Se connecter avec
S'enregistrer | Connectez-vous
Votre question

[Résolu] Trojan découvert par avira - alerte qui revient sans cesse..

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
Partagez
27 Août 2010 17:15:44

Bonjour,

Voici mon problème, depuis hier Avira me lance sans arrêt une alerte virus :
"TR/Cosmu.aask"
qu'il aurait découvert dans un jeu !
Or j'y joue depuis plusieurs mois sans aucuns problèmes..

J'ai beau supprimer, refuser l'accès, mettre en quarantaine, l'alerte revient toujours :( 
Je sais pas trop quoi faire pour que ça s'arrête !
Je ne sais pas non plus si c'est une fausse alerte..
C'est pourquoi je viens vous demander un peu d'aide !

merci d'avance et bonne journée :) 

Autres pages sur : resolu trojan decouvert avira alerte revient cesse

29 Août 2010 11:40:25

Bonjour,

*Télécharge RSIT (merci random/random) sur le Bureau : Ici
Double-clique sur RSIT.exe, il ne nécessite pas d' installation.
Clique Continue à l' écran Disclaimer si tu acceptes les conditions.
-Si HijackThis est non détecté sur ton Pc, il le téléchargera (autorise l' accès dans ton pare-feu si demandé et accepte la licence).
Lorsque l' analyse sera terminée, deux fichiers texte s' ouvriront.
Poste le contenu de log.txt (celui qui s' ouvre) ainsi que info.txt qui est dans la Barre des Tâches

NB : Ces rapports sont enregistrés dans le dossier C:\rsit

A+
29 Août 2010 22:03:30

Bonsoir,

Merci beaucoup pour ton aide :) 

Alors voici le premier rapport :

log.txt :

Logfile of random's system information tool 1.08 (written by random/random)
Run by £n at 2010-08-29 21:51:27
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2
System drive C: has 112 GB (49%) free of 226 GB
Total RAM: 3000 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:51:57, on 29/08/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe
C:\Program Files\CyberLink\PlayMovie\PMVService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\£n\Documents\JEUX\Plants vs. Zombies\PlantsVsZombies.exe
C:\ProgramData\PopCap Games\PlantsVsZombies\popcapgame1.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\£n\Desktop\RSIT.exe
C:\Program Files\trend micro\£n.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.packardbell.com/?id=9136
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Messenger Plus Live France Toolbar - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMess.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Messenger Plus Live France Toolbar - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMess.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\Nouveau dossier\bin\jp2ssv.dll
O3 - Toolbar: Messenger Plus Live France Toolbar - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMess.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\CyberLink\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://pogofr.oberon-media.com/online2/pogo/chuzzle/pop...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (BthServ) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe
O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe
O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 22165 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Extension de garantie-£n.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-11-23 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59994074-c06d-4a75-9768-49e5a8c21264}]
Messenger Plus Live France Toolbar - C:\Program Files\Messenger_Plus_Live_France\tbMess.dll [2010-04-15 2515552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Google\Google_BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\Nouveau dossier\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{59994074-c06d-4a75-9768-49e5a8c21264} - Messenger Plus Live France Toolbar - C:\Program Files\Messenger_Plus_Live_France\tbMess.dll [2010-04-15 2515552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-06-08 894512]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-08-04 6265376]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-08-12 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-08-12 170520]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-08-12 145944]
"PCMAgent"=C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe [2008-03-21 143360]
"CLMLServer"=C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe [2008-04-11 196608]
"PlayMovie"=C:\Program Files\CyberLink\PlayMovie\PMVService.exe [2008-03-31 172032]
"toolbar_eula_launcher"=C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe [2007-02-20 28672]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-11-23 198160]
"Skytel"=C:\Windows\Skytel.exe [2008-08-04 1833504]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-08-10 421888]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-08-20 1164584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"=C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe [2008-02-04 1038136]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-01-14 1688872]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-07-11 208896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-29 21:51:28 ----D---- C:\Program Files\trend micro
2010-08-29 21:51:27 ----D---- C:\rsit
2010-08-17 00:42:42 ----D---- C:\Program Files\Common Files\DivX Shared
2010-08-16 23:26:31 ----D---- C:\ProgramData\Apple Computer
2010-08-16 23:26:31 ----D---- C:\Program Files\QuickTime
2010-08-15 01:51:34 ----D---- C:\Program Files\Common Files\Java
2010-08-15 01:51:13 ----A---- C:\Windows\system32\javaws.exe
2010-08-15 01:51:13 ----A---- C:\Windows\system32\javaw.exe
2010-08-15 01:51:13 ----A---- C:\Windows\system32\java.exe
2010-08-12 00:43:04 ----D---- C:\Windows\system32\WindowsPowerShell
2010-08-12 00:41:37 ----A---- C:\Windows\system32\winrsmgr.dll
2010-08-12 00:41:17 ----A---- C:\Windows\system32\wsmprovhost.exe
2010-08-12 00:41:17 ----A---- C:\Windows\system32\winrshost.exe
2010-08-12 00:41:16 ----A---- C:\Windows\system32\winrs.exe
2010-08-12 00:41:14 ----A---- C:\Windows\system32\wsmplpxy.dll
2010-08-12 00:41:14 ----A---- C:\Windows\system32\winrssrv.dll
2010-08-12 00:41:12 ----A---- C:\Windows\system32\wecapi.dll
2010-08-12 00:41:11 ----A---- C:\Windows\system32\WsmRes.dll
2010-08-12 00:41:11 ----A---- C:\Windows\system32\wevtfwd.dll
2010-08-12 00:41:11 ----A---- C:\Windows\system32\wecutil.exe
2010-08-12 00:41:11 ----A---- C:\Windows\system32\wecsvc.dll
2010-08-12 00:41:11 ----A---- C:\Windows\system32\pwrshplugin.dll
2010-08-12 00:41:06 ----A---- C:\Windows\system32\winrm.vbs
2010-08-12 00:41:04 ----A---- C:\Windows\system32\WsmWmiPl.dll
2010-08-12 00:41:04 ----A---- C:\Windows\system32\WsmSvc.dll
2010-08-12 00:41:04 ----A---- C:\Windows\system32\WsmAuto.dll
2010-08-12 00:41:04 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2010-08-12 00:41:04 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2010-08-12 00:41:04 ----A---- C:\Windows\system32\winrscmd.dll
2010-08-11 23:43:01 ----A---- C:\Windows\system32\iertutil.dll
2010-08-11 23:43:00 ----A---- C:\Windows\system32\mshtml.dll
2010-08-11 23:42:59 ----A---- C:\Windows\system32\ieframe.dll
2010-08-11 23:42:58 ----A---- C:\Windows\system32\wininet.dll
2010-08-11 23:42:58 ----A---- C:\Windows\system32\urlmon.dll
2010-08-11 23:42:58 ----A---- C:\Windows\system32\occache.dll
2010-08-11 23:42:58 ----A---- C:\Windows\system32\mstime.dll
2010-08-11 23:42:58 ----A---- C:\Windows\system32\msfeeds.dll
2010-08-11 23:42:58 ----A---- C:\Windows\system32\ieui.dll
2010-08-11 23:42:58 ----A---- C:\Windows\system32\iesysprep.dll
2010-08-11 23:42:58 ----A---- C:\Windows\system32\iepeers.dll
2010-08-11 23:42:58 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-11 23:42:58 ----A---- C:\Windows\system32\ie4uinit.exe
2010-08-11 23:42:57 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-11 23:42:57 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-11 23:42:57 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-11 23:42:57 ----A---- C:\Windows\system32\ieUnatt.exe
2010-08-11 23:42:57 ----A---- C:\Windows\system32\iesetup.dll
2010-08-11 23:42:57 ----A---- C:\Windows\system32\iernonce.dll
2010-08-11 23:42:52 ----A---- C:\Windows\system32\iccvid.dll
2010-08-11 23:42:49 ----A---- C:\Windows\system32\schannel.dll
2010-08-11 23:42:32 ----A---- C:\Windows\system32\win32k.sys
2010-08-11 23:42:29 ----A---- C:\Windows\system32\rtutils.dll
2010-08-11 23:42:05 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-11 23:42:04 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-11 23:42:00 ----A---- C:\Windows\system32\msxml3.dll
2010-08-11 23:41:47 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-11 23:41:47 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-11 23:41:44 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-03 01:34:18 ----A---- C:\Windows\system32\shell32.dll

======List of files/folders modified in the last 1 months======

2010-08-29 21:51:41 ----D---- C:\Windows\prefetch
2010-08-29 21:51:38 ----D---- C:\Windows\Temp
2010-08-29 21:51:28 ----RD---- C:\Program Files
2010-08-29 21:23:04 ----D---- C:\Windows\inf
2010-08-29 21:23:04 ----AD---- C:\Windows\System32
2010-08-29 21:23:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-29 19:41:10 ----SHD---- C:\System Volume Information
2010-08-29 15:08:53 ----SD---- C:\Users\£n\AppData\Roaming\Microsoft
2010-08-29 01:13:51 ----D---- C:\ProgramData\DivX
2010-08-29 01:13:51 ----D---- C:\Program Files\DivX
2010-08-24 01:35:32 ----D---- C:\Windows
2010-08-24 01:33:25 ----D---- C:\Windows\system32\catroot2
2010-08-22 04:13:02 ----D---- C:\Windows\Debug
2010-08-22 04:12:32 ----D---- C:\Program Files\CCleaner
2010-08-21 14:49:44 ----SHD---- C:\Windows\Installer
2010-08-19 14:46:22 ----D---- C:\Users\£n\AppData\Roaming\LimeWire
2010-08-17 00:43:20 ----D---- C:\Program Files\Common Files\PX Storage Engine
2010-08-17 00:42:42 ----D---- C:\Program Files\Common Files
2010-08-16 23:26:31 ----HD---- C:\ProgramData
2010-08-12 01:26:52 ----D---- C:\Windows\Microsoft.NET
2010-08-12 01:26:32 ----RSD---- C:\Windows\assembly
2010-08-12 00:52:54 ----D---- C:\Windows\rescache
2010-08-12 00:51:15 ----D---- C:\Windows\winsxs
2010-08-12 00:43:47 ----D---- C:\Windows\system32\drivers
2010-08-12 00:43:46 ----D---- C:\Windows\system32\catroot
2010-08-12 00:43:06 ----D---- C:\Windows\system32\fr-FR
2010-08-12 00:43:06 ----D---- C:\Windows\PolicyDefinitions
2010-08-12 00:28:28 ----D---- C:\Windows\system32\migration
2010-08-12 00:28:28 ----D---- C:\Program Files\Internet Explorer
2010-08-12 00:28:27 ----D---- C:\Program Files\Movie Maker
2010-08-12 00:19:40 ----D---- C:\Program Files\Windows Mail
2010-08-11 00:16:24 ----D---- C:\Program Files\LimeWire
2010-08-09 05:25:36 ----D---- C:\Program Files\Messenger Plus! Live
2010-08-03 20:09:31 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-11-23 28520]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\CyberLink\PlayMovie\000.fcl [2008-03-31 41456]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-10 56816]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-07-11 2381312]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-08-04 2161496]
R3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2010-01-12 241696]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 350720]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-02-20 60416]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-06-08 187448]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 X10Hid;X10 Hid Device; C:\Windows\System32\Drivers\x10hid.sys [2006-11-17 13976]
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-11-23 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-11-23 185089]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-01-14 447784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-05-22 647680]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

-----------------EOF-----------------
Contenus similaires
Pas de réponse à votre question ? Demandez !
29 Août 2010 22:08:19

Et voici le deuxième rapport demandé :

info.txt :

info.txt logfile of random's system information tool 1.08 2010-08-29 21:52:00

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe" -uninstall
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}
Adobe Reader 8-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobeReader*
Adobe Reader 9.3.4 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Apple Application Support-->MsiExec.exe /I{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Browser Address Error Redirector-->regsvr32 /u /s "C:\Program Files\Google\Google_BAE\BAE.dll"
CamStudio 2.0 Fr-->"C:\Program Files\CamStudio\unins000.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Complément Microsoft Word pour Microsoft Works Suite-->MsiExec.exe /I{7054ED85-498D-4D20-906F-14646AEC5581}
Configuration DivX-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
CyberLink PowerCinema-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
CyberLink PowerCinema-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Google BAE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleBAE*
Google Toolbar-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleToolbar*
HDReg France-->MsiExec.exe /I{0ED40D2A-7131-4FE7-941E-5C329336F712}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Imikimi Plugin-->"C:\Program Files\Imikimi\uninstall.exe"
Infocentre Rev. 2.0.0.1-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Infocentre*
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
LimeWire 5.5.13-->"C:\Program Files\LimeWire\uninstall.exe"
MagikWord-->"C:\Program Files\Micro Application\JEUX DE LETTRES\MagikWord\Uninstall.exe" "C:\Program Files\Micro Application\JEUX DE LETTRES\MagikWord\install.log"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Messenger_Plus_Live_France Toolbar-->C:\PROGRA~1\MESSEN~3\UNWISE.EXE /U C:\PROGRA~1\MESSEN~3\INSTALL.LOG
MessengerDiscovery Live 1.5.0720-->"C:\Program Files\MessengerDiscovery\unins000.exe"
Metaboli-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *METABOLI*
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile FRA Language Pack-->MsiExec.exe /X{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Picture It! Photo Premium 9-->C:\Windows\system32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Word 2002-->MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9}
Microsoft Works-->MsiExec.exe /I{E6BAE954-487E-488B-BC4E-2E69E54E8117}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Module linguistique Microsoft .NET Framework 4 Client Profile FRA-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1036 /parameterfolder ClientLP
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 8 Essentials-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Nero8*
Nero 8 Essentials-->MsiExec.exe /X{980B9958-1239-4FC5-8C88-AC5650321036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Packard Bell ImageWriter-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *ImageWriter*
Packard Bell LCD Test-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *LCDTest*
Packard Bell Updator-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Updator*
Power Cinema 6-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *PowerCinema6*
QuickTime-->MsiExec.exe /I{EB900AF8-CC61-4E15-871B-98D1EA3E8025}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Sélecteur d'installation de Microsoft Works 2004-->C:\Program Files\Microsoft Works Suite 2004\Setup\Launcher.exe /ARP D:\
SetUp My PC-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SETUPMYPC_FR*
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Super Mah Jong Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0598C50-5ECB-46D0-AA67-A8920B776EEE}\SETUP.EXE" -l0x40c
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Ultimate Mahjongg 5-->C:\PROGRA~1\ValuSoft\ULTIMA~1\UNWISE.EXE C:\PROGRA~1\ValuSoft\ULTIMA~1\INSTALL.LOG
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
X10 Hardware(TM)-->C:\Windows\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log

======Security center information======

AS: Spybot - Search and Destroy (disabled) (outdated)
AS: Windows Defender

======System event log======

Computer Name: PC-de-£n
Event Code: 4001
Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement.

Record Number: 38755
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100122173147.465943-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-£n
Event Code: 4376
Message: Servicing a requis un redémarrage pour terminer la définition du package KB978207(Security Update) à l’état Installation demandée(Install Requested)
Record Number: 38710
Source Name: Microsoft-Windows-Servicing
Time Written: 20100122173145.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-£n
Event Code: 4376
Message: Servicing a requis un redémarrage pour terminer la définition du package KB978207(Security Update) à l’état Installation demandée(Install Requested)
Record Number: 38708
Source Name: Microsoft-Windows-Servicing
Time Written: 20100122173145.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-£n
Event Code: 4376
Message: Servicing a requis un redémarrage pour terminer la définition du package KB978207(Security Update) à l’état Installation demandée(Install Requested)
Record Number: 38706
Source Name: Microsoft-Windows-Servicing
Time Written: 20100122173145.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-£n
Event Code: 4376
Message: Servicing a requis un redémarrage pour terminer la définition du package KB978207(Security Update) à l’état Installation demandée(Install Requested)
Record Number: 38704
Source Name: Microsoft-Windows-Servicing
Time Written: 20100122173145.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

=====Application event log=====

Computer Name: PC-de-£n
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 685
Source Name: Microsoft-Windows-WMI
Time Written: 20091122231705.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-£n
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-569108941-3654211372-3041866391-1000:
Process 588 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-569108941-3654211372-3041866391-1000

Record Number: 667
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091122231440.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-£n
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 587
Source Name: Microsoft-Windows-WMI
Time Written: 20091122225715.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-£n
Event Code: 1008
Message: Le service Windows Search tente de supprimer l’ancien catalogue.

Record Number: 583
Source Name: Microsoft-Windows-Search
Time Written: 20091122215716.000000-000
Event Type: Avertissement
User:

Computer Name: WIN-DS8MXBHE5Z9
Event Code: 1036
Message: Échec de InitializePrintProvider pour le fournisseur inetpp.dll. Cela peut se produire à la suite d’une instabilité du système ou d’une insuffisance des ressources système.
Record Number: 558
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20091122215336.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

=====Security event log=====

Computer Name: PC-de-£n
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-£N$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost

Informations sur le processus :
ID du processus : 0x28c
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Adresse du réseau : -
Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 4968
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091208020623.358927-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-£n
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7

Privilèges : SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 4967
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091208020623.327727-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-£n
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-£N$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x28c
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 4966
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091208020623.327727-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-£n
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-£N$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost

Informations sur le processus :
ID du processus : 0x28c
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Adresse du réseau : -
Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 4965
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091208020623.327727-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-£n
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :
ID de sécurité : S-1-5-19
Nom du compte : SERVICE LOCAL
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e5

Privilèges : SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeImpersonatePrivilege
Record Number: 4964
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091208020623.156126-000
Event Type: Succès de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\DivX Shared\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"CLASSPATH"=.;C:\Program Files\Java\jre6\Nouveau dossier\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\Nouveau dossier\lib\ext\QTJava.zip

-----------------EOF-----------------


Encore merci et bonne soirée :) 
29 Août 2010 23:40:17

Bonsoir,

ton Pc est infecté.

¤Télécharge Lop S&D2 (merci Eric_71) : Ici
Lance-le puis clique sur Start scan
Poste le rapport généré

A+
30 Août 2010 03:29:13

Bonjour,

Voici le rapport demandé :

Lop S&D by Eric_71

SeDebugPrivilege granted successfully ...

Windows Vista Home Edition (6.0.6002) Service Pack 2
x86 Family 6 Model 15 Stepping 13, GenuineIntel

[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
Internet Explorer 8.0.6001.18943

C:\ [Fixed-NTFS] .. ( Total:220 Go - Free:109 Go )
D:\ [CD_Rom]

Selected -> C:\

Path : C:\?
User : £n ( Administrator -> YES )


--------------------\\ Scan

(Processes) C:\Program Files\Internet Explorer\iexplore.exe
(Processes) C:\Program Files\Internet Explorer\iexplore.exe
(Processes) C:\Program Files\Internet Explorer\iexplore.exe
(Processes) C:\Program Files\Internet Explorer\iexplore.exe

--------------------\\ Other

[Locked Process] audiodg.exe (1252)
[Locked Process] Idle Process (0)
[Locked Process] System (4)

--------------------\\ EOF

Report : C:\LopSD$\LopSD_1.txt - (30/08/2010 | 03:23.22)
30 Août 2010 12:39:47

Bonjour,

relance Lop S&D2
Clique sur Start scan puis quand le scan est terminé sur Delete checked
Poste le rapport

A+
30 Août 2010 17:55:15

Bonsoir,

Voici le rapport demandé :

Lop S&D by Eric_71

SeDebugPrivilege granted successfully ...

Windows Vista Home Edition (6.0.6002) Service Pack 2
x86 Family 6 Model 15 Stepping 13, GenuineIntel

[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
Internet Explorer 8.0.6001.18943

C:\ [Fixed-NTFS] .. ( Total:220 Go - Free:107 Go )
D:\ [CD_Rom]

Selected -> C:\

Path : C:\?
User : £n ( Administrator -> YES )

--------------------\\ Delete

Processes: C:\Program Files\Internet Explorer\iexplore.exe (6560) Deleted!
Processes: C:\Program Files\Internet Explorer\iexplore.exe (7984) Deleted!
Processes: C:\Program Files\Internet Explorer\iexplore.exe (9680) Deleted!
Processes: C:\Program Files\Internet Explorer\iexplore.exe (9828) Deleted!

--------------------\\ Scan

Nothing found ...

--------------------\\ Other

[Locked Process] audiodg.exe (1252)
[Locked Process] Idle Process (0)
[Locked Process] System (4)

--------------------\\ EOF

Report : C:\LopSD$\LopSD_3.txt - (30/08/2010 | 17:49.32)
30 Août 2010 21:21:10

Re,

dés que vous ouvrez une page Internet, vous vous retrouvez envahi(e) de fenêtres publicitaires nommées CiD, vous proposant de télécharger divers programmes, et vous ne savez plus quoi faire pour vous en débarrasser ? … Ces fenêtres révèlent en réalité la présence de l’adware Lop responsable de cette publicité intempestive dont vous êtes victime.
...
Cet adware s’installe lors de l’installation des logiciels suivants, en contrepartie de leur dite « gratuité » :

* Sponsors MSN plus !
* Bittorent
* BitDownload
* BitGrabber
* NetPumper
* BitRoll
* TorrentQ
* Torrent101
* ...
...
En revanche, seul MSN plus ! propose explicitement à l’internaute d’installer ou non le sponsor (responsable de cette publicité abusive). Et par la suite, permettre de désinstaller facilement le sponsor en question.
...
"POLITIQUE DE PROTECTION DE LA VIE PRIVÉE"

CiD vous fournit le produit logiciel (le « logiciel ») gratuitement ou à un prix réduit en échange de votre acceptation à recevoir des messages publicitaires et promotionnels livrés par CiD et des tiers à votre ordinateur basés en partie sur les
mots-clés des sites web que vous - ou tout autre utilisateur de l'ordinateur - visitez.
Le contenu complémentaire peut inclure des publicités, des promotions, des liens à des sites web tiers ou autres documentations livrés à votre ordinateur qui correspondent à ce qui vous intéresse, basés en partie sur des mots-clés trouvés sur les sites web que vous visitez. (...)"
...
Pour les autres programmes cités précédemment, c’est différent, car le fait de désinstaller le logiciel p2p ne supprimera pas pour autant le sponsor, car celui-ci est dissimulé dans un autre programme nommé "CiDhelp" (ou "CiD-quelquechose" dans certains cas).

Remarque : la plupart du temps, la publicité générée par l’adware lop propose elle-même de télécharger d’autres programmes gratuits, comme des jeux, des chaînes de TV et radios etc. … qui, une fois téléchargés, installeront à leur tour d’autres malwares comme : navipromo, le dialer instant access … eux aussi générateurs de pubs ! Résultat : une infection « en Cascade » se traduisant par une invasion de publicités en tout genre !
1ère Méthode de désinfection : suppression manuelle

* Démarrer en mode sans échec
* Aller dans le menu Démarrer
* Cliquer sur panneau de configuration
* Choisir le module ajout/suppression de programmes
* Pour Msn plus! : il suffit de désinstaller le sponsor :

* Pour les logiciels p2p indiqués un peu plus haut : il faut chercher et supprimer le sponsor lié à CiD :
o Supprimer les programmes suivants si présents :
+ Cid help
+ Circle Developement
+ Adverts


http://www.commentcamarche.net/faq/sujet-5996-comment-b...
1 Septembre 2010 20:28:21

Bnsoir,

Désolée pour le retard...
J'ai bien redémarrer en mode sans échec comme indiqué,
mais il n'y avait pas grand chose à désinstaller en fait...

Bonne soirée
3 Septembre 2010 13:29:15

Bonjour,

Voici le rapport :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4527

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

03/09/2010 13:27:03
mbam-log-2010-09-03 (13-27-03).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 244885
Temps écoulé: 46 minute(s), 57 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\£n\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.


Bonne journée :) 
6 Septembre 2010 21:29:30

Bonjour,

Voici le rapport d'avira :) 



Avira AntiVir Personal
Date de création du fichier de rapport : lundi 6 septembre 2010 05:18

La recherche porte sur 2779135 souches de virus.

Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows Vista
Version de Windows : (Service Pack 2) [6.0.6002]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : PC-DE-£N

Informations de version :
BUILD.DAT : 9.0.0.77 21698 Bytes 09/06/2010 12:01:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 22/11/2009 23:35:03
AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 10:21:02
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 11:35:11
LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 10:21:31
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 23:35:03
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 23:35:03
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 22:00:24
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 21:12:57
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 21:14:13
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 17:51:04
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 19:51:59
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 21:58:18
VBASE008.VDF : 7.10.9.166 2048 Bytes 23/07/2010 21:58:18
VBASE009.VDF : 7.10.9.167 2048 Bytes 23/07/2010 21:58:18
VBASE010.VDF : 7.10.9.168 2048 Bytes 23/07/2010 21:58:18
VBASE011.VDF : 7.10.9.169 2048 Bytes 23/07/2010 21:58:19
VBASE012.VDF : 7.10.9.170 2048 Bytes 23/07/2010 21:58:19
VBASE013.VDF : 7.10.9.198 157696 Bytes 26/07/2010 22:51:31
VBASE014.VDF : 7.10.9.255 997888 Bytes 29/07/2010 21:45:00
VBASE015.VDF : 7.10.10.28 139264 Bytes 02/08/2010 23:30:05
VBASE016.VDF : 7.10.10.52 127488 Bytes 03/08/2010 23:30:04
VBASE017.VDF : 7.10.10.84 137728 Bytes 06/08/2010 23:30:07
VBASE018.VDF : 7.10.10.107 176640 Bytes 09/08/2010 23:30:08
VBASE019.VDF : 7.10.10.130 132608 Bytes 10/08/2010 23:30:16
VBASE020.VDF : 7.10.10.158 131072 Bytes 12/08/2010 23:30:12
VBASE021.VDF : 7.10.10.190 136704 Bytes 16/08/2010 23:30:46
VBASE022.VDF : 7.10.10.217 118272 Bytes 19/08/2010 23:30:59
VBASE023.VDF : 7.10.10.246 130048 Bytes 23/08/2010 23:30:44
VBASE024.VDF : 7.10.11.11 144896 Bytes 25/08/2010 23:31:10
VBASE025.VDF : 7.10.11.33 135168 Bytes 27/08/2010 13:09:23
VBASE026.VDF : 7.10.11.52 148992 Bytes 31/08/2010 23:31:02
VBASE027.VDF : 7.10.11.75 124928 Bytes 03/09/2010 23:31:07
VBASE028.VDF : 7.10.11.76 2048 Bytes 03/09/2010 23:31:07
VBASE029.VDF : 7.10.11.77 2048 Bytes 03/09/2010 23:31:07
VBASE030.VDF : 7.10.11.78 2048 Bytes 03/09/2010 23:31:07
VBASE031.VDF : 7.10.11.87 84480 Bytes 05/09/2010 23:31:23
Version du moteur : 8.2.4.50
AEVDF.DLL : 8.1.2.1 106868 Bytes 30/07/2010 21:45:51
AESCRIPT.DLL : 8.1.3.44 1364346 Bytes 26/08/2010 23:31:08
AESCN.DLL : 8.1.6.1 127347 Bytes 12/05/2010 17:39:13
AESBX.DLL : 8.1.3.1 254324 Bytes 23/04/2010 17:39:13
AERDL.DLL : 8.1.8.2 614772 Bytes 20/07/2010 21:55:32
AEPACK.DLL : 8.2.3.5 471412 Bytes 06/08/2010 23:30:25
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 21/07/2010 21:55:03
AEHEUR.DLL : 8.1.2.21 2883958 Bytes 03/09/2010 23:31:19
AEHELP.DLL : 8.1.13.3 242038 Bytes 26/08/2010 23:30:55
AEGEN.DLL : 8.1.3.20 397684 Bytes 26/08/2010 23:30:53
AEEMU.DLL : 8.1.2.0 393588 Bytes 23/04/2010 17:39:08
AECORE.DLL : 8.1.16.2 192887 Bytes 20/07/2010 21:55:06
AEBB.DLL : 8.1.1.0 53618 Bytes 23/04/2010 17:39:07
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 08:47:30
AVPREF.DLL : 9.0.3.0 44289 Bytes 22/11/2009 23:35:03
AVREP.DLL : 8.0.0.7 159784 Bytes 17/02/2010 20:58:35
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 15:24:42
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 15:05:22
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 10:36:37
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 15:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 08:20:57
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 15:40:59
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 22/11/2009 23:35:02
RCTEXT.DLL : 9.0.73.0 88321 Bytes 22/11/2009 23:35:02

Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: réparer
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen
Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Début de la recherche : lundi 6 septembre 2010 05:18

La recherche d'objets cachés commence.
'109430' objets ont été contrôlés, '0' objets cachés ont été trouvés.

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'NMIndexingService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'NMIndexStoreSvr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SmpSys.exe' - '1' module(s) sont contrôlés
Processus de recherche 'DivXUpdate.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'WmiPrvSE.exe' - '1' module(s) sont contrôlés
Processus de recherche 'igfxsrvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'realsched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PMVService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CLMLSvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'unsecapp.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PCMAgent.exe' - '1' module(s) sont contrôlés
Processus de recherche 'igfxpers.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hkcmd.exe' - '1' module(s) sont contrôlés
Processus de recherche 'igfxtray.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RtHDVCpl.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SynTPEnh.exe' - '1' module(s) sont contrôlés
Processus de recherche 'MSASCui.exe' - '1' module(s) sont contrôlés
Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'dwm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SDWinSec.exe' - '1' module(s) sont contrôlés
Processus de recherche 'X10nets.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SearchIndexer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'IoctlSvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'NBService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SLsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'audiodg.exe' - '0' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wininit.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'56' processus ont été contrôlés avec '56' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '43' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\' <HDD>
C:\hiberfil.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.


Fin de la recherche : lundi 6 septembre 2010 06:05
Temps nécessaire: 47:48 Minute(s)

La recherche a été effectuée intégralement

19185 Les répertoires ont été contrôlés
265409 Des fichiers ont été contrôlés
0 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
0 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
2 Impossible de contrôler des fichiers
265407 Fichiers non infectés
1429 Les archives ont été contrôlées
2 Avertissements
2 Consignes
109430 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés

Bonne soirée !!
6 Septembre 2010 22:59:23

Bonsoir,

comment va ton Pc?
Poste un nouveau rapport RSIT.

A+
8 Septembre 2010 01:29:34

Bonsoir,

Et bien il a l'air d'allé bien, enfin sachant que pendant qu'il était infecté il n'avait aucun soucis visible non plus...

Voici le rapport demandé :

Logfile of random's system information tool 1.08 (written by random/random)
Run by £n at 2010-09-08 01:18:10
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2
System drive C: has 109 GB (48%) free of 226 GB
Total RAM: 3000 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:18:44, on 08/09/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe
C:\Program Files\CyberLink\PlayMovie\PMVService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\£n\Desktop\INFO\RSIT.exe
C:\Program Files\trend micro\£n.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.packardbell.com/?id=9136
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\Nouveau dossier\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\CyberLink\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://pogofr.oberon-media.com/online2/pogo/chuzzle/pop...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (BthServ) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe
O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe
O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 21640 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Extension de garantie-£n.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-11-23 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Google\Google_BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\Nouveau dossier\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-06-08 894512]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-08-04 6265376]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-08-12 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-08-12 170520]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-08-12 145944]
"PCMAgent"=C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe [2008-03-21 143360]
"CLMLServer"=C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe [2008-04-11 196608]
"PlayMovie"=C:\Program Files\CyberLink\PlayMovie\PMVService.exe [2008-03-31 172032]
"toolbar_eula_launcher"=C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe [2007-02-20 28672]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-11-23 198160]
"Skytel"=C:\Windows\Skytel.exe [2008-08-04 1833504]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-08-10 421888]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-08-20 1164584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"=C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe [2008-02-04 1038136]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-01-14 1688872]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-07-11 208896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-09-01 20:24:15 ----ASH---- C:\hiberfil.sys
2010-08-30 03:23:22 ----D---- C:\LopSD$
2010-08-29 21:51:28 ----D---- C:\Program Files\trend micro
2010-08-29 21:51:27 ----D---- C:\rsit
2010-08-17 00:42:42 ----D---- C:\Program Files\Common Files\DivX Shared
2010-08-16 23:26:31 ----D---- C:\ProgramData\Apple Computer
2010-08-16 23:26:31 ----D---- C:\Program Files\QuickTime
2010-08-15 01:51:34 ----D---- C:\Program Files\Common Files\Java
2010-08-15 01:51:13 ----A---- C:\Windows\system32\javaws.exe
2010-08-15 01:51:13 ----A---- C:\Windows\system32\javaw.exe
2010-08-15 01:51:13 ----A---- C:\Windows\system32\java.exe
2010-08-12 00:43:04 ----D---- C:\Windows\system32\WindowsPowerShell
2010-08-12 00:41:37 ----A---- C:\Windows\system32\winrsmgr.dll
2010-08-12 00:41:17 ----A---- C:\Windows\system32\wsmprovhost.exe
2010-08-12 00:41:17 ----A---- C:\Windows\system32\winrshost.exe
2010-08-12 00:41:16 ----A---- C:\Windows\system32\winrs.exe
2010-08-12 00:41:14 ----A---- C:\Windows\system32\wsmplpxy.dll
2010-08-12 00:41:14 ----A---- C:\Windows\system32\winrssrv.dll
2010-08-12 00:41:12 ----A---- C:\Windows\system32\wecapi.dll
2010-08-12 00:41:11 ----A---- C:\Windows\system32\WsmRes.dll
2010-08-12 00:41:11 ----A---- C:\Windows\system32\wevtfwd.dll
2010-08-12 00:41:11 ----A---- C:\Windows\system32\wecutil.exe
2010-08-12 00:41:11 ----A---- C:\Windows\system32\wecsvc.dll
2010-08-12 00:41:11 ----A---- C:\Windows\system32\pwrshplugin.dll
2010-08-12 00:41:06 ----A---- C:\Windows\system32\winrm.vbs
2010-08-12 00:41:04 ----A---- C:\Windows\system32\WsmWmiPl.dll
2010-08-12 00:41:04 ----A---- C:\Windows\system32\WsmSvc.dll
2010-08-12 00:41:04 ----A---- C:\Windows\system32\WsmAuto.dll
2010-08-12 00:41:04 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2010-08-12 00:41:04 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2010-08-12 00:41:04 ----A---- C:\Windows\system32\winrscmd.dll
2010-08-11 23:43:01 ----A---- C:\Windows\system32\iertutil.dll
2010-08-11 23:43:00 ----A---- C:\Windows\system32\mshtml.dll
2010-08-11 23:42:59 ----A---- C:\Windows\system32\ieframe.dll
2010-08-11 23:42:58 ----A---- C:\Windows\system32\wininet.dll
2010-08-11 23:42:58 ----A---- C:\Windows\system32\urlmon.dll
2010-08-11 23:42:58 ----A---- C:\Windows\system32\occache.dll
2010-08-11 23:42:58 ----A---- C:\Windows\system32\mstime.dll
2010-08-11 23:42:58 ----A---- C:\Windows\system32\msfeeds.dll
2010-08-11 23:42:58 ----A---- C:\Windows\system32\ieui.dll
2010-08-11 23:42:58 ----A---- C:\Windows\system32\iesysprep.dll
2010-08-11 23:42:58 ----A---- C:\Windows\system32\iepeers.dll
2010-08-11 23:42:58 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-11 23:42:58 ----A---- C:\Windows\system32\ie4uinit.exe
2010-08-11 23:42:57 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-11 23:42:57 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-11 23:42:57 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-11 23:42:57 ----A---- C:\Windows\system32\ieUnatt.exe
2010-08-11 23:42:57 ----A---- C:\Windows\system32\iesetup.dll
2010-08-11 23:42:57 ----A---- C:\Windows\system32\iernonce.dll
2010-08-11 23:42:52 ----A---- C:\Windows\system32\iccvid.dll
2010-08-11 23:42:49 ----A---- C:\Windows\system32\schannel.dll
2010-08-11 23:42:32 ----A---- C:\Windows\system32\win32k.sys
2010-08-11 23:42:29 ----A---- C:\Windows\system32\rtutils.dll
2010-08-11 23:42:05 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-11 23:42:04 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-11 23:42:00 ----A---- C:\Windows\system32\msxml3.dll
2010-08-11 23:41:47 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-11 23:41:47 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-11 23:41:44 ----A---- C:\Windows\system32\drivers\tcpip.sys

======List of files/folders modified in the last 1 months======

2010-09-08 01:18:24 ----D---- C:\Windows\prefetch
2010-09-08 01:18:23 ----D---- C:\Windows\Temp
2010-09-07 17:35:06 ----AD---- C:\Windows\System32
2010-09-07 17:35:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-09-07 17:35:05 ----D---- C:\Windows\inf
2010-09-07 17:34:08 ----SHD---- C:\System Volume Information
2010-09-06 01:38:44 ----D---- C:\Users\£n\AppData\Roaming\LimeWire
2010-09-03 13:39:35 ----D---- C:\Windows\PCHEALTH
2010-09-03 13:39:34 ----D---- C:\Windows\system32\drivers
2010-09-02 06:22:19 ----D---- C:\Program Files\CCleaner
2010-09-02 06:20:58 ----D---- C:\Windows
2010-09-02 06:17:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-09-01 20:24:14 ----RD---- C:\Program Files
2010-08-29 15:08:53 ----SD---- C:\Users\£n\AppData\Roaming\Microsoft
2010-08-29 01:13:51 ----D---- C:\ProgramData\DivX
2010-08-29 01:13:51 ----D---- C:\Program Files\DivX
2010-08-24 01:33:25 ----D---- C:\Windows\system32\catroot2
2010-08-22 04:13:02 ----D---- C:\Windows\Debug
2010-08-21 14:49:44 ----SHD---- C:\Windows\Installer
2010-08-17 00:43:20 ----D---- C:\Program Files\Common Files\PX Storage Engine
2010-08-17 00:42:42 ----D---- C:\Program Files\Common Files
2010-08-16 23:26:31 ----HD---- C:\ProgramData
2010-08-12 01:26:52 ----D---- C:\Windows\Microsoft.NET
2010-08-12 01:26:32 ----RSD---- C:\Windows\assembly
2010-08-12 00:52:54 ----D---- C:\Windows\rescache
2010-08-12 00:51:15 ----D---- C:\Windows\winsxs
2010-08-12 00:43:46 ----D---- C:\Windows\system32\catroot
2010-08-12 00:43:06 ----D---- C:\Windows\system32\fr-FR
2010-08-12 00:43:06 ----D---- C:\Windows\PolicyDefinitions
2010-08-12 00:28:28 ----D---- C:\Windows\system32\migration
2010-08-12 00:28:28 ----D---- C:\Program Files\Internet Explorer
2010-08-12 00:28:27 ----D---- C:\Program Files\Movie Maker
2010-08-12 00:19:40 ----D---- C:\Program Files\Windows Mail
2010-08-11 00:16:24 ----D---- C:\Program Files\LimeWire
2010-08-09 05:25:36 ----D---- C:\Program Files\Messenger Plus! Live

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-11-23 28520]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\CyberLink\PlayMovie\000.fcl [2008-03-31 41456]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-10 56816]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-07-11 2381312]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-08-04 2161496]
R3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2010-01-12 241696]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 350720]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-02-20 60416]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-06-08 187448]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 X10Hid;X10 Hid Device; C:\Windows\System32\Drivers\x10hid.sys [2006-11-17 13976]
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-11-23 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-11-23 185089]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-01-14 447784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-05-22 647680]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

-----------------EOF-----------------

bonne soirée :) 
8 Septembre 2010 11:47:20

Bonjour,

quelles sont tes versions d' Adobe et de Java?

Lance HijackThis et ferme toutes les fenêtres de programme.

Vérifie qu' il fera des sauvegardes : Dans Config, coche Make backups before fixing items (protéger les objets avant de fixer) puis clique sur les boutons Back (retour)+Do a system scan only (scanner seulement) et coche les cases situées devant les lignes ci-dessous :

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://pogofr.oberon-media.com/onl [...] v10_fr.cab

Enfin clique sur Fix checked (fixer objet).

A+
9 Septembre 2010 00:25:50

Bonjour,

Adobe : version 10
Java 6 update21

Quant à hijackthis il y a eu un petit problème !!
Au moment de supprimer la ligne un message d'erreur est apparu :

" alt="" class="imgLz frmImg " />

merci et bonne soirée :) 
9 Septembre 2010 11:39:48

samsul a dit :
1] Adobe : version 10

2] Quant à hijackthis il y a eu un petit problème !!


:hello: ,

1] Mea culpa, quelle est ta version d' Acrobat Reader?

2] Réessaye...

A+
12 Septembre 2010 15:02:00

Bonjour,

1) Il doit donc s'agir de la version 9 alors.

2) Pour hijackthis, le message d'erreur n'apparait plus mais.... il me demande 2 fois l'autorisation mais rien ne s'efface, la ligne apparait toujours si je refais le même scan..

Bonne journée ! :) 
12 Septembre 2010 22:30:51

bonsoir,

Donc mise a jour faite, quant au reste euh... et bien je ne sais pas vraiment ou chercher après "C:".. et oui je suis pas très douée.. :/ 

Bonne soirée :) 
12 Septembre 2010 23:11:54

Bonsoir,

fais la manip' de ComboFix (merci sUBs) et poste le rapport : Ici

A+
16 Septembre 2010 21:00:19

Bonsoir,


Voici le rapport de Combo fix


ComboFix 10-09-16.03 - £n 16/09/2010 20:31:32.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.3000.1984 [GMT 2:00]
Lancé depuis: c:\users\£n\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\£n\AppData\Roaming\\Adobe\Acrobat\9.0\AdobeCMapFnt09.lst
c:\users\£n\AppData\Roaming\\Adobe\Acrobat\9.0\AdobeComFnt09.lst
c:\users\£n\AppData\Roaming\\Adobe\Acrobat\9.0\AdobeSysFnt09.lst
c:\users\£n\AppData\Roaming\\Adobe\Acrobat\9.0\JavaScripts\glob.js
c:\users\£n\AppData\Roaming\\Adobe\Acrobat\9.0\JavaScripts\glob.settings.js
c:\users\£n\AppData\Roaming\\Adobe\Acrobat\9.0\SharedDataEvents
c:\users\£n\AppData\Roaming\\Adobe\Acrobat\9.0\TMDocs.sav
c:\users\£n\AppData\Roaming\\Adobe\Acrobat\9.0\TMGrpPrm.sav
c:\users\£n\AppData\Roaming\\Adobe\Acrobat\9.0\UserCache.bin
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\1846548181EAE8A4BB86AFC74FD021D9A0F6DFA6.heu
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\1846548181EAE8A4BB86AFC74FD021D9A0F6DFA6.swz
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\1C04C61346A1FA3139A37D860ED92632AA13DECF.heu
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\1C04C61346A1FA3139A37D860ED92632AA13DECF.swz
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\26F1F5A0DEB2FBFC5345C20FF79DFFAFEE4EC7A6.heu
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\26F1F5A0DEB2FBFC5345C20FF79DFFAFEE4EC7A6.swz
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\3C82B2A2455B252B8595FD0113249AA19D7E8BDD.heu
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\3C82B2A2455B252B8595FD0113249AA19D7E8BDD.swz
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\7421C71F94DB4F028E7528B2D278F3FE4DC21273.heu
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\7421C71F94DB4F028E7528B2D278F3FE4DC21273.swz
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\cacheSize.txt
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\F7536EF0D78A77B889EEBE98BF96BA5321A1FDE0.heu
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\F7536EF0D78A77B889EEBE98BF96BA5321A1FDE0.swz
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\FF56DCA4C4D6043F3D639EFF51BF9A2934B7456B.heu
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\FF56DCA4C4D6043F3D639EFF51BF9A2934B7456B.swz
c:\users\£n\AppData\Roaming\\desktop.ini
c:\users\£n\AppData\Roaming\\DivX\DivX Player\Database.dat
c:\users\£n\AppData\Roaming\\DivX\DivX Player\DownloadQueue.dlq
c:\users\£n\AppData\Roaming\\DivX\DivX Stream Engine\v3.1\Font Cache
c:\users\£n\AppData\Roaming\\DivX\DivX Stream Engine\v3.1\Hardware Cache
c:\users\£n\AppData\Roaming\\DivX\Player\Media Library
c:\users\£n\AppData\Roaming\\DivX\TransferWizard\Devices
c:\users\£n\AppData\Roaming\\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
c:\users\£n\AppData\Roaming\\FrostWire\createtimes.cache
c:\users\£n\AppData\Roaming\\FrostWire\downloads.dat
c:\users\£n\AppData\Roaming\\FrostWire\fileurns.bak
c:\users\£n\AppData\Roaming\\FrostWire\fileurns.cache
c:\users\£n\AppData\Roaming\\FrostWire\filters.props
c:\users\£n\AppData\Roaming\\FrostWire\frostwire.props
c:\users\£n\AppData\Roaming\\FrostWire\gnutella.net
c:\users\£n\AppData\Roaming\\FrostWire\installation.props
c:\users\£n\AppData\Roaming\\FrostWire\intent.props
c:\users\£n\AppData\Roaming\\FrostWire\library.dat
c:\users\£n\AppData\Roaming\\FrostWire\mojito.props
c:\users\£n\AppData\Roaming\\FrostWire\questions.props
c:\users\£n\AppData\Roaming\\FrostWire\responses.cache
c:\users\£n\AppData\Roaming\\FrostWire\spam.dat
c:\users\£n\AppData\Roaming\\FrostWire\tables.props
c:\users\£n\AppData\Roaming\\FrostWire\themes\frostwirePro_theme.fwtp
c:\users\£n\AppData\Roaming\\FrostWire\themes\frostwirePro_theme\theme.txt
c:\users\£n\AppData\Roaming\\FrostWire\themes\frostwirePro_theme\version.txt
c:\users\£n\AppData\Roaming\\FrostWire\ttrees.cache
c:\users\£n\AppData\Roaming\\FrostWire\ttroot.cache
c:\users\£n\AppData\Roaming\\FrostWire\version.xml
c:\users\£n\AppData\Roaming\\FrostWire\xml\data\audio.sxml2
c:\users\£n\AppData\Roaming\\FrostWire\xml\data\video.sxml2
c:\users\£n\AppData\Roaming\\GDIPFONTCACHEV1.DAT
c:\users\£n\AppData\Roaming\\gtk-2.0\gtkfilechooser.ini
c:\users\£n\AppData\Roaming\\Identities\{000HQ7FF-AD7A-3FG4-US8E-26I93FV2MVVF}\xmlparse.dll
c:\users\£n\AppData\Roaming\\Identities\{000HQ7FF-AD7A-3FG4-US8E-26I93FV2MVVF}\zgt.lib
c:\users\£n\AppData\Roaming\\kcmdte.dat
c:\users\£n\AppData\Roaming\\LimeWire\active.mojito
c:\users\£n\AppData\Roaming\\LimeWire\browser\xul-v2.0b2.5-do-not-remove
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\branding.jar
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\classic.jar
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\comm.jar
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\alerts.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\appshell.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\auth.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\caps.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\chardet.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\chrome.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\composer.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\content_base.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\content_html.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\cookie.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\directory.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\downloads.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\editor.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\extensions.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\feeds.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\find.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\gfx.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\inspector.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\intl.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\jar.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\locale.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\necko.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\oji.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\pipboot.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\pipnss.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\pippki.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\pippki.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\places.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\plugin.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\pref.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\profile.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\rdf.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\satchel.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\shistory.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\storage.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\transformiix.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\uconv.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\update.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\widget.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\windowds.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xulutil.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\crashreporter.exe
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\crashreporter.ini
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\dependentlibs.list
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\freebl3.chk
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\freebl3.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\greprefs\all.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\javaxpcom.jar
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\js3250.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\LICENSE
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\modules\debug.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\modules\Microformats.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\modules\utils.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\mozctl.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\mozctlx.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\msvcr71.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\nspr4.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\nss3.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\nssckbi.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\nssdbm3.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\nssutil3.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\platform.ini
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\plc4.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\plds4.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\README.txt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\arrow.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\arrowd.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\broken-image.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\charsetData.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\contenteditable.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\designmode.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\forms.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\grabber.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\html.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\html\folder.png
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\langGroups.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\language.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\loading-image.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\mathml.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\quirk.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\svg.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\ua.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\viewsource.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\wincharset.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\smime3.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\softokn3.chk
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\softokn3.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\sqlite3.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\ssl3.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\updater.exe
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\version.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\xpcom.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\xpcshell.exe
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\xpicleanup.exe
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\xpidl.exe
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\xpt_dump.exe
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\xpt_link.exe
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\xul.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\xulrunner.exe
c:\users\£n\AppData\Roaming\\LimeWire\certificate\limewire.keystore
c:\users\£n\AppData\Roaming\\LimeWire\createtimes.cache
c:\users\£n\AppData\Roaming\\LimeWire\downloads.dat
c:\users\£n\AppData\Roaming\\LimeWire\fileurns.cache
c:\users\£n\AppData\Roaming\\LimeWire\gnutella.net
c:\users\£n\AppData\Roaming\\LimeWire\installation.props
c:\users\£n\AppData\Roaming\\LimeWire\library.dat
c:\users\£n\AppData\Roaming\\LimeWire\library5.dat
c:\users\£n\AppData\Roaming\\LimeWire\limewire.props
c:\users\£n\AppData\Roaming\\LimeWire\lock
c:\users\£n\AppData\Roaming\\LimeWire\mojito.props
c:\users\£n\AppData\Roaming\\LimeWire\passive.mojito
c:\users\£n\AppData\Roaming\\LimeWire\player.props
c:\users\£n\AppData\Roaming\\LimeWire\promotion\promodb.backup
c:\users\£n\AppData\Roaming\\LimeWire\promotion\promodb.data
c:\users\£n\AppData\Roaming\\LimeWire\promotion\promodb.properties
c:\users\£n\AppData\Roaming\\LimeWire\promotion\promodb.script
c:\users\£n\AppData\Roaming\\LimeWire\questions.props
c:\users\£n\AppData\Roaming\\LimeWire\responses.cache
c:\users\£n\AppData\Roaming\\LimeWire\restaccess.txt
c:\users\£n\AppData\Roaming\\LimeWire\simpp.cert
c:\users\£n\AppData\Roaming\\LimeWire\simpp.xml
c:\users\£n\AppData\Roaming\\LimeWire\spam.dat
c:\users\£n\AppData\Roaming\\LimeWire\tables.props
c:\users\£n\AppData\Roaming\\LimeWire\ttdata.cache
c:\users\£n\AppData\Roaming\\LimeWire\ttroot.cache
c:\users\£n\AppData\Roaming\\LimeWire\update.cert
c:\users\£n\AppData\Roaming\\LimeWire\urns.dat
c:\users\£n\AppData\Roaming\\LimeWire\version.xml
c:\users\£n\AppData\Roaming\\LimeWire\versions.props
c:\users\£n\AppData\Roaming\\LimeWire\xml\data\audio.sxml3
c:\users\£n\AppData\Roaming\\LimeWire\xml\data\video.sxml3
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\#SharedObjects\HT3N9MES\c0481431.cdn.cloudfiles.rackspacecloud.com\analytics.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\#SharedObjects\HT3N9MES\c0481431.cdn.cloudfiles.rackspacecloud.com\buddypokestats.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\#SharedObjects\HT3N9MES\flash.quantserve.com\com.quantserve.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\#SharedObjects\HT3N9MES\inplay.tubemogul.com\InPlayInfo.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\#SharedObjects\HT3N9MES\mw.50cubes.com\analytics.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\#SharedObjects\HT3N9MES\mw.50cubes.com\sandbox\Main.swf\mallworldSettings.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\#SharedObjects\HT3N9MES\rainbowx.mythings.com\mt_cookie.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\#SharedObjects\HT3N9MES\s.ytimg.com\soundData.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\#SharedObjects\HT3N9MES\s.ytimg.com\videostats.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\#SharedObjects\HT3N9MES\www.dailymotion.com\analytics.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\#SharedObjects\HT3N9MES\www.dailymotion.com\player.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\#SharedObjects\HT3N9MES\www.ludokado.com\jeux-arcade\Server_v5.swf\game_oracle.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#c0481431.cdn.cloudfiles.rackspacecloud.com\settings.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com\settings.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#inplay.tubemogul.com\settings.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mw.50cubes.com\settings.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#rainbowx.mythings.com\settings.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com\settings.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.dailymotion.com\settings.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.ludokado.com\settings.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.wat.tv\settings.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\digest.s
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
c:\users\£n\AppData\Roaming\\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-09-03 (13-27-03).txt
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\Alert.wav
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\Alert.xml
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\away.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\background.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\busy.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\close.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\close_hover.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\close_sel.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\display_picture_frame.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\display_picture_frame_available.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\display_picture_frame_away.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\display_picture_frame_busy.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\DO NOT DELETE THIS DIRECTORY OR ITS CONTENTS
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\facebook.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\move.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\move_hover.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\move_sel.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\offline.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\online.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\pin.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\pin_hover.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\pin_sel.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\pinned.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\pinned_hover.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\pinned_sel.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\preview.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Settings.xml
c:\users\£n\AppData\Roaming\\Microsoft\Épreuve\PERSO.DIC
c:\users\£n\AppData\Roaming\\Microsoft\Crypto\RSA\S-1-5-21-569108941-3654211372-3041866391-1000\6b29ae44e85efac3c72ff4d1865d73f1_0b3bb64b-8313-4371-8251-29e5890e04de
c:\users\£n\AppData\Roaming\\Microsoft\Crypto\RSA\S-1-5-21-569108941-3654211372-3041866391-1000\83aa4cc77f591dfc2374580bbd95f6ba_0b3bb64b-8313-4371-8251-29e5890e04de
c:\users\£n\AppData\Roaming\\Microsoft\Crypto\RSA\S-1-5-21-569108941-3654211372-3041866391-1000\a64731a25811fa88f16bf243447fbb69_0b3bb64b-8313-4371-8251-29e5890e04de
c:\users\£n\AppData\Roaming\\Microsoft\Crypto\RSA\S-1-5-21-569108941-3654211372-3041866391-1000\c0fa18b4e620109c616d4acdcda15310_0b3bb64b-8313-4371-8251-29e5890e04de
c:\users\£n\AppData\Roaming\\Microsoft\Crypto\RSA\S-1-5-21-569108941-3654211372-3041866391-1000\faa7e400bb6051e48e0d1a3370cabfa1_0b3bb64b-8313-4371-8251-29e5890e04de
c:\users\£n\AppData\Roaming\\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\Quick Launch\desktop.ini
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\Quick Launch\eBay.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\index.dat
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\58PA6N2X\pmocntr2[1].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\ps[1].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\ps[10].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\ps[11].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\ps[2].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\ps[3].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\ps[4].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\ps[5].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\ps[6].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\ps[7].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\ps[8].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\ps[9].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCA05IYEA.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCA2Z619S.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCA3W8TWA.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCA4935AI.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCA96MBWI.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCA9N3PKB.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAEJ7CTV.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAH2VIK7.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAIH48S3.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAIZYEK6.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAJRE0WM.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAKSAH57.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCANBQTAN.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAOX3250.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCASHALZR.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCATK6SFB.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAU1806P.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAV58KYK.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAX8KDWX.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAXK2EIA.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAY2S0II.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAY754G2.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAZHYARX.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAZR88XB.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\index.dat
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\ps[1].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\ps[10].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\ps[11].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\ps[2].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\ps[3].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\ps[4].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\ps[5].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\ps[6].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\ps[7].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\ps[8].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\ps[9].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\psCAARW6RP.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\psCACBASTR.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\psCAVZ2OZZ.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\WL272AOW\ps[1].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\WL272AOW\ps[2].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\WL272AOW\ps[3].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\WL272AOW\ps[4].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\WL272AOW\ps[5].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\WL272AOW\ps[6].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\WL272AOW\ps[7].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\WL272AOW\ps[8].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\WL272AOW\ps[9].xml
c:\users\£n\AppData\Roaming\\Microsoft\Modèles\~$Normal.dot
c:\users\£n\AppData\Roaming\\Microsoft\Modèles\Normal.dot
c:\users\£n\AppData\Roaming\\Microsoft\Office\fbc3FA0.tmp
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\5CG1LU7U.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\A LIRE EN ENTIER.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\Bureau.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\C h i ? ù ž.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\cocktails.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\Conneries Paris.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\CV 2010.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\Divers.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\Documents.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\explication.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\http.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\index.dat
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\Le chaton et la puce.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\Lettre de motivation.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\Mes fichiers reçus.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\Modèles.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\Normal.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\OHMYDOLLZ.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\PHOTO_MAGIQUE[1].lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\Rar$DI00.798.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\Rar$DI10.807.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\Z divers.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\MSO1025.acl
c:\users\£n\AppData\Roaming\\Microsoft\Office\MSO1031.acl
c:\users\£n\AppData\Roaming\\Microsoft\Office\MSO1033.acl
c:\users\£n\AppData\Roaming\\Microsoft\Office\MSO1036.acl
c:\users\£n\AppData\Roaming\\Microsoft\Office\MSO2057.acl
c:\users\£n\AppData\Roaming\\Microsoft\Office\Word10.pip
c:\users\£n\AppData\Roaming\\Microsoft\Office\Word12.pip
c:\users\£n\AppData\Roaming\\Microsoft\Picture It! 9\piorg.db
c:\users\£n\AppData\Roaming\\Microsoft\Protect\CREDHIST
c:\users\£n\AppData\Roaming\\Microsoft\Protect\S-1-5-21-569108941-3654211372-3041866391-1000\66f937af-0a30-4536-9362-289d590ddf5b
c:\users\£n\AppData\Roaming\\Microsoft\Protect\S-1-5-21-569108941-3654211372-3041866391-1000\71aabef8-4295-4c36-99ad-083aaa4e8ec9
c:\users\£n\AppData\Roaming\\Microsoft\Protect\S-1-5-21-569108941-3654211372-3041866391-1000\ae84d73e-1127-45b6-a6b8-e7856a3aaf76
c:\users\£n\AppData\Roaming\\Microsoft\Protect\S-1-5-21-569108941-3654211372-3041866391-1000\f6fd92c2-c185-4f70-b1f5-f5fd89164a38
c:\users\£n\AppData\Roaming\\Microsoft\Protect\S-1-5-21-569108941-3654211372-3041866391-1000\Preferred
c:\users\£n\AppData\Roaming\\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\desktop.ini
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\index.dat
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\desktop.ini
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\index.dat
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@247realmedia[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@62.75.239[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@a2dfp[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@abmr[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ad.yieldmanager[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ad.zanox[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@adaos-ads[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@adbrite[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@adnext[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@adnxs[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ads.clicmanager[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ads.esport-interactive[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ads.horyzon-media[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ads.pubmatic[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@adslidango[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@adtech[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@advertising[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@advertstream[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@adviva[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@aimfar.solution.weborama[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@alenty[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@allocine[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@apmebf[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@apps.facebook[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@atdmt[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@auditude[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@auroredodo.skyrock[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@badoo[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@banquepopulaire2010.solution.weborama[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@bidsystem[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@bleepingcomputer[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@blondyblondy.skyrock[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@bluekai[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@bluestreak[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@bnpparibasnet.solution.weborama[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@boursoramabanque.solution.weborama[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@bouyguestelecom.solution.weborama[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@bs.serving-sys[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@c.msn[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@caradisiac[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@cas.criteo[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@cas.fr.eu.criteo[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@cetelem.solution.weborama[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@collective-media[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@content.yieldmanager[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@content.yieldmanager[3].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@contextweb[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@crazyandfunny630.skyrock[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@criteo[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@crowdscience[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@d1.openx[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@dailymotion[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@delivery.simplytechnology[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@displaymarketplace[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@doubleclick[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ebay[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@edt02[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@estat[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@eulerian[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@exelator[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@facebook[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@fastclick[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@fl01.ct2.comclick[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@fr.msn[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@freecause[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ftv-publicite[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@garnier2010.solution.weborama[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@gisi[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@google[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@google[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@google[3].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@h.live[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ikalan.skyrock[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@imageshack[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@imrworldwide[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@infos-du-net[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@intellitxt[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@invitemedia[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@king[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@lfstmedia[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@linternaute[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@live[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@login.live[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ludokado[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@mail.live[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@mathtag[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@media6degrees[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@mediaplex[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@meetic-partners[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@metaffiliation[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@metrixlablw.customers.luna[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@msn[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@msnportal.112.2o7[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@music-quizz[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@mw.50cubes[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@mythings[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@nexac[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@nspmotion[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@nxtck[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ohmydollz[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@openx[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@openx[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@pixel.rubiconproject[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@pogo[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@pubmatic[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@quantserve[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@rad.msn[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@reussissonsensemble[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ro-msnfr.fr.msn[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ru4[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@rubiconproject[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@samsung.solution.weborama[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@sc.admanager-xertive[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@scorecardresearch[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@securite.01net[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@serving-sys[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@simpli[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@simply[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@skyregie[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@skyrock[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@smart2.allocine[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@smartadserver[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@social.bidsystem[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@spir[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@struq[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@tag.admeld[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@tf1[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@track.effiliation[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@track.effiliation[3].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@tracking.publicidees[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@tradedoubler[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@tribalfusion[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@turn[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@user.lucidmedia[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@vdwp.solution.weborama[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@vii.nxtck[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@weborama[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ww381.smartadserver[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ww57.smartadserver[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ww84.smartadserver[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@www.bleepingcomputer[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@www.dailymotion[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@www.leadium[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@www.ludokado[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@www.music-quizz[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@www.ohmydollz[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@www.simplicime[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@www.smartadserver[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@www2.adserverpub[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@www3.smartadserver[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@xiti[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@yahoo[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@youtube[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@yvessaintlaurentysl.solution.weborama[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@zanox[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@alenty[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@atdmt[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@banquepopulaire2010.solution.weborama[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@doubleclick[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@meetic-partners[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@messenger.msn[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@msn[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@notifier.avira[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@nspmotion[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@rad.msn[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@smartadserver[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@tradedoubler[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@weborama[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@youtube[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\IECompatCache\Low\index.dat
c:\users\£n\AppData\Roaming\\Microsoft\Windows\IETldCache\index.dat
c:\users\£n\AppData\Roaming\\Microsoft\Windows\IETldCache\Low\index.dat
c:\users\£n\AppData\Roaming\\Microsoft\Windows\PrivacIE\Low\index.dat
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Recent\desktop.ini
c:\users\£n\AppData\Roaming\\Microsoft\Windows\SendTo\Bluetooth File Transfer Wizard.LNK
c:\users\£n\AppData\Roaming\\Microsoft\Windows\SendTo\Compressed (zipped) Folder.ZFSendToTarget
c:\users\£n\AppData\Roaming\\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink
c:\users\£n\AppData\Roaming\\Microsoft\Windows\SendTo\Desktop.ini
c:\users\£n\AppData\Roaming\\Microsoft\Windows\SendTo\Documents.mydocs
c:\users\£n\AppData\Roaming\\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\desktop.ini
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Capturino V2\Capturino V2.0.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Capturino V2\Uninstall Capturino V2.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\CCleaner\Uni
16 Septembre 2010 22:28:38

Bonsoir,

le rapport de ComboFix est incomplet, poste-le en plusieurs parties.

A+
17 Septembre 2010 02:07:23

ah oups.. j'avais même pas vérifié


ComboFix 10-09-16.03 - £n 16/09/2010 20:31:32.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.3000.1984 [GMT 2:00]
Lancé depuis: c:\users\£n\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\£n\AppData\Roaming\\Adobe\Acrobat\9.0\AdobeCMapFnt09.lst
c:\users\£n\AppData\Roaming\\Adobe\Acrobat\9.0\AdobeComFnt09.lst
c:\users\£n\AppData\Roaming\\Adobe\Acrobat\9.0\AdobeSysFnt09.lst
c:\users\£n\AppData\Roaming\\Adobe\Acrobat\9.0\JavaScripts\glob.js
c:\users\£n\AppData\Roaming\\Adobe\Acrobat\9.0\JavaScripts\glob.settings.js
c:\users\£n\AppData\Roaming\\Adobe\Acrobat\9.0\SharedDataEvents
c:\users\£n\AppData\Roaming\\Adobe\Acrobat\9.0\TMDocs.sav
c:\users\£n\AppData\Roaming\\Adobe\Acrobat\9.0\TMGrpPrm.sav
c:\users\£n\AppData\Roaming\\Adobe\Acrobat\9.0\UserCache.bin
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\1846548181EAE8A4BB86AFC74FD021D9A0F6DFA6.heu
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\1846548181EAE8A4BB86AFC74FD021D9A0F6DFA6.swz
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\1C04C61346A1FA3139A37D860ED92632AA13DECF.heu
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\1C04C61346A1FA3139A37D860ED92632AA13DECF.swz
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\26F1F5A0DEB2FBFC5345C20FF79DFFAFEE4EC7A6.heu
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\26F1F5A0DEB2FBFC5345C20FF79DFFAFEE4EC7A6.swz
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\3C82B2A2455B252B8595FD0113249AA19D7E8BDD.heu
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\3C82B2A2455B252B8595FD0113249AA19D7E8BDD.swz
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\7421C71F94DB4F028E7528B2D278F3FE4DC21273.heu
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\7421C71F94DB4F028E7528B2D278F3FE4DC21273.swz
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\cacheSize.txt
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\F7536EF0D78A77B889EEBE98BF96BA5321A1FDE0.heu
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\F7536EF0D78A77B889EEBE98BF96BA5321A1FDE0.swz
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\FF56DCA4C4D6043F3D639EFF51BF9A2934B7456B.heu
c:\users\£n\AppData\Roaming\\Adobe\Flash Player\AssetCache\94UPTCD9\FF56DCA4C4D6043F3D639EFF51BF9A2934B7456B.swz
c:\users\£n\AppData\Roaming\\desktop.ini
c:\users\£n\AppData\Roaming\\DivX\DivX Player\Database.dat
c:\users\£n\AppData\Roaming\\DivX\DivX Player\DownloadQueue.dlq
c:\users\£n\AppData\Roaming\\DivX\DivX Stream Engine\v3.1\Font Cache
c:\users\£n\AppData\Roaming\\DivX\DivX Stream Engine\v3.1\Hardware Cache
c:\users\£n\AppData\Roaming\\DivX\Player\Media Library
c:\users\£n\AppData\Roaming\\DivX\TransferWizard\Devices
c:\users\£n\AppData\Roaming\\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
c:\users\£n\AppData\Roaming\\FrostWire\createtimes.cache
c:\users\£n\AppData\Roaming\\FrostWire\downloads.dat
c:\users\£n\AppData\Roaming\\FrostWire\fileurns.bak
c:\users\£n\AppData\Roaming\\FrostWire\fileurns.cache
c:\users\£n\AppData\Roaming\\FrostWire\filters.props
c:\users\£n\AppData\Roaming\\FrostWire\frostwire.props
c:\users\£n\AppData\Roaming\\FrostWire\gnutella.net
c:\users\£n\AppData\Roaming\\FrostWire\installation.props
c:\users\£n\AppData\Roaming\\FrostWire\intent.props
c:\users\£n\AppData\Roaming\\FrostWire\library.dat
c:\users\£n\AppData\Roaming\\FrostWire\mojito.props
c:\users\£n\AppData\Roaming\\FrostWire\questions.props
c:\users\£n\AppData\Roaming\\FrostWire\responses.cache
c:\users\£n\AppData\Roaming\\FrostWire\spam.dat
c:\users\£n\AppData\Roaming\\FrostWire\tables.props
c:\users\£n\AppData\Roaming\\FrostWire\themes\frostwirePro_theme.fwtp
c:\users\£n\AppData\Roaming\\FrostWire\themes\frostwirePro_theme\theme.txt
c:\users\£n\AppData\Roaming\\FrostWire\themes\frostwirePro_theme\version.txt
c:\users\£n\AppData\Roaming\\FrostWire\ttrees.cache
c:\users\£n\AppData\Roaming\\FrostWire\ttroot.cache
c:\users\£n\AppData\Roaming\\FrostWire\version.xml
c:\users\£n\AppData\Roaming\\FrostWire\xml\data\audio.sxml2
c:\users\£n\AppData\Roaming\\FrostWire\xml\data\video.sxml2
c:\users\£n\AppData\Roaming\\GDIPFONTCACHEV1.DAT
c:\users\£n\AppData\Roaming\\gtk-2.0\gtkfilechooser.ini
c:\users\£n\AppData\Roaming\\Identities\{000HQ7FF-AD7A-3FG4-US8E-26I93FV2MVVF}\xmlparse.dll
c:\users\£n\AppData\Roaming\\Identities\{000HQ7FF-AD7A-3FG4-US8E-26I93FV2MVVF}\zgt.lib
c:\users\£n\AppData\Roaming\\kcmdte.dat
c:\users\£n\AppData\Roaming\\LimeWire\active.mojito
c:\users\£n\AppData\Roaming\\LimeWire\browser\xul-v2.0b2.5-do-not-remove
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\branding.jar
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\classic.jar
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\comm.jar
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\alerts.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\appshell.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\auth.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\caps.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\chardet.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\chrome.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\composer.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\content_base.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\content_html.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\cookie.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\directory.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_range.xpt
17 Septembre 2010 02:07:59

aming\\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\downloads.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\editor.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\extensions.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\feeds.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\find.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\gfx.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\inspector.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\intl.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\jar.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\locale.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\necko.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\oji.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\pipboot.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\pipnss.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\pippki.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\pippki.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\places.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\plugin.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\pref.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\profile.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\rdf.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\satchel.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\shistory.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\storage.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\transformiix.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\uconv.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\update.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\widget.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\windowds.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\xulutil.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\crashreporter.exe
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\crashreporter.ini
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\dependentlibs.list
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\freebl3.chk
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\freebl3.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\greprefs\all.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\javaxpcom.jar
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\js3250.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\LICENSE
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\modules\debug.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
17 Septembre 2010 02:09:25

aming\\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\modules\Microformats.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\modules\utils.js
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\mozctl.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\mozctlx.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\msvcr71.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\nspr4.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\nss3.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\nssckbi.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\nssdbm3.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\nssutil3.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\platform.ini
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\plc4.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\plds4.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\README.txt
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\arrow.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\arrowd.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\broken-image.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\charsetData.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\contenteditable.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\designmode.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\forms.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\grabber.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\html.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\html\folder.png
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\langGroups.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\language.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\loading-image.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\mathml.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\quirk.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\svg.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\ua.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\viewsource.css
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\res\wincharset.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\smime3.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\softokn3.chk
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\softokn3.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\sqlite3.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\ssl3.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\updater.exe
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\version.properties
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\xpcom.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\xpcshell.exe
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\xpicleanup.exe
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\xpidl.exe
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\xpt_dump.exe
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\xpt_link.exe
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\xul.dll
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\users\£n\AppData\Roaming\\LimeWire\browser\xulrunner\xulrunner.exe
c:\users\£n\AppData\Roaming\\LimeWire\certificate\limewire.keystore
c:\users\£n\AppData\Roaming\\LimeWire\createtimes.cache
c:\users\£n\AppData\Roaming\\LimeWire\downloads.dat
c:\users\£n\AppData\Roaming\\LimeWire\fileurns.cache
c:\users\£n\AppData\Roaming\\LimeWire\gnutella.net
c:\users\£n\AppData\Roaming\\LimeWire\installation.props
c:\users\£n\AppData\Roaming\\LimeWire\library.dat
c:\users\£n\AppData\Roaming\\LimeWire\library5.dat
c:\users\£n\AppData\Roaming\\LimeWire\limewire.props
c:\users\£n\AppData\Roaming\\LimeWire\lock
c:\users\£n\AppData\Roaming\\LimeWire\mojito.props
c:\users\£n\AppData\Roaming\\LimeWire\passive.mojito
c:\users\£n\AppData\Roaming\\LimeWire\player.props
c:\users\£n\AppData\Roaming\\LimeWire\promotion\promodb.backup
c:\users\£n\AppData\Roaming\\LimeWire\promotion\promodb.data
c:\users\£n\AppData\Roaming\\LimeWire\promotion\promodb.properties
c:\users\£n\AppData\Roaming\\LimeWire\promotion\promodb.script
c:\users\£n\AppData\Roaming\\LimeWire\questions.props
c:\users\£n\AppData\Roaming\\LimeWire\responses.cache
c:\users\£n\AppData\Roaming\\LimeWire\restaccess.txt
c:\users\£n\AppData\Roaming\\LimeWire\simpp.cert
c:\users\£n\AppData\Roaming\\LimeWire\simpp.xml
c:\users\£n\AppData\Roaming\\LimeWire\spam.dat
c:\users\£n\AppData\Roaming\\LimeWire\tables.props
c:\users\£n\AppData\Roaming\\LimeWire\ttdata.cache
c:\users\£n\AppData\Roaming\\LimeWire\ttroot.cache
c:\users\£n\AppData\Roaming\\LimeWire\update.cert
c:\users\£n\AppData\Roaming\\LimeWire\urns.dat
c:\users\£n\AppData\Roaming\\LimeWire\version.xml
c:\users\£n\AppData\Roaming\\LimeWire\versions.props
c:\users\£n\AppData\Roaming\\LimeWire\xml\data\audio.sxml3
c:\users\£n\AppData\Roaming\\LimeWire\xml\data\video.sxml3
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\#SharedObjects\HT3N9MES\c0481431.cdn.cloudfiles.rackspacecloud.com\analytics.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\#SharedObjects\HT3N9MES\c0481431.cdn.cloudfiles.rackspacecloud.com\buddypokestats.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\#SharedObjects\HT3N9MES\flash.quantserve.com\com.quantserve.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\#SharedObjects\HT3N9MES\inplay.tubemogul.com\InPlayInfo.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\#SharedObjects\HT3N9MES\mw.50cubes.com\analytics.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\#SharedObjects\HT3N9MES\mw.50cubes.com\sandbox\Main.swf\mallworldSettings.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\#SharedObjects\HT3N9MES\rainbowx.mythings.com\mt_cookie.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\#SharedObjects\HT3N9MES\s.ytimg.com\soundData.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\#SharedObjects\HT3N9MES\s.ytimg.com\videostats.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\#SharedObjects\HT3N9MES\www.dailymotion.com\analytics.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\#SharedObjects\HT3N9MES\www.dailymotion.com\player.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\#SharedObjects\HT3N9MES\www.ludokado.com\jeux-arcade\Server_v5.swf\game_oracle.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#c0481431.cdn.cloudfiles.rackspacecloud.com\settings.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com\settings.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#inplay.tubemogul.com\settings.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mw.50cubes.com\settings.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#rainbowx.mythings.com\settings.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com\settings.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.dailymotion.com\settings.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.ludokado.com\settings.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.wat.tv\settings.sol
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
17 Septembre 2010 02:22:34

c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\digest.s
c:\users\£n\AppData\Roaming\\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
c:\users\£n\AppData\Roaming\\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-09-03 (13-27-03).txt
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\Alert.wav
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\Alert.xml
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\away.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\background.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\busy.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\close.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\close_hover.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\close_sel.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\display_picture_frame.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\display_picture_frame_available.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\display_picture_frame_away.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\display_picture_frame_busy.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\DO NOT DELETE THIS DIRECTORY OR ITS CONTENTS
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\facebook.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\move.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\move_hover.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\move_sel.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\offline.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\online.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\pin.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\pin_hover.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\pin_sel.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\pinned.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\pinned_hover.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\pinned_sel.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Alert Skins\Default\preview.png
c:\users\£n\AppData\Roaming\\MessengerDiscovery 2\Settings.xml
c:\users\£n\AppData\Roaming\\Microsoft\Épreuve\PERSO.DIC
c:\users\£n\AppData\Roaming\\Microsoft\Crypto\RSA\S-1-5-21-569108941-3654211372-3041866391-1000\6b29ae44e85efac3c72ff4d1865d73f1_0b3bb64b-8313-4371-8251-29e5890e04de
c:\users\£n\AppData\Roaming\\Microsoft\Crypto\RSA\S-1-5-21-569108941-3654211372-3041866391-1000\83aa4cc77f591dfc2374580bbd95f6ba_0b3bb64b-8313-4371-8251-29e5890e04de
c:\users\£n\AppData\Roaming\\Microsoft\Crypto\RSA\S-1-5-21-569108941-3654211372-3041866391-1000\a64731a25811fa88f16bf243447fbb69_0b3bb64b-8313-4371-8251-29e5890e04de
c:\users\£n\AppData\Roaming\\Microsoft\Crypto\RSA\S-1-5-21-569108941-3654211372-3041866391-1000\c0fa18b4e620109c616d4acdcda15310_0b3bb64b-8313-4371-8251-29e5890e04de
c:\users\£n\AppData\Roaming\\Microsoft\Crypto\RSA\S-1-5-21-569108941-3654211372-3041866391-1000\faa7e400bb6051e48e0d1a3370cabfa1_0b3bb64b-8313-4371-8251-29e5890e04de
c:\users\£n\AppData\Roaming\\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\Quick Launch\desktop.ini
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\Quick Launch\eBay.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\index.dat
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\58PA6N2X\pmocntr2[1].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\ps[1].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\ps[10].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\ps[11].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\ps[2].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\ps[3].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\ps[4].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\ps[5].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\ps[6].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\ps[7].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\ps[8].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\ps[9].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCA05IYEA.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCA2Z619S.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCA3W8TWA.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCA4935AI.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCA96MBWI.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCA9N3PKB.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAEJ7CTV.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAH2VIK7.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAIH48S3.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAIZYEK6.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAJRE0WM.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAKSAH57.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCANBQTAN.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAOX3250.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCASHALZR.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCATK6SFB.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAU1806P.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAV58KYK.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAX8KDWX.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAXK2EIA.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAY2S0II.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAY754G2.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAZHYARX.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\D31ESIA0\psCAZR88XB.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\index.dat
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\ps[1].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\ps[10].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\ps[11].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\ps[2].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\ps[3].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\ps[4].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\ps[5].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\ps[6].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\ps[7].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\ps[8].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\ps[9].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\psCAARW6RP.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\psCACBASTR.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\T323AADA\psCAVZ2OZZ.xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\WL272AOW\ps[1].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\WL272AOW\ps[2].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\WL272AOW\ps[3].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\WL272AOW\ps[4].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\WL272AOW\ps[5].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\WL272AOW\ps[6].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\WL272AOW\ps[7].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\WL272AOW\ps[8].xml
c:\users\£n\AppData\Roaming\\Microsoft\Internet Explorer\UserData\Low\WL272AOW\ps[9].xml
c:\users\£n\AppData\Roaming\\Microsoft\Modèles\~$Normal.dot
c:\users\£n\AppData\Roaming\\Microsoft\Modèles\Normal.dot
c:\users\£n\AppData\Roaming\\Microsoft\Office\fbc3FA0.tmp
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\5CG1LU7U.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\A LIRE EN ENTIER.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\Bureau.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\C h i ? ù ž.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\cocktails.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\Conneries Paris.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\CV 2010.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\Divers.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\Documents.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\explication.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\http.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\index.dat
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\Le chaton et la puce.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\Lettre de motivation.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\Mes fichiers reçus.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\Modèles.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\Normal.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\OHMYDOLLZ.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\PHOTO_MAGIQUE[1].lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\Rar$DI00.798.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\Rar$DI10.807.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\Fichiers récents\Z divers.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Office\MSO1025.acl
c:\users\£n\AppData\Roaming\\Microsoft\Office\MSO1031.acl
c:\users\£n\AppData\Roaming\\Microsoft\Office\MSO1033.acl
c:\users\£n\AppData\Roaming\\Microsoft\Office\MSO1036.acl
c:\users\£n\AppData\Roaming\\Microsoft\Office\MSO2057.acl
c:\users\£n\AppData\Roaming\\Microsoft\Office\Word10.pip
c:\users\£n\AppData\Roaming\\Microsoft\Office\Word12.pip


Euh... je vais aller poster la suite du rapport demain car je ne peux pasposter plusieurs réponse à la suite !!
bonne soirée :) 
17 Septembre 2010 14:32:04

c:\users\£n\AppData\Roaming\\Microsoft\Picture It! 9\piorg.db
c:\users\£n\AppData\Roaming\\Microsoft\Protect\CREDHIST
c:\users\£n\AppData\Roaming\\Microsoft\Protect\S-1-5-21-569108941-3654211372-3041866391-1000\66f937af-0a30-4536-9362-289d590ddf5b
c:\users\£n\AppData\Roaming\\Microsoft\Protect\S-1-5-21-569108941-3654211372-3041866391-1000\71aabef8-4295-4c36-99ad-083aaa4e8ec9
c:\users\£n\AppData\Roaming\\Microsoft\Protect\S-1-5-21-569108941-3654211372-3041866391-1000\ae84d73e-1127-45b6-a6b8-e7856a3aaf76
c:\users\£n\AppData\Roaming\\Microsoft\Protect\S-1-5-21-569108941-3654211372-3041866391-1000\f6fd92c2-c185-4f70-b1f5-f5fd89164a38
c:\users\£n\AppData\Roaming\\Microsoft\Protect\S-1-5-21-569108941-3654211372-3041866391-1000\Preferred
c:\users\£n\AppData\Roaming\\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\desktop.ini
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\index.dat
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\desktop.ini
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\index.dat
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@247realmedia[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@62.75.239[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@a2dfp[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@abmr[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ad.yieldmanager[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ad.zanox[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@adaos-ads[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@adbrite[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@adnext[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@adnxs[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ads.clicmanager[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ads.esport-interactive[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ads.horyzon-media[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ads.pubmatic[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@adslidango[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@adtech[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@advertising[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@advertstream[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@adviva[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@aimfar.solution.weborama[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@alenty[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@allocine[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@apmebf[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@apps.facebook[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@atdmt[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@auditude[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@auroredodo.skyrock[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@badoo[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@banquepopulaire2010.solution.weborama[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@bidsystem[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@bleepingcomputer[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@blondyblondy.skyrock[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@bluekai[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@bluestreak[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@bnpparibasnet.solution.weborama[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@boursoramabanque.solution.weborama[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@bouyguestelecom.solution.weborama[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@bs.serving-sys[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@c.msn[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@caradisiac[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@cas.criteo[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@cas.fr.eu.criteo[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@cetelem.solution.weborama[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@collective-media[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@content.yieldmanager[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@content.yieldmanager[3].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@contextweb[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@crazyandfunny630.skyrock[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@criteo[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@crowdscience[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@d1.openx[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@dailymotion[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@delivery.simplytechnology[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@displaymarketplace[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@doubleclick[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ebay[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@edt02[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@estat[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@eulerian[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@exelator[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@facebook[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@fastclick[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@fl01.ct2.comclick[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@fr.msn[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@freecause[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ftv-publicite[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@garnier2010.solution.weborama[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@gisi[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@google[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@google[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@google[3].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@h.live[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ikalan.skyrock[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@imageshack[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@imrworldwide[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@infos-du-net[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@intellitxt[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@invitemedia[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@king[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@lfstmedia[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@linternaute[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@live[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@login.live[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ludokado[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@mail.live[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@mathtag[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@media6degrees[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@mediaplex[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@meetic-partners[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@metaffiliation[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@metrixlablw.customers.luna[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@msn[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@msnportal.112.2o7[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@music-quizz[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@mw.50cubes[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@mythings[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@nexac[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@nspmotion[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@nxtck[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ohmydollz[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@openx[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@openx[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@pixel.rubiconproject[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@pogo[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@pubmatic[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@quantserve[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@rad.msn[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@reussissonsensemble[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ro-msnfr.fr.msn[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ru4[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@rubiconproject[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@samsung.solution.weborama[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@sc.admanager-xertive[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@scorecardresearch[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@securite.01net[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@serving-sys[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@simpli[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@simply[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@skyregie[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@skyrock[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@smart2.allocine[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@smartadserver[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@social.bidsystem[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@spir[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@struq[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@tag.admeld[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@tf1[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@track.effiliation[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@track.effiliation[3].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@tracking.publicidees[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@tradedoubler[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@tribalfusion[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@turn[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@user.lucidmedia[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@vdwp.solution.weborama[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@vii.nxtck[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@weborama[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ww381.smartadserver[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ww57.smartadserver[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@ww84.smartadserver[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@www.bleepingcomputer[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@www.dailymotion[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@www.leadium[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@www.ludokado[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@www.music-quizz[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@www.ohmydollz[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@www.simplicime[1].txt
17 Septembre 2010 14:43:18

c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@www.smartadserver[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@www2.adserverpub[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@www3.smartadserver[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@xiti[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@yahoo[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@youtube[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@yvessaintlaurentysl.solution.weborama[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\Low\£n@zanox[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@alenty[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@atdmt[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@banquepopulaire2010.solution.weborama[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@doubleclick[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@meetic-partners[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@messenger.msn[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@msn[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@notifier.avira[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@nspmotion[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@rad.msn[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@smartadserver[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@tradedoubler[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@weborama[1].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Cookies\£n@youtube[2].txt
c:\users\£n\AppData\Roaming\\Microsoft\Windows\IECompatCache\Low\index.dat
c:\users\£n\AppData\Roaming\\Microsoft\Windows\IETldCache\index.dat
c:\users\£n\AppData\Roaming\\Microsoft\Windows\IETldCache\Low\index.dat
c:\users\£n\AppData\Roaming\\Microsoft\Windows\PrivacIE\Low\index.dat
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Recent\desktop.ini
c:\users\£n\AppData\Roaming\\Microsoft\Windows\SendTo\Bluetooth File Transfer Wizard.LNK
c:\users\£n\AppData\Roaming\\Microsoft\Windows\SendTo\Compressed (zipped) Folder.ZFSendToTarget
c:\users\£n\AppData\Roaming\\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink
c:\users\£n\AppData\Roaming\\Microsoft\Windows\SendTo\Desktop.ini
c:\users\£n\AppData\Roaming\\Microsoft\Windows\SendTo\Documents.mydocs
c:\users\£n\AppData\Roaming\\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\desktop.ini
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Capturino V2\Capturino V2.0.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Capturino V2\Uninstall Capturino V2.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\desktop.ini
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Hardwood Solitaire III\Buy Online!.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Hardwood Solitaire III\Hardwood Solitaire III Safe Mode.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Hardwood Solitaire III\Play Hardwood Solitaire III DirectX.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Hardwood Solitaire III\Play Hardwood Solitaire III.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Hardwood Solitaire III\Silver Creek Website.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Hardwood Solitaire III\Uninstall Hardwood Solitaire III.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Zylom Games\Monopoly Here And Now\Monopoly Here And Now.lnk
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Zylom Games\Monopoly Here And Now\Plus de jeux.url
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Start Menu\Programs\Zylom Games\Monopoly Here And Now\Zylom - Have fun..url
c:\users\£n\AppData\Roaming\\Microsoft\Windows\Themes\Custom.theme
c:\users\£n\AppData\Roaming\\Nero\Nero8\Nero Burning ROM\NeroHistory.log
c:\users\£n\AppData\Roaming\\Nero\Nero8\Nero Burning ROM\UserImages.bmp
c:\users\£n\AppData\Roaming\\Nero\Nero8\Nero StartSmart\InFDataBurning.inf
c:\users\£n\AppData\Roaming\\Nero\Nero8\Nero StartSmart\NSSOptions.xml
c:\users\£n\AppData\Roaming\\Nero\Nero8\Nero StartSmart\QLApps.xml
c:\users\£n\AppData\Roaming\\Nero\Nero8\OnlineServices\FeedManager\Feeds.db
c:\users\£n\AppData\Roaming\\Nero\Nero8\OnlineServices\FeedManagerFacadeConfig.xml
c:\users\£n\AppData\Roaming\\Nero\Nero8\OnlineServices\registrationinfo.xml
c:\users\£n\AppData\Roaming\\Real\Msg\Category.dat
c:\users\£n\AppData\Roaming\\Real\Msg\Messages.dat
c:\users\£n\AppData\Roaming\\Real\Msg\SCategory.dat
c:\users\£n\AppData\Roaming\\Real\RealConverter\data\normal\state.ini
c:\users\£n\AppData\Roaming\\Real\RealConverter\RealConverter_1_0.xml
c:\users\£n\AppData\Roaming\\Real\RealPlayer\db\26.dat
c:\users\£n\AppData\Roaming\\Real\RealPlayer\db\Backup\000\000001.tmd
c:\users\£n\AppData\Roaming\\Real\RealPlayer\db\Backup\000\000002.tmd
c:\users\£n\AppData\Roaming\\Real\RealPlayer\db\Backup\iscomplete
c:\users\£n\AppData\Roaming\\Real\RealPlayer\db\CD.CDX
c:\users\£n\AppData\Roaming\\Real\RealPlayer\db\CD.DBF
c:\users\£n\AppData\Roaming\\Real\RealPlayer\db\CDTRAX.CDX
c:\users\£n\AppData\Roaming\\Real\RealPlayer\db\CDTRAX.DBF
c:\users\£n\AppData\Roaming\\Real\RealPlayer\db\dbdata.txt
c:\users\£n\AppData\Roaming\\Real\RealPlayer\db\listview.dat
c:\users\£n\AppData\Roaming\\Real\RealPlayer\db\PLAYGRPS.CDX
c:\users\£n\AppData\Roaming\\Real\RealPlayer\db\PLAYGRPS.DBF
c:\users\£n\AppData\Roaming\\Real\RealPlayer\db\PLAYLIST.CDX
c:\users\£n\AppData\Roaming\\Real\RealPlayer\db\PLAYLIST.DBF
c:\users\£n\AppData\Roaming\\Real\RealPlayer\db\PLAYLIST.FPT
c:\users\£n\AppData\Roaming\\Real\RealPlayer\db\PLAYTRAX.CDX
c:\users\£n\AppData\Roaming\\Real\RealPlayer\db\PLAYTRAX.DBF
c:\users\£n\AppData\Roaming\\Real\RealPlayer\db\TRACKS.DBF
c:\users\£n\AppData\Roaming\\Real\RealPlayer\db\TRACKS.FPT
c:\users\£n\AppData\Roaming\\Real\RealPlayer\db\TRACKS2.CDX
c:\users\£n\AppData\Roaming\\Real\RealPlayer\db\TRAKINFO.CDX
c:\users\£n\AppData\Roaming\\Real\RealPlayer\db\TRAKINFO.DBF
c:\users\£n\AppData\Roaming\\Real\RealPlayer\db\treestate.dat
c:\users\£n\AppData\Roaming\\Real\RealPlayer\db\version
c:\users\£n\AppData\Roaming\\Real\RealPlayer\DRM\rights.xml
c:\users\£n\AppData\Roaming\\Real\RealPlayer\ErrorLogs\CDBurning.log
c:\users\£n\AppData\Roaming\\Real\RealPlayer\ErrorLogs\DownloadMgr.log
c:\users\£n\AppData\Roaming\\Real\RealPlayer\ErrorLogs\GenDevices.log
c:\users\£n\AppData\Roaming\\Real\RealPlayer\ErrorLogs\pdgenctnomad.log
c:\users\£n\AppData\Roaming\\Real\RealPlayer\ErrorLogs\pdgenwmdm.log
c:\users\£n\AppData\Roaming\\Real\RealPlayer\Favorites\Pages Web\Film.com.lnk
c:\users\£n\AppData\Roaming\\Real\RealPlayer\Favorites\Pages Web\RealGames.lnk
c:\users\£n\AppData\Roaming\\Real\RealPlayer\Favorites\Pages Web\Zylom.com.lnk
c:\users\£n\AppData\Roaming\\Real\RealPlayer\Favorites\Radio\RealMusic.lnk
c:\users\£n\AppData\Roaming\\Real\RealPlayer\Favorites\Vidéos\Live TV News.lnk
c:\users\£n\AppData\Roaming\\Real\RealPlayer\Favorites\Vidéos\RealVideo.lnk
c:\users\£n\AppData\Roaming\\Real\RealPlayer\Favorites\Vidéos\Vidéos musicales.lnk
c:\users\£n\AppData\Roaming\\Real\RealPlayer\library\view.xml
c:\users\£n\AppData\Roaming\\Real\RealPlayer\skins\data\normal\imgcache.dat
c:\users\£n\AppData\Roaming\\Real\RealPlayer\skins\data\normal\state.ini
c:\users\£n\AppData\Roaming\\Real\RealPlayer\timecache0.ini
c:\users\£n\AppData\Roaming\\Real\RealPlayer\viz.ini
c:\users\£n\AppData\Roaming\\Real\rnadmin\rnsystem.dat
c:\users\£n\AppData\Roaming\\Real\Update\setup3.10\setup.exe
c:\users\£n\AppData\Roaming\\Real\Update\Update-log.txt
c:\users\£n\AppData\Roaming\\WinRAR\version.dat
c:\users\£n\AppData\Roaming\\wklnhst.dat
c:\users\£n\AppData\Roaming\\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
c:\users\£n\AppData\Roaming\\Zylom\ZylomGamesPlayer\nsIZylomPlugin.xpt
c:\users\£n\AppData\Roaming\\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\Ijl11.dll
c:\users\£n\AppData\Roaming\ . . . . impossible à supprimer

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_usnjsvc


((((((((((((((((((((((((((((( Fichiers créés du 2010-08-16 au 2010-09-16 ))))))))))))))))))))))))))))))))))))
.

2010-09-16 18:37 . 2010-09-16 18:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-15 21:52 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-15 21:52 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 21:52 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 21:52 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-09 18:38 . 2010-09-09 18:38 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-09 18:38 . 2010-09-09 18:38 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-08-30 01:23 . 2010-08-30 15:49 -------- d-----w- C:\LopSD$
2010-08-29 19:51 . 2010-09-08 18:14 -------- d-----w- c:\program files\trend micro
2010-08-29 19:51 . 2010-08-29 19:52 -------- d-----w- C:\rsit
2010-08-28 23:13 . 2010-09-09 18:34 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll
2010-08-28 23:13 . 2010-08-28 23:13 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-08-28 23:13 . 2010-08-28 23:13 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-08-28 23:13 . 2010-08-28 23:13 84063 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-08-28 23:13 . 2010-08-28 23:13 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-08-28 23:07 . 2010-09-09 18:34 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 18:38 . 2009-12-01 02:00 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-16 17:09 . 2008-05-23 00:03 679042 ----a-w- c:\windows\system32\perfh00C.dat
2010-09-16 17:09 . 2008-05-23 00:03 126626 ----a-w- c:\windows\system32\perfc00C.dat
2010-09-16 01:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-09 18:43 . 2010-05-12 03:10 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-09 18:38 . 2010-05-12 00:55 -------- d-----w- c:\programdata\DivX
2010-09-09 18:38 . 2009-11-23 02:09 -------- d-----w- c:\program files\DivX
2010-09-09 18:34 . 2010-08-16 22:43 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-09-09 18:34 . 2010-08-16 22:43 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-09-02 04:22 . 2009-11-23 04:27 -------- d-----w- c:\program files\CCleaner
2010-09-02 04:17 . 2009-11-23 05:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 22:43 . 2009-11-23 02:09 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-08-16 22:43 . 2010-08-16 22:43 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-08-16 22:43 . 2010-08-16 22:43 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-08-16 22:43 . 2010-08-16 22:43 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-08-16 22:43 . 2010-08-16 22:43 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-08-16 22:43 . 2010-08-16 22:43 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-08-16 22:42 . 2010-08-16 22:42 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-08-16 22:42 . 2010-08-16 22:42 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-08-16 22:42 . 2010-08-16 22:42 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-08-16 22:42 . 2010-08-16 22:42 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-08-16 22:42 . 2010-08-16 22:42 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-08-16 22:42 . 2010-08-16 22:42 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-08-16 22:42 . 2010-08-16 22:42 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-08-16 22:42 . 2010-08-16 22:42 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-08-16 21:27 . 2010-08-16 21:26 -------- d-----w- c:\program files\QuickTime
2010-08-16 21:26 . 2010-08-16 21:26 -------- d-----w- c:\programdata\Apple Computer
2010-08-14 23:51 . 2010-08-14 23:51 -------- d-----w- c:\program files\Common Files\Java
2010-08-10 22:16 . 2010-07-23 03:49 -------- d-----w- c:\program files\LimeWire
2010-08-09 03:25 . 2009-11-23 00:55 -------- d-----w- c:\program files\Messenger Plus! Live
2010-07-23 23:17 . 2010-07-23 03:37 -------- d-----w- c:\program files\Shareaza
2010-07-17 03:00 . 2010-04-28 03:14 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-26 06:05 . 2010-08-11 21:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 21:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-11 21:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-11 21:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe
17 Septembre 2010 15:00:30

2010-06-21 13:37 . 2010-08-11 21:42 2037760 ----a-w- c:\windows\system32\win32k.sys
2008-05-23 00:07 . 2008-05-23 00:07 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-01-14 1688872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-04 6265376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944]
"PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe" [2008-03-21 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2008-04-11 196608]
"PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe" [2008-03-31 172032]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-23 198160]
"Skytel"="Skytel.exe" [2008-08-04 1833504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\CyberLink\PlayMovie\000.fcl [2008-03-31 41456]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-11-22 108289]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 350720]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
Contenu du dossier 'Tâches planifiées'

2010-09-16 c:\windows\Tasks\Extension de garantie-£n.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-05-22 10:13]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-16 20:43
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Heure de fin: 2010-09-16 20:46:54 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-09-16 18:46

Avant-CF: 113 343 156 224 octets libres
Après-CF: 113 040 437 248 octets libres

- - End Of File - - E2A3157C7C3B522C169F4074FBBD8727
17 Septembre 2010 23:26:21

:hello: ,

comment va ta machine?

A+
19 Septembre 2010 13:03:05

Bonjour,

Et bien ca a l'air d'aller je pense, pas de problème visible :) 
19 Septembre 2010 14:02:29

Bonjour,

si tout est ok :

* Je te conseille de défragmenter ton PC.
* Il est fortement recommandé d' avoir tous ses logiciels à jour.
* Tu peux supprimer ceux que nous avons utilisés (fais démarrer>Exécuter puis tape ComboFix /uninstall>Ok, RSIT, Lop S&D2...) traitant d' infections spécifiques.
* Garde Malwarebytes' Anti-Malware.

-----------------------------------------------------------------------------------------------------------------------------------

Pour la sécurité de ton PC, prends quelques minutes pour lire :
http://www.infos-du-net.com/forum/275481-11-dossier-pre...

-----------------------------------------------------------------------------------------------------------------------------------

Dénonce stv ton infection en postant sur Malware-Complaints :

- Règles du forum : http://www.malwarecomplaints.info/viewtopic.php?t=5
- Enregistre-toi à l' aide du bouton Register
- Choisis I Agree to these terms and am over or exactly 13 years of age

Indique aussi le nom du forum qui t' a aidé, Idn.

-----------------------------------------------------------------------------------------------------------------------------------

Marque ton sujet en (Résolu).

;) 

A+
20 Septembre 2010 23:03:15

Bonsoir,

Tout sera fait !!
Et bien merci merci beaucoup pour toute l'aide apportée !! :) 

Bonne soirée :hello: 
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS