Votre question

Lenteur ( resolu )

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
26 Janvier 2011 19:06:38

Bonjour, c'est le pc de mon amie qui s'en sert professionnellement. Son problème majeur est qu'il rame énormément pour ouvrir n'importe quelle page. Le second problème est qu'elle ne peut pas ou plus imprimer un fichier pdf. Merci d'avance de votre expertise.

Autres pages sur : lenteur resolu

26 Janvier 2011 21:36:39

Bonsoir
tu as le pc sous la main?

sinon, dis lui de s'inscrire, ça sera plus simple... quitte à ce que tu ailles chez elle pour faire les manip qu'elle n'arrive pas à faire seule....


1

Télécharge DDS et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tels qu'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.

    <@_@>**<@_@>**<@_@>**<@_@>**<@_@>**@_@>**<@_@><@_@>**<@_@>**<@_@>**<@_@>**

    ++

    ****
    2
    Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php – clic sur « Download EXE » et télécharge le fichier sur ton bureau.
    Voir le tutorial GMER, ça peut peut-être t’aider : http://www.malekal.com/tutorial_GMER.php

    Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
    Double-clic sur le fichier GMER téléchargé.
    Une fois lancé, fais un clic droit sur le fond blanc (comme ci-dessus) et clic sur « Only Non MS files »
    Clic en bas à droite sur le bouton « Scan » pour lancer le scan.



    Lorsque le scan est terminé, clic sur « Copy »

    Ouvre le bloc-note et clic sur le Menu Edition / Coller
    Le rapport doit alors apparaître.
    Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

    27 Janvier 2011 19:19:50

    Bonjour, oui j'ai toujours le pc à dispo.
    Alors pour le DDS, voici le rapport :


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Administrateur at 18:26:19,45 on 27/01/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.894.251 [GMT 1:00]

    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
    C:\Program Files\WinMover\WinMover.exe
    C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\SFR\Kit\9props.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.sfr.fr/kit/adsl/
    uDefault_search_url = hxxp://www.durable.com/recherche
    uWindow Title =
    uSearch bar = hxxp://g.msn.fr/0SEFRFR/SAOS02
    uSearchMigratedDefaultURL = hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%...{searchTerms}
    mSearch Page = hxxp://www.durable.com/recherche
    mStart Page = hxxp://www.durable.com/recherche
    mWindow Title =
    uInternet Settings,ProxyOverride = 127.0.0.1
    uSearchAssistant = hxxp://www.durable.com/recherche
    uSearchURL,(Default) = hxxp://www.durable.com/recherche
    uURLSearchHooks: Babylon-English Toolbar: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - c:\program files\babylon-english\tbBaby.dll
    uURLSearchHooks: Softonic France FF Toolbar: {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - c:\program files\softonic_france_ff\tbSoft.dll
    BHO: Objet d'aide à la navigation SFR: {0f6e720a-1a6b-40e1-a294-1d4d19f156c8} - c:\program files\sfr\kit\SFRNavErrorHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Softonic France FF Toolbar: {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - c:\program files\softonic_france_ff\tbSoft.dll
    BHO: Babylon-English Toolbar: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - c:\program files\babylon-english\tbBaby.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: WalterShop: {9ec204df-0e48-4c32-816e-2e928a4fd9c2} - mscoree.dll
    TB: Babylon-English Toolbar: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - c:\program files\babylon-english\tbBaby.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Softonic France FF Toolbar: {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - c:\program files\softonic_france_ff\tbSoft.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    uRun: [WinMover] "c:\program files\winmover\WinMover.exe" /q
    uRun: [<NO NAME>]
    uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
    uRun: [AdobeBridge] "c:\program files\adobe\adobe bridge cs4\Bridge.exe" -stealth
    uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
    uRun: [Connexion SFR 9props.exe] "c:\program files\sfr\kit\9props.exe" /trayicon
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
    mRun: [UnlockerAssistant] "f:\program files\unlocker\UnlockerAssistant.exe" -H
    mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
    mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
    mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [NPSStartup]
    mRun: [AdobeCS4ServiceManager] "c:\program files\fichiers communs\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [SunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\fichiers communs\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\fichiers communs\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "c:\program files\fichiers communs\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
    dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
    uPolicies-explorer: NoSMBalloonTip = 0 (0x0)
    uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
    dPolicies-explorer: NoSMBalloonTip = 0 (0x0)
    dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
    dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
    IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
    IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
    Trusted Zone: bwin.com\www
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\mteietq8.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2207610&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Softonic France FF Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
    FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: WalterShop: toolbar@waltershop.com - %profile%\extensions\toolbar@waltershop.com
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\nokia\nokia pc suite 7\bkmrksync

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=

    ============= SERVICES / DRIVERS ===============

    R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2008-12-3 155136]
    R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2008-12-3 5248]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-6 11608]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-7-6 108289]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-6 185089]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-6 56816]
    R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-17 233472]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-12-17 36608]
    S3 SwitchBoard;SwitchBoard;c:\program files\fichiers communs\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S4 Boonty Games;Boonty Games;"c:\program files\fichiers communs\boonty shared\service\boonty.exe" --> c:\program files\fichiers communs\boonty shared\service\Boonty.exe [?]

    =============== Created Last 30 ================

    2011-01-18 22:16:48 -------- d-----w- c:\program files\SFR
    2011-01-14 00:13:33 249856 -c----w- c:\windows\system32\dllcache\odbc32.dll
    2011-01-14 00:13:32 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
    2011-01-14 00:13:32 200704 -c----w- c:\windows\system32\dllcache\msadox.dll
    2011-01-14 00:13:32 180224 -c----w- c:\windows\system32\dllcache\msadomd.dll
    2011-01-14 00:13:32 143360 -c----w- c:\windows\system32\dllcache\msadco.dll
    2011-01-14 00:13:32 102400 -c----w- c:\windows\system32\dllcache\msjro.dll

    ==================== Find3M ====================

    2010-11-18 18:12:45 86016 ----a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:21:45 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:21:44 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:21:44 1469440 ----a-r- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:26:15 385024 ----a-w- c:\windows\system32\html.iec

    ============= FINISH: 18:27:01,93 ===============



    En revanche, je n'ai pas réussi avec GMER, malgré le fait d'avoir désinstallé antivir et le pare feu windows ; 2 fois d'affilée, j'ai eu un BSOD et je ne préfère pas trop jouer avec le feu.
    Contenus similaires
    28 Janvier 2011 21:45:18

    Bonsoir
    Laisse tomber gmer pour le moment, on y reviendra si besoin.

    1

    analyse ce fichier stp:
    c:\program files\fichiers communs\adobe\switchboard\SwitchBoard.exe
    http://forum.malekal.com/virustotal-comment-scanner-fic...
    Le fichier aura déjà été analysé, mais passe outre, clique sur le bouton: Réanalyser le fichier maintenant. :) 
    Poste le rapport


    2


  • Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

    /!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\

  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
    (Sous Vista/Seven, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
  • Choisis la langue F pour français.
  • Au menu principal, choisis l'option Scanner.

    /!\ Laisse travailler l'outil /!\

  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
    /!\ Pense à réactiver ton antivirus /!\
    1 Février 2011 23:01:13

    Bonsoir, voici le résultat de virustotal :

    0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
    File name:
    SwitchBoard.exe
    Submission date:
    2011-02-01 21:57:40 (UTC)
    Current status:
    queued queued analysing finished
    Result:
    0/ 43 (0.0%)

    VT Community

    not reviewed
    Safety score: -
    Compact
    Print results
    Antivirus Version Last Update Result
    AhnLab-V3 2011.01.27.01 2011.01.27 -
    AntiVir 7.11.2.50 2011.02.01 -
    Antiy-AVL 2.0.3.7 2011.01.28 -
    Avast 4.8.1351.0 2011.02.01 -
    Avast5 5.0.677.0 2011.02.01 -
    AVG 10.0.0.1190 2011.02.01 -
    BitDefender 7.2 2011.02.01 -
    CAT-QuickHeal 11.00 2011.02.01 -
    ClamAV 0.96.4.0 2011.02.01 -
    Commtouch 5.2.11.5 2011.02.01 -
    Comodo 7559 2011.01.31 -
    DrWeb 5.0.2.03300 2011.02.01 -
    Emsisoft 5.1.0.2 2011.02.01 -
    eSafe 7.0.17.0 2011.02.01 -
    eTrust-Vet 36.1.8135 2011.02.01 -
    F-Prot 4.6.2.117 2011.02.01 -
    F-Secure 9.0.16160.0 2011.02.01 -
    Fortinet 4.2.254.0 2011.02.01 -
    GData 21 2011.02.01 -
    Ikarus T3.1.1.97.0 2011.02.01 -
    Jiangmin 13.0.900 2011.02.01 -
    K7AntiVirus 9.80.3713 2011.02.01 -
    Kaspersky 7.0.0.125 2011.02.01 -
    McAfee 5.400.0.1158 2011.02.01 -
    McAfee-GW-Edition 2010.1C 2011.02.01 -
    Microsoft 1.6502 2011.02.01 -
    NOD32 5838 2011.02.01 -
    Norman 6.06.12 2011.02.01 -
    nProtect 2011-01-27.01 2011.02.01 -
    Panda 10.0.3.5 2011.02.01 -
    PCTools 7.0.3.5 2011.01.31 -
    Prevx 3.0 2011.02.01 -
    Rising 23.43.01.08 2011.02.01 -
    Sophos 4.61.0 2011.02.01 -
    SUPERAntiSpyware 4.40.0.1006 2011.02.01 -
    Symantec 20101.3.0.103 2011.02.01 -
    TheHacker 6.7.0.1.122 2011.01.30 -
    TrendMicro 9.120.0.1004 2011.02.01 -
    TrendMicro-HouseCall 9.120.0.1004 2011.02.01 -
    VBA32 3.12.14.3 2011.02.01 -
    VIPRE 8278 2011.02.01 -
    ViRobot 2011.2.1.4285 2011.02.01 -
    VirusBuster 13.6.176.0 2011.02.01 -
    Additional information
    Show all
    MD5 : f577910a133a592234ebaad3f3afa258
    SHA1 : 679f13f7b14613f3ad93e7cbc04d1b5241741723
    SHA256: 36f514740ee2d2b2f7abfffa13d575233ec4ce774eb58bf889c09930fef1f443
    ssdeep: 12288:j2jNSbxRn9oWBwaF35vPbhCw0E9UCYAwb7rZo80:j25SbAajZ0E9Grq80
    File size : 517096 bytes
    First seen: 2010-05-01 07:50:07
    Last seen : 2011-02-01 21:57:40
    TrID:
    Win32 Executable MS Visual C++ (generic) (75.0%)
    Win32 Executable Generic (16.9%)
    Generic Win/DOS Executable (3.9%)
    DOS Executable Generic (3.9%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    sigcheck:
    publisher....: Adobe Systems Incorporated
    copyright....: (c) 2008-2009 Adobe Systems Incorporated. All Rights Reserved.
    product......: SBSV 2010/02/19-11:02:07
    description..: SwitchBoard Server (32 bit)
    original name: SwitchBoard.exe
    internal name: SwitchBoard
    file version.: 2.0.13.7486
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned
    PEInfo: PE structure information

    [[ basic data ]]
    entrypointaddress: 0x49573
    timedatestamp....: 0x4B7EF98F (Fri Feb 19 20:50:23 2010)
    machinetype......: 0x14c (I386)

    [[ 6 section(s) ]]
    name, viradd, virsiz, rawdsiz, ntropy, md5
    .text, 0x1000, 0x54211, 0x54400, 6.32, 7e3b55a1b10f520266223724c64a267d
    .rdata, 0x56000, 0x176A8, 0x17800, 5.29, a5990fbbecf39dcdb7390e2dd25bebe8
    .data, 0x6E000, 0x7998, 0x7000, 4.82, e3c5909f6d1e8f126c9239120497286e
    .tls, 0x76000, 0x2, 0x200, 0.00, bf619eac0cdf3f68d496ea9344137e8b
    .rsrc, 0x77000, 0x72C, 0x800, 4.68, 04994d3d027c1afe97fd8d18b66a73b8
    .reloc, 0x78000, 0x99C2, 0x9A00, 5.86, 122eb922e7813e6f094707a6d81e0169

    [[ 7 import(s) ]]
    KERNEL32.dll: LeaveCriticalSection, InterlockedExchange, GetLastError, EnterCriticalSection, InterlockedExchangeAdd, CreateIoCompletionPort, DeleteCriticalSection, TlsAlloc, TlsFree, FreeLibrary, GetModuleHandleW, LoadLibraryW, GetFileAttributesW, GetModuleFileNameW, SetLastError, GetProcAddress, GetModuleHandleA, OutputDebugStringA, GetVersion, CreateFileA, WriteFile, GetMailslotInfo, ReadFile, CreateMailslotA, GetCommandLineW, GetEnvironmentVariableW, FindFirstChangeNotificationW, InterlockedIncrement, InterlockedDecrement, FindCloseChangeNotification, TerminateThread, RaiseException, CreateEventW, PostQueuedCompletionStatus, FindNextChangeNotification, WaitForMultipleObjects, IsDebuggerPresent, CreateMutexA, ReleaseMutex, GetCurrentProcessId, CreateDirectoryW, CreateSemaphoreA, GetFileAttributesA, CreateFileW, GetCurrentDirectoryW, RemoveDirectoryW, GetFileTime, DeleteFileW, TlsGetValue, SetWaitableTimer, SystemTimeToFileTime, TlsSetValue, ResetEvent, Sleep, CreateWaitableTimerW, ResumeThread, FormatMessageA, LocalFree, GetLocaleInfoA, CreateProcessW, GetStdHandle, QueryPerformanceCounter, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetStartupInfoA, HeapFree, GetCurrentProcess, HeapAlloc, DuplicateHandle, ReleaseSemaphore, GetProcessHeap, GetTickCount, InitializeCriticalSection, InterlockedCompareExchange, GetQueuedCompletionStatus, SetEvent, WaitForSingleObject, CloseHandle, CreateEventA, GetCurrentThreadId, GetSystemTimeAsFileTime
    USER32.dll: ShowWindow, SystemParametersInfoW, GetWindowLongW, InvalidateRect, GetForegroundWindow, FindWindowA, AttachThreadInput, SetForegroundWindow, IsIconic, GetClassNameA, GetWindowThreadProcessId, DestroyWindow, GetMessageW, PostQuitMessage, RegisterWindowMessageW, EnumWindows, PostMessageW, DispatchMessageW, DefWindowProcW, RegisterClassW, CreateWindowExW, TranslateMessage
    ADVAPI32.dll: DeregisterEventSource, ReportEventA, GetUserNameA, CryptGetHashParam, CryptAcquireContextW, RegSetValueExA, RegQueryValueExA, CryptReleaseContext, RegCreateKeyExA, RegOpenKeyExA, CryptGenRandom, CryptCreateHash, CryptDestroyHash, RegCloseKey, CryptHashData, RegisterEventSourceA
    SHELL32.dll: SHGetPathFromIDListW, SHGetSpecialFolderLocation, ShellExecuteA, CommandLineToArgvW, SHGetSpecialFolderPathW, SHGetMalloc
    MSVCP90.dll: _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@V_$_String_const_iterator@DU_$char_traits@D@std@@V_$allocator@D@2@@2@0@Z, __0_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAE@XZ, _insert@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@IABV12@@Z, __5_$basic_istream@DU_$char_traits@D@std@@@std@@QAEAAV01@AAI@Z, _insert@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAE_AV_$_String_iterator@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@2@V_$_String_const_iterator@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@2@_W@Z, _assign@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z, _assign@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z, _append@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEAAV12@PB_W@Z, __Decref@facet@locale@std@@QAEPAV123@XZ, __$_8DU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBD@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, __$_MDU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, _clear@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXXZ, _rfind@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDII@Z, __1_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAE@XZ, __0_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAE@XZ, _substr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV12@II@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBD@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, _max@_$numeric_limits@_J@std@@SA_JXZ, _id@_$numpunct@D@std@@2V0locale@2@A, __$_8DU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, __$_9DU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, _id@_$ctype@D@std@@2V0locale@2@A, _npos@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@2IB, __1_Lockit@std@@QAE@XZ, __0_Lockit@std@@QAE@H@Z, _push_back@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEX_W@Z, _find_last_of@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QBEI_WI@Z, _find@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QBEI_WI@Z, __Getcat@_$numpunct@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z, _substr@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QBE_AV12@II@Z, _grouping@_$numpunct@D@std@@QBE_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@2@XZ, _thousands_sep@_$numpunct@D@std@@QBEDXZ, __Y_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEAAV01@_W@Z, _end@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAE_AV_$_String_iterator@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@2@XZ, _begin@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAE_AV_$_String_iterator@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@2@XZ, _clear@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEXXZ, __4_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z, __0_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAE@ABV01@@Z, __0_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAE@PB_W@Z, _push_back@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXD@Z, _end@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV_$_String_const_iterator@DU_$char_traits@D@std@@V_$allocator@D@2@@2@XZ, _end@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE_AV_$_String_iterator@DU_$char_traits@D@std@@V_$allocator@D@2@@2@XZ, _begin@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV_$_String_const_iterator@DU_$char_traits@D@std@@V_$allocator@D@2@@2@XZ, _begin@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE_AV_$_String_iterator@DU_$char_traits@D@std@@V_$allocator@D@2@@2@XZ, _erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@II@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z, __Getcat@_$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z, _tolower@_$ctype@D@std@@QBEDD@Z, __Getfacet@locale@std@@QBEPBVfacet@12@I@Z, __1locale@std@@QAE@XZ, __0locale@std@@QAE@XZ, __Incref@facet@locale@std@@QAEXXZ, __Bid@locale@std@@QAEIXZ, _swap@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXAAV12@@Z, _get@_$basic_istream@DU_$char_traits@D@std@@@std@@QAEHXZ, __5_$basic_istream@DU_$char_traits@D@std@@@std@@QAEAAV01@AAN@Z, __0_$basic_istream@DU_$char_traits@D@std@@@std@@QAE@PAV_$basic_streambuf@DU_$char_traits@D@std@@@1@_N@Z, __0_$basic_streambuf@DU_$char_traits@D@std@@@std@@IAE@XZ, ___D_$basic_istream@DU_$char_traits@D@std@@@std@@QAEXXZ, _imbue@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z, _sync@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEHXZ, _setbuf@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEPAV12@PADH@Z, _seekpos@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAE_AV_$fpos@H@2@V32@H@Z, _seekoff@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAE_AV_$fpos@H@2@JHH@Z, _xsputn@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEHPBDH@Z, __Xsgetn_s@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEHPADIH@Z, _xsgetn@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEHPADH@Z, _uflow@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEHXZ, _underflow@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEHXZ, _showmanyc@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEHXZ, _pbackfail@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEHH@Z, _overflow@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEHH@Z, __1_$basic_streambuf@DU_$char_traits@D@std@@@std@@UAE@XZ, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@V_$_String_const_iterator@DU_$char_traits@D@std@@V_$allocator@D@2@@2@0@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@D@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIDI@Z, _reserve@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXI@Z, _insert@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@IPBD@Z, __5_$basic_istream@DU_$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z, _setw@std@@YA_AU_$_Smanip@H@1@H@Z, __$_9DU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBD@Z, __$_HDU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@0@Z, __$_HDU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@D@Z, _uncaught_exception@std@@YA_NXZ, _replace@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@V_$_String_const_iterator@DU_$char_traits@D@std@@V_$allocator@D@2@@2@0ABV12@@Z, __5_$basic_istream@DU_$char_traits@D@std@@@std@@QAEAAV01@AAK@Z, _str@_$basic_ostringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@2@XZ, __0_$basic_ostringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@H@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@_J@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@J@Z, _sputn@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEHPBDH@Z, _widen@_$basic_ios@DU_$char_traits@D@std@@@std@@QBEDD@Z, __Osfx@_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEXXZ, __Lock@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEXXZ, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@G@Z, __Unlock@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEXXZ, _sputc@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEHD@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@IAEX_NI@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ID@Z, ___D_$basic_ostringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXXZ, _flush@_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV12@XZ, _setstate@_$basic_ios@DU_$char_traits@D@std@@@std@@QAEXH_N@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDI@Z, _copy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPADII@Z, _toupper@_$ctype@D@std@@QBEDD@Z, _open@_$basic_ofstream@DU_$char_traits@D@std@@@std@@QAEXPB_WHH@Z, __0_$basic_ofstream@DU_$char_traits@D@std@@@std@@QAE@XZ, _close@_$basic_ofstream@DU_$char_traits@D@std@@@std@@QAEXXZ, __0_$basic_ios@DU_$char_traits@D@std@@@std@@IAE@XZ, __1_$basic_ofstream@DU_$char_traits@D@std@@@std@@UAE@XZ, __1_$basic_ios@DU_$char_traits@D@std@@@std@@UAE@XZ, __$_6DU_$char_traits@D@std@@V_$allocator@D@1@@std@@YAAAV_$basic_ostream@DU_$char_traits@D@std@@@0@AAV10@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@@Z, __0_$basic_ofstream@DU_$char_traits@D@std@@@std@@QAE@PB_WHH@Z, _open@_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAEXPB_WHH@Z, __0_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAE@PB_WHH@Z, _sbumpc@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEHXZ, _close@_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAEXXZ, __1_$basic_ifstream@DU_$char_traits@D@std@@@std@@UAE@XZ, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z, _sgetc@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEHXZ, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIABV12@I@Z, _at@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAADI@Z, _replace@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@IIPBD@Z, _endl@std@@YAAAV_$basic_ostream@DU_$char_traits@D@std@@@1@AAV21@@Z, __4_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEAAV01@PB_W@Z, _reserve@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEXI@Z, _end@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QBE_AV_$_String_const_iterator@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@2@XZ, _begin@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QBE_AV_$_String_const_iterator@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@2@XZ, _at@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEABDI@Z
    MSVCR90.dll: fprintf, _CxxThrowException, memset, _controlfp_s, _invoke_watson, __type_info_dtor_internal_method@type_info@@QAEXXZ, _except_handler4_common, _crt_debugger_hook, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _configthreadlocale, _initterm_e, _initterm, _acmdln, exit, _ismbblead, _XcptFilter, _exit, _cexit, __getmainargs, _amsg_exit, _what@exception@std@@UBEPBDXZ, __1exception@std@@UAE@XZ, __0exception@std@@QAE@XZ, __0exception@std@@QAE@ABQBD@Z, __0exception@std@@QAE@ABQBDH@Z, __0exception@std@@QAE@ABV01@@Z, __RTtypeid, _purecall, __3@YAXPAX@Z, __2@YAPAXI@Z, __1bad_cast@std@@UAE@XZ, __0bad_cast@std@@QAE@PBD@Z, __0bad_cast@std@@QAE@ABV01@@Z, strchr, _gmtime64, __8type_info@@QBE_NABV0@@Z, _localtime64, atof, strrchr, memmove_s, _time64, isspace, ___V@YAXPAX@Z, _beginthreadex, _terminate@@YAXXZ, strerror, isdigit, isxdigit, strncpy, ispunct, __iob_func, memcpy, wcscpy_s, abort, __name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z, _unlock, __dllonexit, _encode_pointer, _lock, _onexit, _decode_pointer, __CxxFrameHandler3
    WS2_32.dll: -, -, -, freeaddrinfo, -, -, -, WSASocketW, getaddrinfo, WSARecv, WSASend, -, -, -, -, -, -

    [[ 1 export(s) ]]
    __4_Init_locks@std@@QAEAAV01@ABV01@@Z
    ExifTool:
    file metadata
    BinType: 32
    BuildDate: 2010/02/19-11:02:07
    BuildID: 7486
    BuildVersion: 61.421671
    CharacterSet: Windows, Latin1
    CodeSize: 345088
    CompanyName: Adobe Systems Incorporated
    EntryPoint: 0x49573
    FileDescription: SwitchBoard Server (32 bit)
    FileFlagsMask: 0x003f
    FileOS: Windows NT 32-bit
    FileSize: 505 kB
    FileSubtype: 0
    FileType: Win32 EXE
    FileVersion: 2.0.13.7486
    FileVersionNumber: 2.0.13.7486
    ImageVersion: 0.0
    InitializedDataSize: 166912
    InternalName: SwitchBoard
    LanguageCode: English (U.S.)
    LegalCopyright: 2008-2009 Adobe Systems Incorporated. All Rights Reserved.
    LinkerVersion: 9.0
    MIMEType: application/octet-stream
    MachineType: Intel 386 or later, and compatibles
    OSVersion: 5.0
    ObjectFileType: Executable application
    OriginalFilename: SwitchBoard.exe
    PEType: PE32
    ProductName: SBSV 2010/02/19-11:02:07
    ProductVersion: 61.421671
    ProductVersionNumber: 2.0.13.7486
    Subsystem: Windows GUI
    SubsystemVersion: 5.0
    TimeStamp: 2010:02:19 21:50:23+01:00
    UninitializedDataSize: 0

    ======= RAPPORT D'AD-REMOVER 2.0.0.2,D | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 29/01/11 à 16:00
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 22:50:08 le 01/02/2011, Mode normal

    Microsoft Windows XP Professionnel Service Pack 3 (X86)
    Administrateur@SWEET-864E2CD1F ( )

    ============== RECHERCHE ==============


    Fichier trouvé: C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
    Fichier trouvé: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
    Fichier trouvé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\searchplugins\askcom.xml
    Dossier trouvé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\conduit
    Fichier trouvé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\searchplugins\conduit.xml
    Dossier trouvé: C:\Program Files\Ask.com
    Dossier trouvé: C:\Program Files\Conduit
    Dossier trouvé: C:\Program Files\Application Updater

    -- Fichier ouvert: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\Prefs.js --
    Ligne trouvée: user_pref("browser.search.defaultengine", "Ask.com");
    Ligne trouvée: user_pref("browser.search.defaultenginename", "Ask.com");
    Ligne trouvée: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2207610&Sea...
    Ligne trouvée: user_pref("browser.search.order.1", "Ask.com");
    Ligne trouvée: user_pref("extensions.asktb.cbid", "U9");
    Ligne trouvée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://fr.ask.com/web?q={query}&qsrc={qsrc}&...
    Ligne trouvée: user_pref("extensions.asktb.dtid", "YYYYYYYYFR");
    Ligne trouvée: user_pref("extensions.asktb.fresh-install", false);
    Ligne trouvée: user_pref("extensions.asktb.l", "dis");
    Ligne trouvée: user_pref("extensions.asktb.last-config-req", "1292063411524");
    Ligne trouvée: user_pref("extensions.asktb.locale", "fr_FR");
    Ligne trouvée: user_pref("extensions.asktb.o", "15012");
    Ligne trouvée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
    Ligne trouvée: user_pref("extensions.asktb.qsrc", "2871");
    Ligne trouvée: user_pref("extensions.asktb.r", "4");
    Ligne trouvée: user_pref("extensions.snipit.askTbInstalled", true);
    -- Fichier Fermé --


    Clé trouvée: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé trouvée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Clé trouvée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Clé trouvée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
    Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
    Clé trouvée: HKLM\Software\Classes\Toolbar.CT2207610
    Clé trouvée: HKLM\Software\Classes\Toolbar.CT2720081
    Clé trouvée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
    Clé trouvée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Clé trouvée: HKLM\Software\Application Updater
    Clé trouvée: HKLM\Software\Conduit
    Clé trouvée: HKCU\Software\Ask.com
    Clé trouvée: HKCU\Software\AskToolbar
    Clé trouvée: HKCU\Software\Conduit
    Clé trouvée: HKCU\Software\Grand Virtual
    Clé trouvée: HKCU\Software\AppDataLow\AskBarDis
    Clé trouvée: HKCU\Software\AppDataLow\AskHomePage
    Clé trouvée: HKLM\Software\Classes\Installer\Products\96DC878CBD58B624183A7E1157AABE19
    Clé trouvée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Clé trouvée: HKLM\Software\Classes\Installer\Products\D82C50F59AED6DA47AA360145789E8BA
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\96DC878CBD58B624183A7E1157AABE19
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\D82C50F59AED6DA47AA360145789E8BA
    Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
    Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F05C28D-DEA9-4AD6-A73A-064175988EAB}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C878CD69-85DB-426B-81A3-E71175AAEB91}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}

    Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
    Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}


    ============== SCAN ADDITIONNEL ==============

    ** Mozilla Firefox Version [3.6.13 (fr)] **

    -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\User.js --
    keyword.URL, hxxp://redirecterror.sfr.fr/?q=

    -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\Prefs.js --
    browser.download.lastDir, C:\\Documents and Settings\\Administrateur\\Mes documents
    browser.search.defaultenginename, Ask.com
    browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2207610&SearchSource=3&q={searchTerms}
    browser.search.selectedEngine, Softonic France FF Customized Web Search
    browser.startup.homepage, hxxp://www.google.fr/
    browser.startup.homepage_override.mstone, rv:1.9.2.13
    keyword.URL, hxxp://redirecterror.sfr.fr/?q=

    ========================================

    ** Internet Explorer Version [8.0.6001.18702] **

    [HKCU\Software\Microsoft\Internet Explorer\Main]
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.durable.com/recherche
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search bar: hxxp://g.msn.fr/0SEFRFR/SAOS02
    Search Page: hxxp://home.microsoft.com/access/allinone.asp
    Show_ToolBar: yes
    Start Page: hxxp://www.sfr.fr/kit/adsl/
    Use Search Asst: no

    [HKLM\Software\Microsoft\Internet Explorer\Main]
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.durable.com/recherche
    Start Page: hxxp://www.durable.com/recherche

    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    Tabs: hxxp://gg.blogpear.com/vscript/newTB.psc?&ub=_|0U0I0DzutDtDtCzyyB0DyCtDtB0AyDzytN0P1C0S1Czu0V0D0C0VtN0C0H0Nzu0S0R0C0Hzx0N1P2W0T0BtN0B0N0Dzu0B0B0N1VtCtAtDyDyEtN0C0Dzu0P0R0EtN0L0N0Tzu1M2Z2Z1EzxtEtE2W2W2WtF1Q2Y1C1T1S1I1PtF1R1F1HtE1C1P1R1M1P1C1R1M1P|_&cr=1468664891
    Blank: res://mshtml.dll/blank.htm

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

    C:\Ad-Report-SCAN[1].txt - 01/02/2011 (6160 Octet(s))

    Fin à: 22:51:00, 01/02/2011

    ============== E.O.F ==============
    2 Février 2011 10:35:17

    Bonjour

    /!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\

  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
    (Sous Vista/Seven, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
  • Choisis la langue F pour français.
  • Au menu principal, choisis l'option Nettoyer.

    /!\ Laisse travailler l'outil /!\

  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
    /!\ Pense à réactiver ton antivirus /!\

    +++++++++++++++++++++++++
    2 Février 2011 13:06:56

    ======= RAPPORT D'AD-REMOVER 2.0.0.2,D | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 29/01/11 à 16:00
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 12:57:21 le 02/02/2011, Mode normal

    Microsoft Windows XP Professionnel Service Pack 3 (X86)
    Administrateur@SWEET-864E2CD1F ( )

    ============== ACTION(S) ==============


    Fichier supprimé: C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
    Fichier supprimé: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
    Fichier supprimé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\searchplugins\askcom.xml
    Dossier supprimé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\conduit
    Fichier supprimé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\searchplugins\conduit.xml
    Dossier supprimé: C:\Program Files\Ask.com
    Dossier supprimé: C:\Program Files\Conduit
    Dossier supprimé: C:\Program Files\Application Updater

    (!) -- Fichiers temporaires supprimés.


    -- Fichier ouvert: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\Prefs.js --
    /!\ Impossible d'ouvrir le fichier, nettoyage interrompu /!\
    -- Fichier Fermé --


    Clé supprimée: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé supprimée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Clé supprimée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Clé supprimée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
    Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
    Clé supprimée: HKLM\Software\Classes\Toolbar.CT2207610
    Clé supprimée: HKLM\Software\Classes\Toolbar.CT2720081
    Clé supprimée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
    Clé supprimée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Clé supprimée: HKLM\Software\Application Updater
    Clé supprimée: HKLM\Software\Conduit
    Clé supprimée: HKCU\Software\Ask.com
    Clé supprimée: HKCU\Software\AskToolbar
    Clé supprimée: HKCU\Software\Conduit
    Clé supprimée: HKCU\Software\Grand Virtual
    Clé supprimée: HKCU\Software\AppDataLow\AskBarDis
    Clé supprimée: HKCU\Software\AppDataLow\AskHomePage
    Clé supprimée: HKLM\Software\Classes\Installer\Products\96DC878CBD58B624183A7E1157AABE19
    Clé supprimée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Clé supprimée: HKLM\Software\Classes\Installer\Products\D82C50F59AED6DA47AA360145789E8BA
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\96DC878CBD58B624183A7E1157AABE19
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\D82C50F59AED6DA47AA360145789E8BA
    Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
    Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F05C28D-DEA9-4AD6-A73A-064175988EAB}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C878CD69-85DB-426B-81A3-E71175AAEB91}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}

    Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
    Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}


    ============== SCAN ADDITIONNEL ==============

    ** Mozilla Firefox Version [3.6.13 (fr)] **

    -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\User.js --
    keyword.URL, hxxp://redirecterror.sfr.fr/?q=

    -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\mteietq8.default\Prefs.js --
    browser.download.lastDir, C:\\Documents and Settings\\Administrateur\\Mes documents
    browser.search.defaultenginename, Ask.com
    browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2207610&SearchSource=3&q={searchTerms}
    browser.search.selectedEngine, Softonic France FF Customized Web Search
    browser.startup.homepage, hxxp://www.google.fr/
    browser.startup.homepage_override.mstone, rv:1.9.2.13
    keyword.URL, hxxp://redirecterror.sfr.fr/?q=

    ========================================

    ** Internet Explorer Version [8.0.6001.18702] **

    [HKCU\Software\Microsoft\Internet Explorer\Main]
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    Use Search Asst: no

    [HKLM\Software\Microsoft\Internet Explorer\Main]
    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/

    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 32 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 02/02/2011 (1425 Octet(s))
    C:\Ad-Report-SCAN[1].txt - 01/02/2011 (8395 Octet(s))

    Fin à: 12:58:21, 02/02/2011

    ============== E.O.F ==============
    2 Février 2011 14:04:49

    re

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs : Combofix
    Sauvegarde-le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    <@_@>


    2 Février 2011 15:53:13

    Re,

    le logiciel a planté après la 50ème étape et j'ai eu l'écran bleu "de la mort" ; je suis désolé mais j'ose pas recommencer.
    2 Février 2011 21:04:47

    Bonsoir
    vois si tu as le rapport:
    C:\Combofix.txt
    3 Février 2011 12:09:56

    Bah non, il n'y en a pas.
    3 Février 2011 20:41:55

    re
    bon, pas la peine de te faire utiliser 30 000 outils, on va faire autrement...

    Télécharge OTLPENet.
    Prépare un CD vierge et lance OTLPENet, cela va te permettre de graver une image iso.
    Note : Le CD gravé, il faut maintenant redémarrer la machine sur le lecteur CDROM
    Pour se faire suivre ce lien : Booter sur un CD.
    Tuto OTLPE

    Tu lances l'iso d'OTLPENet que tu as gravé.
  • une fois le bureau de reatogo chargé , tu lances OTLPE , l'icône jaune

  • Double-clique sur l'icone OTLPE
  • quand demandé "Do you wish to load the remote registry", select Yes
  • quand demandé "Do you wish to load remote user profile(s) for scanning", select Yes
  • vérifier que "Automatically Load All Remaining Users" est sélectionné et press OK



  • sous Custom Scan box
    1 copie_colle le contenu du cadre ci dessous:


    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    userinit.exe
    winlogon.exe
    wininit.exe
    csrss.exe
    smss.exe
    svchost.exe
    services.exe
    spoolsv.exe
    alg.exe
    ctfmon.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    i8042prt.sys
    cdrom.sys
    disk.sys
    ndis.sys
    tcpip.sys
    mountmgr.sys
    aec.sys
    rasacd.sys
    redbook.sys
    ipsec.sys
    mrxsmb10.sys
    mrxsmb20.sys
    termdd.sys
    mrxsmb.sys
    win32k.sys
    storport.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav


  • copie colle ce texte dans un fichier texte|bloc note que tu enregistres sur clé usb que tu brancheras sous reatogo tu pourras alors facilement le copier\coller.
  • 2 Clic Run Scan pour démarrer le scan.
  • Une fois terminé , le fichier se trouve là C:\OTL.txt
  • Copie_colle le contenu dans ta prochaine réponse.

    4 Février 2011 21:56:37

    Le voilà :


    OTL logfile created on: 2/4/2011 12:33:35 PM - Run
    OTLPE by OldTimer - Version 3.1.44.2 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    894.00 Mb Total Physical Memory | 654.00 Mb Available Physical Memory | 73.00% Memory free
    806.00 Mb Paging File | 692.00 Mb Available in Paging File | 86.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.04 Gb Total Space | 45.42 Gb Free Space | 30.47% Space Free | Partition Type: NTFS
    Drive D: | 963.70 Mb Total Space | 940.00 Mb Free Space | 97.54% Space Free | Partition Type: FAT
    Drive X: | 436.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - [2011/01/06 12:34:11 | 003,129,432 | ---- | M] () [Auto] -- C:\Program Files\Fichiers communs\Akamai\netsession_win_dbc0250.dll -- (Akamai)
    SRV - [2010/06/14 08:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2010/02/19 06:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2010/01/15 04:50:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/08/25 06:53:07 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2009/07/24 18:39:13 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2009/04/07 03:39:44 | 000,233,472 | ---- | M] (Teruten) [Auto] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
    SRV - [2008/11/07 11:55:30 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
    SRV - [2008/11/03 19:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
    SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
    SRV - [2005/06/15 07:00:40 | 000,049,152 | ---- | M] (M-Audio) [Auto] -- C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe -- (MobilePreInstallerService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (i2omgmt)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand] -- -- (catchme)
    DRV - [2010/02/26 07:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2010/02/26 07:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2010/02/26 07:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2010/02/26 07:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2009/12/11 05:36:44 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2009/07/24 18:39:13 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2009/04/07 03:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2009/03/30 03:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2009/02/13 05:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2008/08/26 03:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2008/08/14 01:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
    DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
    DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/02/22 09:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2008/02/22 09:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2008/02/22 09:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV - [2007/11/02 18:12:32 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
    DRV - [2007/08/21 21:07:39 | 002,417,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2007/05/10 04:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2007/03/16 08:59:40 | 000,054,272 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
    DRV - [2007/01/30 12:12:06 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2006/09/07 12:19:22 | 000,004,096 | ---- | M] () [Kernel | Unavailable] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
    DRV - [2006/08/27 12:40:54 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2006/06/18 22:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2005/11/09 10:00:12 | 000,032,000 | ---- | M] (M-Audio) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MA763004.sys -- (ma763004)
    DRV - [2004/11/22 10:36:40 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
    DRV - [2004/11/22 10:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
    DRV - [2004/08/22 10:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt)
    DRV - [2004/08/22 10:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com/ [binary data]
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

    IE - HKU\Administrateur_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\Administrateur_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Durable.com
    IE - HKU\Administrateur_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.durable.com/result?cx=partner-pub-7902900401...{searchTerms}
    IE - HKU\Administrateur_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKU\Administrateur_ON_C\..\URLSearchHook: {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSoft.dll (Conduit Ltd.)
    IE - HKU\Administrateur_ON_C\..\URLSearchHook: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\Babylon-English\tbBaby.dll (Conduit Ltd.)
    IE - HKU\Administrateur_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\Administrateur_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

    IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.defaultthis.engineName: "Softonic France FF Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT220761...{searchTerms}"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
    FF - prefs.js..browser.search.selectedEngine: "Softonic France FF Customized Web Search"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: toolbar@waltershop.com:1.0
    FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
    FF - prefs.js..keyword.URL: "http://redirecterror.sfr.fr/?q="

    FF - user.js..keyword.URL: "http://redirecterror.sfr.fr/?q="

    FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/07/18 10:17:27 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/02 06:58:04 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/25 06:17:10 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2008/12/03 14:44:35 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

    [2008/12/23 15:59:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions
    [2011/02/03 16:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions
    [2010/10/05 04:54:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/06/03 14:39:09 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    [2008/12/23 16:00:28 | 000,000,000 | ---D | M] (TorrentBar) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{7b821b0e-b102-4f9b-b6e3-433ede1fe379}
    [2010/12/12 14:51:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/10/05 04:54:25 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2008/01/19 17:51:33 | 000,000,000 | ---D | M] (Snap Links) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\snaplinks@snaplinks.net
    [2007/06/17 18:44:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\TEMP
    [2010/04/10 05:15:48 | 000,000,000 | ---D | M] (WalterShop) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\toolbar@waltershop.com
    [2007/06/17 18:44:27 | 000,000,000 | ---D | M] ("VideoDownloader") -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\videodowloader@videodownloader.net
    [2011/02/03 16:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/01/25 17:35:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2010/07/18 10:17:27 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
    [2009/11/04 11:29:41 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
    [2010/09/19 16:19:51 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
    [2010/09/03 11:43:40 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
    [2010/09/19 16:19:51 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2010/09/19 16:19:51 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
    [2010/01/25 17:38:43 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
    [2010/01/25 17:38:43 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml
    [2010/09/19 16:19:52 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
    [2010/09/19 16:19:52 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2008/12/03 14:58:16 | 000,000,851 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.newsleecher.com
    O1 - Hosts: 127.0.0.1 newsleecher.com
    O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (Softonic France FF Toolbar) - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSoft.dll (Conduit Ltd.)
    O2 - BHO: (Babylon-English Toolbar) - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\Babylon-English\tbBaby.dll (Conduit Ltd.)
    O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
    O3 - HKLM\..\Toolbar: (Softonic France FF Toolbar) - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSoft.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Babylon-English Toolbar) - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\Babylon-English\tbBaby.dll (Conduit Ltd.)
    O3 - HKU\Administrateur_ON_C\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O3 - HKU\Administrateur_ON_C\..\Toolbar\WebBrowser: (Babylon-English Toolbar) - {CE18769B-C7FA-42D2-860D-17C4662C70AD} - C:\Program Files\Babylon-English\tbBaby.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Fichiers communs\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Fichiers communs\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
    O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
    O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (M-Audio, an Avid Technology, Inc. company)
    O4 - HKLM..\Run: [NPSStartup] File not found
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [UnlockerAssistant] File not found
    O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
    O4 - HKU\Administrateur_ON_C..\Run: [] File not found
    O4 - HKU\Administrateur_ON_C..\Run: [AdobeBridge] File not found
    O4 - HKU\Administrateur_ON_C..\Run: [Connexion SFR 9props.exe] C:\Program Files\SFR\Kit\9props.exe (SFR)
    O4 - HKU\Administrateur_ON_C..\Run: [WinMover] C:\Program Files\WinMover\WinMover.exe (Andreas Eliasson (EliasAE))
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\Administrateur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\Administrateur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
    O7 - HKU\Administrateur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKU\Administrateur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sourc... (BDSCANONLINE Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/12/03 14:37:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found


    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PEVSystemStart - Service
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: procexp90.Sys - Driver
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vds - Service
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PEVSystemStart - Service
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: procexp90.Sys - Driver
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vga.sys - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:o E /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
    ActiveX: {50763F13-6745-312D-E1A0-6FD8E5B55821} - NetShow
    ActiveX: {50B53F60-D32E-F88A-65D8-E0164435ED3B} - DirectX
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player 11
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {EEDFB465-54CB-5F42-B067-7251952445BE} - Internet Explorer
    ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{3f387d3b-14d7-4b82-afc1-3191b78aa943} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
    ActiveX: >{CB58DED6-4AF3-4080-9DF1-DEE72075169F} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    Drivers32: MSACM.CEGSM - mobilev.acm File not found
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: VIDC.ACDV - ACDV.dll File not found
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.mjpg - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/02/02 09:38:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/02/02 09:34:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/02/02 09:34:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/02/02 09:34:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/02/02 09:34:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/02/02 09:34:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/02/02 09:34:42 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2011/02/02 09:33:35 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/02/01 16:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
    [2011/01/27 13:06:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Mes documents\My NPS Files
    [2011/01/27 12:39:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2011/01/25 06:15:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2011/01/18 17:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\SFR
    [2011/01/13 19:13:33 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbc32.dll
    [2011/01/13 19:13:32 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
    [2011/01/13 19:13:32 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
    [2011/01/13 19:13:32 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
    [2011/01/13 19:13:32 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
    [2011/01/13 19:13:32 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
    [2011/01/13 19:13:32 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
    [2011/01/13 19:13:32 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
    [2011/01/13 19:13:32 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
    [2011/01/13 19:13:32 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
    [2011/01/13 19:13:32 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb
    [2008/12/03 15:00:47 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
    [2008/12/03 15:00:47 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\system32\config\systemprofile\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/02/04 04:56:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/02/04 04:49:35 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
    [2011/02/04 04:47:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/02/03 18:35:29 | 000,001,025 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Raccourci vers OTLPENet.exe.lnk
    [2011/02/02 14:02:51 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
    [2011/02/02 14:02:51 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
    [2011/02/02 09:38:10 | 000,000,328 | RHS- | M] () -- C:\boot.ini
    [2011/02/02 09:31:04 | 000,001,025 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Raccourci vers ComboFix.exe.lnk
    [2011/02/01 16:50:07 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\AD-R.lnk
    [2011/02/01 16:47:53 | 000,001,001 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Raccourci vers AD-R.exe.lnk
    [2011/01/30 11:14:08 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\doc fait par moi- indemnisation journalière ASSEDICS JANVIER 2011.doc
    [2011/01/30 10:59:14 | 000,002,575 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Microsoft Office Word 2007.lnk
    [2011/01/27 12:32:07 | 000,001,025 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Raccourci vers evj383q2.exe.lnk
    [2011/01/27 12:25:02 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Raccourci vers dds.scr.lnk
    [2011/01/27 07:16:26 | 000,011,358 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\SET LIVE SESSION 27 JANVIER.docx
    [2011/01/27 07:16:11 | 000,013,525 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\SET A KIND OF COLOUR 27 JANVIER.docx
    [2011/01/26 07:48:07 | 000,011,558 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\SET LS DEXIA 27JANVIER.docx
    [2011/01/17 15:23:55 | 004,656,459 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Disque KIND PURPLE OK.pdf.jpg.pdf
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\system32\config\systemprofile\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/02/03 18:35:29 | 000,001,025 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Raccourci vers OTLPENet.exe.lnk
    [2011/02/02 14:02:51 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
    [2011/02/02 14:02:51 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
    [2011/02/02 09:38:10 | 000,000,212 | ---- | C] () -- C:\Boot.bak
    [2011/02/02 09:38:06 | 000,263,488 | RHS- | C] () -- C:\cmldr
    [2011/02/02 09:34:51 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/02/02 09:34:50 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/02/02 09:34:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/02/02 09:34:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/02/02 09:34:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/02/02 09:31:04 | 000,001,025 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Raccourci vers ComboFix.exe.lnk
    [2011/02/01 16:50:07 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\AD-R.lnk
    [2011/02/01 16:47:53 | 000,001,001 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Raccourci vers AD-R.exe.lnk
    [2011/01/30 11:14:07 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\doc fait par moi- indemnisation journalière ASSEDICS JANVIER 2011.doc
    [2011/01/27 12:32:07 | 000,001,025 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Raccourci vers evj383q2.exe.lnk
    [2011/01/27 12:25:02 | 000,000,994 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Raccourci vers dds.scr.lnk
    [2011/01/27 07:16:25 | 000,011,358 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\SET LIVE SESSION 27 JANVIER.docx
    [2011/01/27 07:16:10 | 000,013,525 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\SET A KIND OF COLOUR 27 JANVIER.docx
    [2011/01/26 07:48:07 | 000,011,558 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\SET LS DEXIA 27JANVIER.docx
    [2011/01/17 15:21:13 | 004,656,459 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Disque KIND PURPLE OK.pdf.jpg.pdf
    [2010/10/06 05:41:47 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\Administrateur\.recently-used.xbel
    [2010/10/06 04:29:18 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
    [2009/12/17 09:47:26 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
    [2009/12/17 09:47:26 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
    [2009/10/28 08:29:40 | 000,000,940 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
    [2009/05/07 20:08:22 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2009/01/24 08:48:42 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
    [2009/01/17 13:42:00 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS74.DLL
    [2009/01/11 13:22:45 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\$_hpcst$.hpc
    [2009/01/11 08:18:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2008/12/30 18:18:05 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
    [2008/12/30 18:18:03 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2008/12/20 14:07:07 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/12/08 06:58:27 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2008/12/03 18:43:40 | 000,663,552 | ---- | C] () -- C:\WINDOWS\System32\libeay32_1-1-0_DDR.dll
    [2008/12/03 18:43:40 | 000,532,594 | ---- | C] () -- C:\WINDOWS\System32\xerces-c_1_40_0_DDR.dll
    [2008/12/03 18:43:40 | 000,524,377 | ---- | C] () -- C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
    [2008/12/03 18:43:40 | 000,307,329 | ---- | C] () -- C:\WINDOWS\System32\BJBase_2-2-2_DDR.dll
    [2008/12/03 18:43:40 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32_1-1-0_DDR.dll
    [2008/12/03 15:23:20 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2007/10/25 11:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2007/01/25 18:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
    [2007/01/25 18:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
    [2004/08/22 11:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll

    ========== LOP Check ==========

    [2010/01/13 05:41:18 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Application Updater
    [2009/06/30 08:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Ableton
    [2009/06/10 09:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ACD Systems
    [2008/12/30 18:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Canneverbe_Limited
    [2008/12/03 14:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\EliasAE
    [2008/12/03 14:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\FlashFXP
    [2010/10/06 05:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\gtk-2.0
    [2009/02/22 13:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\NewsLeecher
    [2010/07/18 10:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Nokia
    [2008/12/03 14:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Notepad++
    [2010/03/24 09:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\OpenCandy
    [2010/07/18 10:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\PC Suite
    [2010/01/08 07:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\PhotoFiltre
    [2009/12/17 09:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Samsung
    [2010/09/24 11:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2008/12/03 15:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Thunderbird
    [2010/03/24 09:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Uniblue
    [2008/12/31 13:11:08 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    [2011/02/04 04:49:35 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

    Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

    Invalid Environment Variable: %APPDATA%\*.

    Invalid Environment Variable: %APPDATA%\*.exe

    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AEC.SYS >
    [2008/12/26 11:59:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:aec.sys
    [2008/12/26 11:59:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:aec.sys
    [2006/02/14 19:22:26 | 000,142,464 | ---- | M] (Microsoft Corporation) MD5=1EE7B434BA961EF845DE136224C30FEC -- C:\WINDOWS\$NtServicePackUninstall$\aec.sys
    [2008/04/13 11:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\ServicePackFiles\i386\aec.sys
    [2008/04/13 11:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\system32\drivers\aec.sys

    < MD5 for: AGP440.SYS >
    [2008/12/26 11:59:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2008/12/26 11:59:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

    < MD5 for: ALG.EXE >
    [2004/08/03 22:54:50 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=2FE681D10C5FC343DBBC0610B8DD4D24 -- C:\WINDOWS\$NtServicePackUninstall$\alg.exe
    [2008/04/13 21:33:53 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=5E9A6658A2A69AE7EB195113B7A2E7A9 -- C:\WINDOWS\ServicePackFiles\i386\alg.exe
    [2008/04/13 21:33:53 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=5E9A6658A2A69AE7EB195113B7A2E7A9 -- C:\WINDOWS\system32\alg.exe

    < MD5 for: ATAPI.SYS >
    [2008/12/26 11:59:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2008/12/26 11:59:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

    < MD5 for: CDROM.SYS >
    [2008/12/26 11:59:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
    [2008/12/26 11:59:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
    [2008/04/13 13:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
    [2008/04/13 13:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
    [2008/01/14 12:18:06 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=9D5495B4F238B732B593F27C922DEB50 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

    < MD5 for: CSRSS.EXE >
    [2004/08/03 22:54:50 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=78C1F1278CF2C9B476504C572CB98E5E -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
    [2008/04/13 21:33:59 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=E0E8A531CFCE1C2E5D79F683282C10C3 -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
    [2008/04/13 21:33:59 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=E0E8A531CFCE1C2E5D79F683282C10C3 -- C:\WINDOWS\system32\csrss.exe

    < MD5 for: CTFMON.EXE >
    [2008/04/13 21:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
    [2008/04/13 21:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe
    [2008/02/03 05:08:23 | 000,040,960 | ---- | M] (Microsoft Corporation) MD5=D91EE13BFFBBDC87E59FCC101247D1F5 -- C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe

    < MD5 for: DISK.SYS >
    [2008/12/26 11:59:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:D isk.sys
    [2008/12/26 11:59:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:D isk.sys
    [2004/08/03 20:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
    [2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
    [2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

    < MD5 for: EVENTLOG.DLL >
    [2004/08/03 22:54:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
    [2008/04/13 21:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/13 21:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

    < MD5 for: EXPLORER.EXE >
    [2008/02/03 05:08:36 | 001,573,376 | ---- | M] (Microsoft Corporation) MD5=BAA0E1B7DA39D7BFCB2E0306B3E98EC1 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    [2008/04/13 21:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
    [2008/04/13 21:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

    < MD5 for: I8042PRT.SYS >
    [2008/12/26 11:59:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:i8042prt.sys
    [2008/12/26 11:59:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:i8042prt.sys
    [2008/04/13 21:00:52 | 000,054,144 | ---- | M] (Microsoft Corporation) MD5=A09BDC4ED10E3B2E0EC27BB94AF32516 -- C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys
    [2008/04/13 21:00:52 | 000,054,144 | ---- | M] (Microsoft Corporation) MD5=A09BDC4ED10E3B2E0EC27BB94AF32516 -- C:\WINDOWS\system32\drivers\i8042prt.sys
    [2004/08/03 22:41:24 | 000,054,400 | ---- | M] (Microsoft Corporation) MD5=D1EFCBD693B5BA21314D06368C471070 -- C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys

    < MD5 for: IPSEC.SYS >
    [2008/04/13 14:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
    [2008/04/13 14:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
    [2004/08/03 21:14:30 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

    < MD5 for: MOUNTMGR.SYS >
    [2004/08/03 20:58:32 | 000,042,240 | ---- | M] (Microsoft Corporation) MD5=65653F3B4477F3C63E68A9659F85EE2E -- C:\WINDOWS\$NtServicePackUninstall$\mountmgr.sys
    [2008/04/13 13:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\ServicePackFiles\i386\mountmgr.sys
    [2008/04/13 13:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\system32\drivers\mountmgr.sys

    < MD5 for: MRXSMB.SYS >
    [2008/12/26 11:59:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mrxsmb.sys
    [2008/12/26 11:59:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:mrxsmb.sys
    [2008/01/14 12:18:35 | 000,454,656 | ---- | M] (Microsoft Corporation) MD5=3ECC5F53A627B28A23AA7CC8C9376DB4 -- C:\WINDOWS\$NtUninstallKB957097_0$\mrxsmb.sys
    [2009/12/04 13:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) MD5=421F7B922CEC5A5F340E7574A98F7B7C -- C:\WINDOWS\$NtUninstallKB980232$\mrxsmb.sys
    [2009/12/04 12:25:56 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=602549D1E8A622E5746991F6C56B21CA -- C:\WINDOWS\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys
    [2008/10/24 06:21:09 | 000,455,296 | ---- | M] (Microsoft Corporation) MD5=60AE98742484E7AB80C3C1450E708148 -- C:\WINDOWS\$hf_mig$\KB957097\SP3GDR\mrxsmb.sys
    [2008/10/24 06:21:09 | 000,455,296 | ---- | M] (Microsoft Corporation) MD5=60AE98742484E7AB80C3C1450E708148 -- C:\WINDOWS\$NtUninstallKB978251$\mrxsmb.sys
    [2008/04/13 14:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\$NtUninstallKB957097$\mrxsmb.sys
    [2008/04/13 14:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
    [2008/10/24 06:41:11 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
    [2008/10/24 06:25:29 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=D07DA410091143336DAE419A921AAE2B -- C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys
    [2010/02/24 06:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
    [2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
    [2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\dllcache\mrxsmb.sys
    [2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\drivers\mrxsmb.sys

    < MD5 for: NDIS.SYS >
    [2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
    [2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
    [2004/08/03 21:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

    < MD5 for: NETLOGON.DLL >
    [2008/04/13 21:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/13 21:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
    [2009/02/06 13:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\SoftwareDistribution\Download\97b111600286d152fcefc716b84582eb\SP2QFE\netlogon.dll
    [2004/08/03 22:54:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: RASACD.SYS >
    [2002/09/06 18:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys

    < MD5 for: REDBOOK.SYS >
    [2008/12/26 11:59:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:redbook.sys
    [2008/12/26 11:59:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:redbook.sys
    [2004/08/03 19:39:44 | 000,058,496 | ---- | M] (Microsoft Corporation) MD5=2CC30B68DD62B73D444A41322CD7FC4C -- C:\WINDOWS\$NtServicePackUninstall$\redbook.sys
    [2008/04/13 20:57:34 | 000,058,752 | ---- | M] (Microsoft Corporation) MD5=D8EB2A7904DB6C916EB5361878DDCBAE -- C:\WINDOWS\ServicePackFiles\i386\redbook.sys
    [2008/04/13 20:57:34 | 000,058,752 | ---- | M] (Microsoft Corporation) MD5=D8EB2A7904DB6C916EB5361878DDCBAE -- C:\WINDOWS\system32\drivers\redbook.sys

    < MD5 for: SCECLI.DLL >
    [2008/04/13 21:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/13 21:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
    [2004/08/03 22:54:38 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

    < MD5 for: SERVICES.EXE >
    [2008/04/13 21:34:20 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=54CB50058851D95E56EC70D09F70857F -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
    [2008/04/13 21:34:20 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=54CB50058851D95E56EC70D09F70857F -- C:\WINDOWS\ServicePackFiles\i386\services.exe
    [2009/02/09 06:16:53 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=62789101F9C2401ED598AA2CDE7450C0 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
    [2004/08/03 22:55:02 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=732E0B1ABAACE15D80EC19056B0A2AF9 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
    [2009/02/09 06:23:48 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C3FB1D70CB88722267949694BA51759E -- C:\WINDOWS\system32\dllcache\services.exe
    [2009/02/09 06:23:48 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C3FB1D70CB88722267949694BA51759E -- C:\WINDOWS\system32\services.exe

    < MD5 for: SMSS.EXE >
    [2008/04/13 21:34:22 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=48E430297DA757F5CC2793CCFACAD5E7 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
    [2008/04/13 21:34:22 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=48E430297DA757F5CC2793CCFACAD5E7 -- C:\WINDOWS\system32\smss.exe
    [2004/08/03 18:55:02 | 000,195,072 | ---- | M] (Microsoft Corporation) MD5=5F1E9A5ADF140D794E4A876E918C245D -- C:\cmdcons\SYSTEM32\SMSS.EXE
    [2004/08/03 22:55:02 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=B4C08D31E8C2EA9D76F892052A6FCAEB -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe

    < MD5 for: SPOOLSV.EXE >
    [2010/08/17 08:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
    [2008/04/13 21:34:23 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=460E4CE148BD07218DA0B6A3D31885A9 -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
    [2008/04/13 21:34:23 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=460E4CE148BD07218DA0B6A3D31885A9 -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
    [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
    [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
    [2008/01/14 12:19:18 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

    < MD5 for: SVCHOST.EXE >
    [2004/08/03 22:55:02 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=1BD6C2F707A275CB7C16FD99FE0F31CA -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
    [2008/04/13 21:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    [2008/04/13 21:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\system32\svchost.exe

    < MD5 for: TCPIP.SYS >
    [2008/04/13 14:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
    [2008/04/13 14:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
    [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
    [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
    [2008/02/03 04:55:36 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=9EDCA6CC591147475D1F09E95020D956 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
    [2008/06/20 06:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

    < MD5 for: TERMDD.SYS >
    [2008/12/26 11:59:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:termdd.sys
    [2008/12/26 11:59:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:termdd.sys
    [2008/04/13 21:34:52 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\ServicePackFiles\i386\termdd.sys
    [2008/04/13 21:34:52 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\system32\drivers\termdd.sys
    [2004/08/03 18:55:12 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=A540A99C281D933F3D69D55E48727F47 -- C:\WINDOWS\$NtServicePackUninstall$\termdd.sys

    < MD5 for: USERINIT.EXE >
    [2004/08/03 22:55:02 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    [2008/04/13 21:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2008/04/13 21:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

    < MD5 for: WIN32K.SYS >
    [2008/04/13 20:58:06 | 001,845,760 | ---- | M] (Microsoft Corporation) MD5=0E65F97FF5B39068D1D2186B3D7600C7 -- C:\WINDOWS\$NtUninstallKB954211$\win32k.sys
    [2008/04/13 20:58:06 | 001,845,760 | ---- | M] (Microsoft Corporation) MD5=0E65F97FF5B39068D1D2186B3D7600C7 -- C:\WINDOWS\ServicePackFiles\i386\win32k.sys
    [2010/05/02 06:32:26 | 001,860,480 | ---- | M] (Microsoft Corporation) MD5=117089D35359DD8FE8054DA17AC6EE19 -- C:\WINDOWS\$hf_mig$\KB979559\SP3QFE\win32k.sys
    [2008/01/14 12:19:37 | 001,844,096 | ---- | M] (Microsoft Corporation) MD5=187AF02D85DFBDD448697B11216C474A -- C:\WINDOWS\$NtUninstallKB954211_0$\win32k.sys
    [2010/10/26 08:59:49 | 001,862,400 | ---- | M] (Microsoft Corporation) MD5=19209B83DC73BCA78558C2F220DB65E2 -- C:\WINDOWS\$hf_mig$\KB2436673\SP3QFE\win32k.sys
    [2009/08/14 15:28:54 | 001,859,840 | ---- | M] (Microsoft Corporation) MD5=479DD2D56488951B4842B6ECBB770239 -- C:\WINDOWS\$hf_mig$\KB969947\SP3QFE\win32k.sys
    [2008/09/15 10:14:42 | 001,847,040 | ---- | M] (Microsoft Corporation) MD5=4B7F71D24D215A79400C947EE9C9AF7B -- C:\WINDOWS\$NtServicePackUninstall$\win32k.sys
    [2009/02/09 09:05:54 | 001,846,912 | ---- | M] (Microsoft Corporation) MD5=6D791CDCE0B1551D95A81D69E7352EF5 -- C:\WINDOWS\$NtUninstallKB968537$\win32k.sys
    [2010/09/01 02:54:08 | 001,862,016 | ---- | M] (Microsoft Corporation) MD5=81C11BC7F3FAE0CC76941A8AB9B2ED1A -- C:\WINDOWS\$hf_mig$\KB981957\SP3QFE\win32k.sys
    [2009/08
    4 Février 2011 22:28:19

    Bonsoir
    le rapport n'est pas complet, il me le faut en entier

    Citation :
    [2011/01/17 15:23:55 | 004,656,459 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Disque KIND PURPLE OK.pdf.jpg.pdf

    c'est quoi? (triple extension)
    4 Février 2011 22:42:22

    Voilà le complément, j'ai remarqué la dernière qui n'était pas complète :

    [2009/08/14 10:13:59 | 001,850,752 | ---- | M] (Microsoft Corporation) MD5=8441F8A5DC42BD5F2BEAA95297EE0E10 -- C:\WINDOWS\$NtUninstallKB979559$\win32k.sys
    [2008/09/15 10:26:07 | 001,846,528 | ---- | M] (Microsoft Corporation) MD5=9F1A0FB5BD8ACECC6CB0A9130BD8F3C3 -- C:\WINDOWS\$hf_mig$\KB954211\SP3GDR\win32k.sys
    [2008/09/15 10:26:07 | 001,846,528 | ---- | M] (Microsoft Corporation) MD5=9F1A0FB5BD8ACECC6CB0A9130BD8F3C3 -- C:\WINDOWS\$NtUninstallKB958690$\win32k.sys
    [2009/02/09 08:59:50 | 001,847,680 | ---- | M] (Microsoft Corporation) MD5=A06AF7F6B26F2BDEFB0961D4641D6453 -- C:\WINDOWS\$hf_mig$\KB958690\SP3QFE\win32k.sys
    [2009/04/19 18:12:36 | 001,847,936 | ---- | M] (Microsoft Corporation) MD5=A4CB910DA61C2AB50D1D4E15CDA48D32 -- C:\WINDOWS\$hf_mig$\KB968537\SP3QFE\win32k.sys
    [2010/10/26 09:07:17 | 001,853,440 | ---- | M] (Microsoft Corporation) MD5=A872D428716E5C454D97F16785656351 -- C:\WINDOWS\system32\dllcache\win32k.sys
    [2010/10/26 09:07:17 | 001,853,440 | ---- | M] (Microsoft Corporation) MD5=A872D428716E5C454D97F16785656351 -- C:\WINDOWS\system32\win32k.sys
    [2008/09/15 10:20:39 | 001,847,040 | ---- | M] (Microsoft Corporation) MD5=AC230363E6F0021E3F8336990F348A87 -- C:\WINDOWS\$hf_mig$\KB954211\SP3QFE\win32k.sys
    [2010/09/01 02:55:16 | 001,852,928 | ---- | M] (Microsoft Corporation) MD5=C71A8AFDCD34601F7FDE2DA3792CEAE9 -- C:\WINDOWS\$NtUninstallKB2436673$\win32k.sys
    [2010/06/24 04:02:32 | 001,852,032 | ---- | M] (Microsoft Corporation) MD5=CA341AEF1BBBF1EF98B07E46681257D9 -- C:\WINDOWS\$NtUninstallKB981957$\win32k.sys
    [2010/05/02 03:08:14 | 001,851,392 | ---- | M] (Microsoft Corporation) MD5=D6491CA433261FCBDC99D27064E5F180 -- C:\WINDOWS\$NtUninstallKB2160329$\win32k.sys
    [2009/04/19 14:50:30 | 001,847,296 | ---- | M] (Microsoft Corporation) MD5=E2D4E6609DCF4175FCC8BCA489F28D9C -- C:\WINDOWS\$NtUninstallKB969947$\win32k.sys
    [2010/06/24 16:29:54 | 001,861,248 | ---- | M] (Microsoft Corporation) MD5=F1AEB1184052F4598390CE4CD638CA14 -- C:\WINDOWS\$hf_mig$\KB2160329\SP3QFE\win32k.sys

    < MD5 for: WINLOGON.EXE >
    [2008/04/13 21:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [2008/04/13 21:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe
    [2008/02/03 05:12:51 | 000,555,520 | ---- | M] (Microsoft Corporation) MD5=DF3ED75D36BB55FEDF9F02EC863BDF3F -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2008/06/20 12:47:22 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
    [2010/11/05 19:21:43 | 011,080,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
    [2010/11/05 19:21:44 | 001,991,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
    [2008/04/13 21:33:33 | 000,281,600 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
    [2008/04/13 21:33:36 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
    [2010/07/27 01:30:01 | 008,518,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
    [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2008/12/03 15:12:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2008/12/03 15:12:30 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2008/12/03 15:12:30 | 000,442,368 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
    < End of report >

    La triple extension? Je ne sais pas.
    4 Février 2011 22:45:26

    UN disque sous trois formats différents peut être?
    4 Février 2011 22:49:41

    Question, je peux éteindre le pc de mon amie quand je ne suis pas dessus?
    5 Février 2011 16:49:30

    jouss a dit :
    Question, je peux éteindre le pc de mon amie quand je ne suis pas dessus?

    Biensûr...

    Citation :
    La triple extension? Je ne sais pas.

    demande lui, si elle ne sait pas, tu vires ça.
    6 Février 2011 22:26:49

    Mon amie sait ce que c'est. Elle ne souhaite pas le supprimer mais on peut le déplacer si il faut.
    8 Février 2011 16:12:54

    Salut,
    j'ai mis le fichier sur une clé (dis moi si ce fichier peut endommagé la clé),

    et voici le rapport de ESET :

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6419
    # api_version=3.0.2
    # EOSSerial=5d765bcf371d7f4f9cc6817a60cdd314
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-02-08 02:55:31
    # local_time=2011-02-08 03:55:31 (+0100, Paris, Madrid)
    # country="France"
    # lang=1036
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=768 16777215 100 0 68703336 68703336 0 0
    # compatibility_mode=1797 16775141 100 100 5276 72684073 44347 0
    # compatibility_mode=8192 67108863 100 0 3889 3889 0 0
    # scanned=108085
    # found=6
    # cleaned=0
    # scan_time=8167
    C:\Documents and Settings\Administrateur\Application Data\OpenCandy\registrybooster(8).exe une variante de Win32/RegistryBooster application (impossible de nettoyer) 00000000000000000000000000000000 I
    C:\Documents and Settings\Administrateur\Bureau\Setup_FreeBurner.exe Win32/Adware.Toolbar.Dealio application (impossible de nettoyer) 00000000000000000000000000000000 I
    C:\Documents and Settings\Administrateur\Bureau\GRAVEUR free easy burner\Setup_FreeBurner.exe Win32/Adware.Toolbar.Dealio application (impossible de nettoyer) 00000000000000000000000000000000 I
    C:\Documents and Settings\Administrateur\Bureau\plusieurs setup\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application (impossible de nettoyer) 00000000000000000000000000000000 I
    C:\Program Files\Uniblue\RegistryBooster\Launcher.exe une variante de Win32/RegistryBooster application (impossible de nettoyer) 00000000000000000000000000000000 I
    C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application (impossible de nettoyer) 00000000000000000000000000000000 I
    8 Février 2011 19:01:13

    re
    comment se comporte le pc?
    9 Février 2011 11:16:52

    Pas trop mal, j'ai l'impression,
    mais le pc met toujours du temps à l'allumage,
    les pages internet s'ouvrent assez rapidement en revanche,
    j'ai aussi testé et réussi à imprimer un fichier en pdf.
    9 Février 2011 21:13:36

    Bonsoir :D 
    pour moi c'est bon




    Supprime/Désinstalle tous les programmes utilisés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    Lire aussi:
  • Antispyware gratuit : ça sert à rien!


    ~Clique, sur ton premier message, sur le bouton "Editer" et marque [résolu] dans le titre.

    Clique ensuite sur "Valider votre message"

    Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.

    :hello: 

    +++
    16 Février 2011 23:03:21

    Merci beaucoup, bon courage.
    17 Février 2011 21:04:41

    Bon surf
    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS