEngineUninstall.exe
    AddRemove-FC_Girondins_de_Bordeaux Toolbar - c:\progra~2\FC_GIR~1\UNWISE.EXE
    AddRemove-NSS - c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\InstStub.exe
    AddRemove-Veetle TV - c:\program files (x86)\Veetle\UninstallVeetleTV.exe
    AddRemove-{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D} - c:\program files (x86)\PDFCreator\unins000.exe
    AddRemove-{3CDF9C0F-6C77-4307-80A6-0A9D47C174D8}_is1 - c:\program files (x86)\Call of Duty Modern Warfare 2\unins000.exe
    AddRemove-{A33679DF-5BD7-40AF-8748-C0455FB838BC}_is1 - c:\program files (x86)\Worms 3D\unins000.exe
    .
    .
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_USERS\S-1-5-21-3821579982-612157489-2328636808-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3821579982-612157489-2328636808-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*ýŽ]
    "C040110900063D11C8EF10054038389C"="C?\\Windows\\SysWOW64\\FM20ENU.DLL"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Heure de fin: 2011-04-07 06:28:47
    ComboFix-quarantined-files.txt 2011-04-07 04:28
    .
    Avant-CF: 127 779 766 272 octets libres
    Après-CF: 127 616 913 408 octets libres
    .
    - - End Of File - - 880715E6AB1845EE176F10568726712B
    a c 327 8 Sécurité
    7 Avril 2011 09:19:14

    Citation :
    c:\recovery\services.exe

    --> Très douteux.

    Fais analyser ce fichier sur VirusTotal et poste l'analyse :
    http://www.virustotal.com/

    Il y a quoi dans le dossier Recovery ?
    7 Avril 2011 18:52:02

    File name: services.exe
    Submission date: 2011-04-07 16:46:43 (UTC)
    Current status: finished
    Result: 3/ 42 (7.1%)

    Antivirus Version Last Update Result
    AhnLab-V3 2011.04.08.00 2011.04.07 -
    AntiVir 7.11.6.4 2011.04.07 -
    Antiy-AVL 2.0.3.7 2011.04.06 -
    Avast 4.8.1351.0 2011.04.07 -
    Avast5 5.0.677.0 2011.04.01 -
    AVG 10.0.0.1190 2011.04.07 unknown virus Win32/DH.IA
    BitDefender 7.2 2011.04.07 -
    CAT-QuickHeal 11.00 2011.04.07 -
    ClamAV 0.97.0.0 2011.04.07 -
    Commtouch 5.2.11.5 2011.04.06 -
    Comodo 8256 2011.04.07 -
    DrWeb 5.0.2.03300 2011.04.07 -
    Emsisoft 5.1.0.5 2011.04.07 -
    eSafe 7.0.17.0 2011.04.04 -
    eTrust-Vet 36.1.8258 2011.04.07 -
    F-Prot 4.6.2.117 2011.04.07 -
    F-Secure 9.0.16440.0 2011.04.07 -
    Fortinet 4.2.254.0 2011.04.07 -
    GData 22 2011.04.07 -
    Ikarus T3.1.1.103.0 2011.04.07 -
    Jiangmin 13.0.900 2011.04.07 -
    K7AntiVirus 9.96.4320 2011.04.07 -
    Kaspersky 7.0.0.125 2011.04.07 Heur.AntiAV
    McAfee 5.400.0.1158 2011.04.07 -
    McAfee-GW-Edition 2010.1C 2011.04.07 -
    Microsoft 1.6702 2011.04.07 -
    NOD32 6023 2011.04.07 -
    Norman 6.07.07 2011.04.07 W32/Malware
    Panda 10.0.3.5 2011.04.07 -
    PCTools 7.0.3.5 2011.04.07 -
    Prevx 3.0 2011.04.07 -
    Rising 23.52.03.06 2011.04.07 -
    Sophos 4.64.0 2011.04.07 -
    SUPERAntiSpyware 4.40.0.1006 2011.04.06 -
    Symantec 20101.3.2.89 2011.04.07 -
    TheHacker 6.7.0.1.168 2011.04.07 -
    TrendMicro 9.200.0.1012 2011.04.07 -
    TrendMicro-HouseCall 9.200.0.1012 2011.04.07 -
    VBA32 3.12.14.3 2011.04.07 -
    VIPRE 8948 2011.04.07 -
    ViRobot 2011.4.7.4398 2011.04.07 -
    VirusBuster 13.6.293.1 2011.04.07 -
    Additional informationShow all
    MD5 : 3d337c15c2b7b113770736b775ff5e4d
    SHA1 : 15f071a2c967d2216f38d651d68df520f1b28d5f
    SHA256: 71373c9fa6a617081165587950e646307c6b616f9e2775f0997372fdc48accb8
    ssdeep: 768:wmQiSI2mo0/3Wz8cNEs7n9foS7qt0OhhWb:wmQiSjm+z8cNEs7qt0OhWb
    File size : 40960 bytes
    First seen: 2011-04-07 16:46:43
    Last seen : 2011-04-07 16:46:43
    TrID:
    Win32 Executable MS Visual C++ (generic) (65.2%)
    Win32 Executable Generic (14.7%)
    Win32 Dynamic Link Library (generic) (13.1%)
    Generic Win/DOS Executable (3.4%)
    DOS Executable Generic (3.4%)
    sigcheck:
    publisher....: n/a
    copyright....: n/a
    product......: n/a
    description..: n/a
    original name: n/a
    internal name: n/a
    file version.: n/a
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned
    PEiD: Armadillo v1.71
    PEInfo: PE structure information

    [[ basic data ]]
    entrypointaddress: 0x2F5D
    timedatestamp....: 0x4D9735D1 (Sat Apr 02 14:42:25 2011)
    machinetype......: 0x14c (I386)

    [[ 3 section(s) ]]
    name, viradd, virsiz, rawdsiz, ntropy, md5
    .text, 0x1000, 0x5E96, 0x6000, 6.50, 8142e8fe4426c313984c50d8a2b31c00
    .rdata, 0x7000, 0xA44, 0x1000, 3.90, f82a55f0078aa5398ce8767688ef5d68
    .data, 0x8000, 0xC39C, 0x2000, 2.48, 544580757efd360249b05e7454041396

    [[ 4 import(s) ]]
    KERNEL32.dll: CreateThread, GetCurrentProcessId, Sleep, LoadLibraryA, GetProcAddress, GetOEMCP, GetACP, OpenProcess, TerminateProcess, SetStdHandle, CloseHandle, GetCPInfo, VirtualAlloc, SetFilePointer, GetLastError, ExitProcess, GetCurrentProcess, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, WideCharToMultiByte, MultiByteToWideChar, LCMapStringA, LCMapStringW, HeapReAlloc, HeapAlloc, HeapSize, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, HeapDestroy, HeapCreate, VirtualFree, HeapFree, RtlUnwind, WriteFile, GetStringTypeA, GetStringTypeW, FlushFileBuffers
    USER32.dll: GetWindowTextA, ShowWindow, PostMessageA, EnumWindows
    ADVAPI32.dll: LookupPrivilegeValueA, AdjustTokenPrivileges, OpenProcessToken
    PSAPI.DLL: EnumProcesses, EnumProcessModules, GetModuleBaseNameA, GetModuleFileNameExA
    ExifTool:
    file metadata
    CodeSize: 24576
    EntryPoint: 0x2f5d
    FileSize: 40 kB
    FileType: Win32 EXE
    ImageVersion: 0.0
    InitializedDataSize: 57344
    LinkerVersion: 6.0
    MIMEType: application/octet-stream
    MachineType: Intel 386 or later, and compatibles
    OSVersion: 4.0
    PEType: PE32
    Subsystem: Windows GUI
    SubsystemVersion: 4.0
    TimeStamp: 2011:04:02 16:42:25+02:00
    UninitializedDataSize: 0






    Dans Recovery il n'y avait que : "service"
    EDIT : J'ai supprimé le dossier Recovery, j'ai apparemment plus de problème. :o 
    a c 327 8 Sécurité
    7 Avril 2011 23:28:18

    Il était mal détecté ce virus. Dommage que tu me l'aies pas envoyé celui-ci, je l'aurais envoyé aux antivirus et ça aurait pu aider des personnes ayant le même virus. Tant pis, tu m'as déjà envoyé l'autre, c'est déjà bien.

    Tu n'as plus de problème du tout ?

  • Utilise l'option "Nettoyer" d'Ad-Remover et poste le rapport :
    http://www.teamxscript.org/adremoverTelechargement.html
    8 Avril 2011 17:14:57

    Oui je n'ai apparemment plsu de problème ! Sinon désolé, je croyais que c'était le même virus que l'autre donc j'ai directement supprimé. :o 

    Merci, encore une fois pour ton aide magnifique, tu m'auras bien aidé !

    Voici le rapport de AD-Remover :



    ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 08/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 17:00:16 le 08/04/2011, Mode normal

    Microsoft Windows 7 Édition Familiale Premium (X64)
    CATHERINE@CATHERINE-PC (Acer Aspire M3802)

    ============== ACTION(S) ==============

    Service: "Application Updater" Stoppé et supprimé

    Fichier supprimé: C:\Program Files (x86)\Mozilla FireFox\extensions\pdfforge@mybrowserbar.com
    Dossier supprimé: C:\Users\CATHERINE\AppData\Roaming\Mozilla\FireFox\Profiles\b9ngnra0.default\extensions\toolbar@ask.com
    Dossier supprimé: C:\Users\CATHERINE\AppData\Roaming\Mozilla\FireFox\Profiles\b9ngnra0.default\conduit
    Dossier supprimé: C:\Users\CATHERINE\AppData\LocalLow\AskToolbar
    Dossier supprimé: C:\Users\CATHERINE\AppData\LocalLow\Conduit
    Dossier supprimé: C:\Users\CATHERINE\AppData\LocalLow\ConduitEngine
    Dossier supprimé: C:\Program Files (x86)\Application Updater
    Dossier supprimé: C:\Users\CATHERINE\AppData\Roaming\freeTVRadio
    Dossier supprimé: C:\Users\CATHERINE\AppData\LocalLow\pdfforge
    Dossier supprimé: C:\Users\CATHERINE\AppData\LocalLow\Search Settings
    Dossier supprimé: C:\Program Files (x86)\Common Files\Spigot

    (!) -- Fichiers temporaires supprimés.


    -- Fichier ouvert: C:\Users\CATHERINE\AppData\Roaming\Mozilla\FireFox\Profiles\b9ngnra0.default\Prefs.js --
    Ligne supprimée: user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2611275");
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2611275", ...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3....
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2611275",...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2611275/CT2611275...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/75/261/CT2611275/Images/6340849608501725...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634...
    Ligne supprimée: user_pref("CommunityToolbar.ToolbarsList", "CT2611275");
    Ligne supprimée: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Apr 05 2011 18:14:19 GMT+02...
    Ligne supprimée: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Ligne supprimée: user_pref("CommunityToolbar.alert.locale", "en");
    Ligne supprimée: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
    Ligne supprimée: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Apr 06 2011 22:10:45 GMT+0200");
    Ligne supprimée: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291048634");
    Ligne supprimée: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
    Ligne supprimée: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Ligne supprimée: user_pref("CommunityToolbar.alert.showTrayIcon", false);
    Ligne supprimée: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
    Ligne supprimée: user_pref("CommunityToolbar.alert.userId", "14f6250a-c00c-42c9-862d-8452c84bf68e");
    Ligne supprimée: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Apr 06 2011 22:10:45 GMT+0200");
    Ligne supprimée: user_pref("CommunityToolbar.globalUserId", "09b15afa-e9c6-4adb-a620-acc521204810");
    Ligne supprimée: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Ligne supprimée: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Ligne supprimée: user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
    Ligne supprimée: user_pref("extensions.asktb.abar-war-timeout", "4000");
    Ligne supprimée: user_pref("extensions.asktb.cbid", "NL");
    Ligne supprimée: user_pref("extensions.asktb.config-updated", false);
    Ligne supprimée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://fr.ask.com/web?q={query}&qsrc={qsrc}&...
    Ligne supprimée: user_pref("extensions.asktb.dtid", "YYYYYYYYFR");
    Ligne supprimée: user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
    Ligne supprimée: user_pref("extensions.asktb.fresh-install", false);
    Ligne supprimée: user_pref("extensions.asktb.guid", "C6218FEA-F8EF-46E4-92EE-EF54C4B2B2E7");
    Ligne supprimée: user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com...
    Ligne supprimée: user_pref("extensions.asktb.if", "su");
    Ligne supprimée: user_pref("extensions.asktb.l", "dis");
    Ligne supprimée: user_pref("extensions.asktb.last-config-req", "1302063903045");
    Ligne supprimée: user_pref("extensions.asktb.locale", "fr_FR");
    Ligne supprimée: user_pref("extensions.asktb.o", "14300");
    Ligne supprimée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
    Ligne supprimée: user_pref("extensions.asktb.qsrc", "2871");
    Ligne supprimée: user_pref("extensions.asktb.r", "4");
    Ligne supprimée: user_pref("extensions.asktb.sa", "NO");
    Ligne supprimée: user_pref("extensions.asktb.search-suggestions-enabled", true);
    Ligne supprimée: user_pref("extensions.asktb.silent-upgrade", true);
    Ligne supprimée: user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
    Ligne supprimée: user_pref("extensions.asktb.socialmini-first", true);
    Ligne supprimée: user_pref("extensions.asktb.socialmini-interval", "1200000");
    Ligne supprimée: user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
    Ligne supprimée: user_pref("extensions.asktb.socialmini-max-items", "30");
    Ligne supprimée: user_pref("extensions.asktb.socialmini-native-on", true);
    Ligne supprimée: user_pref("extensions.asktb.socialmini-speed", "5000");
    Ligne supprimée: user_pref("extensions.asktb.socialmini-transition-first-open", false);
    Ligne supprimée: user_pref("extensions.asktb.themeid", "");
    Ligne supprimée: user_pref("extensions.asktb.version", "5.11.3.15590");
    Ligne supprimée: user_pref("extensions.enabledAddons", "{3e9a3920-1b27-11da-8cd6-0800200c9a66}:3.4.1,{e4a8a97b-f2ed-4...
    Ligne supprimée: user_pref("extensions.enabledItems", "fastdial@telega.phpnet.us:2.23b2,{d33c2f7c-b1e6-4d46-ab0e-be1f...
    Ligne supprimée: user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{FFB96CC1-7EB3-...
    -- Fichier Fermé --


    Clé supprimée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Clé supprimée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKLM\Software\Classes\CLSID\{63F92366-99CC-4248-943E-74ABD4107599}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63F92366-99CC-4248-943E-74ABD4107599}
    Clé supprimée: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé supprimée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Clé supprimée: HKLM\Software\Classes\Interface\{83B2FE06-BA20-4F7D-96C6-6FC3A4E877D3}
    Clé supprimée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Clé supprimée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Clé supprimée: HKLM\Software\Classes\Interface\{B32966A2-F7C2-4362-A6CF-399EC8B44110}
    Clé supprimée: HKLM\Software\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
    Clé supprimée: HKLM\Software\Classes\Conduit.Engine
    Clé supprimée: HKLM\Software\Classes\Toolbar.CT2611275
    Clé supprimée: HKLM\Software\Classes\Toolbar.CT2812103
    Clé supprimée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
    Clé supprimée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Clé supprimée: HKLM\Software\AskToolbar
    Clé supprimée: HKLM\Software\Application Updater
    Clé supprimée: HKLM\Software\Conduit
    Clé supprimée: HKLM\Software\conduitEngine
    Clé supprimée: HKLM\Software\pdfforge
    Clé supprimée: HKLM\Software\Search Settings
    Clé supprimée: HKCU\Software\Spointer
    Clé supprimée: HKCU\Software\Ask.com
    Clé supprimée: HKCU\Software\AppDataLow\Toolbar
    Clé supprimée: HKCU\Software\AppDataLow\AskToolbarInfo
    Clé supprimée: HKCU\Software\AppDataLow\Software\AskToolbar
    Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
    Clé supprimée: HKCU\Software\AppDataLow\Software\conduitEngine
    Clé supprimée: HKCU\Software\AppDataLow\Software\pdfforge
    Clé supprimée: HKCU\Software\AppDataLow\Software\Search Settings
    Clé supprimée: HKLM\Software\Cheat Engine\OpenCandy
    Clé supprimée: HKLM\Software\Messenger Plus!\OpenCandy
    Clé supprimée: HKLM\Software\Classes\Installer\Products\7A931B0A5D8E8E947AFB2124E1562280
    Clé supprimée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7C64E4F-0FE7-4F81-934C-40CF931E0D34}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

    Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings
    Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
    Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}


    ============== SCAN ADDITIONNEL ==============

    **** Mozilla Firefox Version [4.0 (fr)] ****

    HKLM_MozillaPlugins\@checkpoint.com/FFApi (x)
    HKLM_MozillaPlugins\@nvidia.com/3DVision (x)
    HKLM_MozillaPlugins\@nvidia.com/3DVisionStreaming (x)
    HKLM_MozillaPlugins\@pages.tvunetworks.com/WebPlayer (x)
    Searchplugins\bing.xml ( hxxp://www.bing.com/search)
    Components\browsercomps.dll (Mozilla Foundation)

    -- C:\Users\CATHERINE\AppData\Roaming\Mozilla\FireFox\Profiles\b9ngnra0.default --
    Extensions\battlefieldheroespatcher@ea.com (Battlefield Heroes Updater)
    Extensions\fastdial@telega.phpnet.us (Fast Dial)
    Extensions\firefox@tvunetworks.com (TVU Web Player)
    Extensions\nasanightlaunch@example.com (NASA Night Launch)
    Extensions\{038dc421-b19e-4711-a218-1fd10de9163b} (Add N Edit Cookies)
    Extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66} (Charles Autoconfiguration)
    Extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} (ZoneAlarm Community Toolbar)
    Extensions\{b1d89840-39fe-11db-a98b-0800200c9a66} (JeuxVideo.Fox)
    Extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904} (Tiny Menu)
    Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} (Greasemonkey)
    Extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} (Edit Cookies)
    Prefs.js - browser.download.lastDir, C:\\Users\\CATHERINE\\Pictures\\Damien
    Prefs.js - browser.startup.homepage, www.google.fr
    Prefs.js - browser.startup.homepage_override.buildID, 20110318052756
    Prefs.js - browser.startup.homepage_override.mstone, rv:2.0
    Prefs.js - keyword.URL, hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=

    ========================================

    **** Internet Explorer Version [9.0.8112.16421] ****

    HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
    HKCU_Main|Start Page - hxxp://fr.msn.com/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
    HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Start Page - hxxp://fr.msn.com/
    HKCU_URLSearchHooks|{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - "ZoneAlarm Toolbar" (C:\Program Files (x86)\ZoneAlarm\tbZone.dll)
    HKLM_URLSearchHooks|{2d46002d-7fb3-41a9-bb48-20e005d5ae39} - "FC Girondins de Bordeaux Toolbar" (C:\Program Files (x86)\FC_Girondins_de_Bordeaux\tbFC_G.dll) (x)
    HKLM_URLSearchHooks|{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - "ZoneAlarm Toolbar" (C:\Program Files (x86)\ZoneAlarm\tbZone.dll)
    HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "?" (?)
    HKLM_Toolbar|{2d46002d-7fb3-41a9-bb48-20e005d5ae39} (C:\Program Files (x86)\FC_Girondins_de_Bordeaux\tbFC_G.dll) (x)
    HKLM_Toolbar|{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} (C:\Program Files (x86)\ZoneAlarm\tbZone.dll)
    HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll)
    HKCU_ElevationPolicy\{30E4B230-AC56-4D52-B19E-36E2C3A2804D} - C:\Users\CATHERINE\AppData\Local\Hook Network\Raccourcis Internet Explorer 9\2.0.0.1\IE9PinnedSitesHelper.exe (Hook Network)
    HKCU_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files (x86)\Veetle\Player\vtl_hfs.exe (x)
    HKCU_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files (x86)\Veetle\Player\player.exe (x)
    HKCU_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files (x86)\Veetle\Player\vtl_hfax.exe (x)
    HKLM_ElevationPolicy\f2d60903-f897-4a35-bcdf-fa6b2d210586 - C:\Program Files (x86)\ZoneAlarm\ZoneAlarmToolbarHelper.exe (x)
    HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
    HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
    HKLM_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files (x86)\Veetle\Player\vtl_hfs.exe (x)
    HKLM_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files (x86)\Veetle\Player\player.exe (x)
    HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
    HKLM_ElevationPolicy\{8D2A5716-2205-4EB2-8443-03AB6B9F4B3B} - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSIX.exe (Futuremark Corporation)
    HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files (x86)\Common Files\Oberon Media\OberonBroker\1.0.0.63\OberonBroker.exe (?)
    HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
    HKLM_ElevationPolicy\{CE7600B0-7087-4A5A-BD9E-7AF14093D4DD} - C:\Program Files (x86)\FC_Girondins_de_Bordeaux\FC_Girondins_de_BordeauxToolbarHelper.exe (x)
    HKLM_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files (x86)\Veetle\Player\vtl_hfax.exe (x)
    BHO\{2d46002d-7fb3-41a9-bb48-20e005d5ae39} - "FC Girondins de Bordeaux Toolbar" (C:\Program Files (x86)\FC_Girondins_de_Bordeaux\tbFC_G.dll) (x)
    BHO\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - "ZoneAlarm Toolbar" (C:\Program Files (x86)\ZoneAlarm\tbZone.dll)
    BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll)

    ========================================

    C:\Program Files (x86)\Ad-Remover\Quarantine: 260 Fichier(s)
    C:\Program Files (x86)\Ad-Remover\Backup: 15 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 08/04/2011 17:00:20 (17025 Octet(s))

    Fin à: 17:01:26, 08/04/2011

    ============== E.O.F ==============

    a c 327 8 Sécurité
    9 Avril 2011 12:59:26

    Pour finir :


    1/

  • Relance Ad-Remover et choisis Désinstaller.

  • Télécharge DelFix sur ton Bureau.
  • Clique droit sur DelFix et choisis Exécuter en tant qu'administrateur.
  • Clique sur le bouton Suppression.
  • Poste le rapport (C:\DelFixSuppr.txt).
  • Supprime DelFix.


    2/

  • Télécharge et installe CCleaner.
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
  • Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).


    3/

  • Il est nécessaire de supprimer les points de restauration.


    ==Prévention==

    Java n'est pas à jour :
    http://www.malekal.com/2010/11/15/maintenir-java-adobe-...

    Voici un dossier sur la prévention et sécurité sur Internet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    --> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Ajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    ;) 
    10 Avril 2011 00:04:58

    Rapport de Delfix :

    # DelFix v7.6 - Rapport créé le 09/04/2011 à 22:30
    # Mis à jour le 31/03/11 à 16h par Xplode
    # Système d'exploitation : Windows 7 Home Premium (64 bits) [version 6.1.7600]
    # Nom d'utilisateur : CATHERINE - CATHERINE-PC (Administrateur)
    # Exécuté depuis : C:\downloads\DelFix.exe
    # Option [Suppression]


    ~~~~~~ Dossier(s) ~~~~~~

    -> C:\Qoobox\BackEnv ... ACL modifié avec succès.
    Supprimé : C:\Qoobox
    Supprimé : C:\_OTL

    ~~~~~~ Fichier(s) ~~~~~~

    Supprimé : C:\ComboFix.txt
    Supprimé : C:\Windows\grep.exe
    Supprimé : C:\Windows\PEV.exe
    Supprimé : C:\Windows\NIRCMD.exe
    Supprimé : C:\Windows\MBR.exe
    Supprimé : C:\Windows\sed.exe
    Supprimé : C:\Windows\SWREG.exe
    Supprimé : C:\Windows\SWSC.exe
    Supprimé : C:\Windows\SWXCACLS.exe
    Supprimé : C:\Windows\zip.exe

    ~~~~~~ Registre ~~~~~~

    Clé Supprimée : HKLM\Software\swearware
    Clé Supprimée : HKLM\Software\OldTimer Tools
    Clé Supprimée : HKLM\Software\Classes\.cfxxe
    Clé Supprimée : HKLM\Software\Classes\cfxxefile
    Clé Supprimée : HKLM\Software\TrendMicro\Hijackthis
    Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Hijackthis
    Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe
    Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

    ~~~~~~ Autre ~~~~~~

    -> Prefetch vidé

    ########## EOF - "C:\DelFixSuppr.txt" - [1463 octets] ##########


    Je vais lire le dossier sur Malekal, merci infiniment pour ton aide, c'était super sympa de ta part!

    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS