Se connecter / S'enregistrer
Votre question

Ordinateur infecté de virus !!! [ Resolu ]

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
12 Août 2010 14:19:56

Bonjours, voila mon problème avec malware je trouve pas mal de virus que avast ne trouve pas mais la aucun des 2 ne trouves quelque chose...
Mon problème est le suivant j'ai plein de page internet qui s'ouvre non stop j'en est 15 par minute environs puis elle se ferme toute seule car elle s'ouvre avec internet explorer or j'ai quitté internet explorer pour mozilla enfin de contrer ces pages... mais elle s'ouvre encore et toujours !!!

Voila j'en viens donc à me remettre a votre savoir pour espérer un peu d'aide :) 


Merci,

Autres pages sur : ordinateur infecte virus resolu

a b , Internet Explorer
14 Août 2010 14:01:05

Salut,

Désolé pour le retard, avec les vacances on est un peu moins pour aider.
On va essayer de voir ça.

  • Télécharge OTL (de OldTimer) sur ton Bureau.
  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.
  • Dans la section "Analyse des fichiers", "Âge du fichier", met 30 jours
  • Coche également les cases à côté de Recherche Lop et Recherche Purity.
  • Enfin, clique sur le bouton Analyse. Le scan ne prendra pas beaucoup de temps.
  • Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).

    Pour me transmettre les rapports :
  • Clique sur ce lien : http://www.cijoint.fr/
  • Clique sur Parcourir... et cherche le fichier du rapport que tu souhaites me transmettre.
  • Clique sur Ouvrir.
  • Clique sur Cliquez ici pour déposer le fichier.
  • Un lien de cette forme, hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt, est ajouté dans la page.
  • Copie-colle ce lien dans ta réponse.
    Contenus similaires
    a b , Internet Explorer
    16 Août 2010 00:46:23

    Bonsoir,

    Tu es super infecté !!

    1)
    Relance OTL.exe.

  • Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant (Ne le modifie pas):

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Documents and Settings\All Users\Application Data\ZinkSeek\zinkseek125.exe ()
    PRC - C:\Program Files\ZinkSeek\zinkseek.exe ()
    MOD - C:\Program Files\ZinkSeek\zinkseek.dll ()
    SRV - (toyylzvo) -- C:\WINDOWS\System32\jkuuprd.dll File not found
    SRV - (ZinkSeek Service) -- C:\Documents and Settings\All Users\Application Data\ZinkSeek\zinkseek125.exe ()
    FF - prefs.js..keyword.URL: "http://search.search-click.com/?sid=10101019100&s="
    FF - user.js..keyword.URL: "http://search.search-click.com/?sid=10101019100&s="
    [2010/08/11 15:38:04 | 000,000,000 | ---D | M] (ZinkSeek) -- C:\Program Files\Mozilla Firefox\extensions\{5625662B-83FA-4E4C-9A5D-9833DD2B31A3}
    O2 - BHO: (adfauohnpr Object) - {9F36F993-803C-4D8A-B748-ED4740B49163} - C:\WINDOWS\system32\kngcq.dll ()
    O2 - BHO: (no name) - {9FCC5E78-3F60-1DC5-4DF5-6BA5AEA1DAE6} - No CLSID value found.
    O2 - BHO: (brumauohngrm Object) - {CD0AD3C2-B691-47CA-A57A-B2CBDA4F2BD9} - C:\WINDOWS\system32\gngcq.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
    O4 - HKLM..\Run: [bipro] C:\WINDOWS\System32\kngcq.dll ()
    O4 - HKLM..\Run: [eorezo] File not found
    O4 - HKLM..\Run: [MChk] C:\WINDOWS\system32\xngcq.exe ()
    O4 - HKLM..\Run: [skb] File not found
    O4 - HKLM..\Run: [UserFaultCheck] File not found
    O4 - HKCU..\Run: [Kkevapoyowu] C:\WINDOWS\wcdsfv.DLL (CyberLink Corp.)
    O15 - HKCU\..Trusted Domains: //@signup.mar@ ([]money in My Computer)
    O15 - HKCU\..Trusted Domains: //@surf.mar@ ([]money in Local intranet)
    [2010/08/01 14:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Street-Ads
    [2010/08/01 14:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sky-Banners
    [2010/07/21 18:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\Street-Ads
    [2010/07/21 18:35:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\Sky-Banners
    [2010/07/21 18:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\ZinkSeek
    [2010/07/21 18:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ZinkSeek
    [2010/08/15 16:17:09 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat
    [2010/08/15 16:17:08 | 000,072,706 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe
    [2010/08/15 14:13:47 | 000,072,706 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe_
    [2010/08/04 07:00:16 | 000,247,296 | ---- | M] () -- C:\WINDOWS\System32\gngcq.dll
    [2010/08/04 06:59:58 | 000,294,912 | ---- | M] () -- C:\WINDOWS\System32\kngcq.dll
    [2010/07/30 18:45:05 | 000,000,228 | ---- | M] () -- C:\WINDOWS\System32\winset.ini
    [2010/07/21 18:36:20 | 000,049,639 | ---- | M] () -- C:\WINDOWS\System32\lxpkxvvgjepsnuf.exe
    [2010/07/30 18:35:25 | 000,000,228 | ---- | C] () -- C:\WINDOWS\System32\winset.ini
    [2010/07/21 18:34:50 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\Updater.job
    [2010/07/21 18:34:28 | 000,049,639 | ---- | C] () -- C:\WINDOWS\System32\lxpkxvvgjepsnuf.exe
    [2010/07/16 19:12:10 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
    [2010/06/17 07:56:14 | 000,310,784 | ---- | C] () -- C:\WINDOWS\System32\gnfiv.dll
    [2010/05/25 07:40:14 | 000,309,248 | ---- | C] () -- C:\WINDOWS\System32\sjyebahf.dll
    [2010/07/21 18:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZinkSeek
    [2010/03/07 14:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\eoRezo
    [2010/07/21 18:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Sky-Banners
    [2010/07/21 18:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Street-Ads


    :Services
    SRV - (toyylzvo) -- C:\WINDOWS\System32\jkuuprd.dll File not found
    toyylzvo
    SRV - (ZinkSeek Service) -- C:\Documents and Settings\All Users\Application Data\ZinkSeek\zinkseek125.exe ()
    ZinkSeek Service

    :Reg

    :Files
    C:\Program Files\ZinkSeek\
    C:\Documents and Settings\All Users\Application Data\ZinkSeek\
    C:\WINDOWS\tasks\At????.job


    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


  • Puis clique sur le bouton Correction en haut de la fenêtre.
  • Laisse le programme travailler, redémarre une fois le fix terminé.
  • Enfin, poste un nouveau log OTL (cette fois, ne coche pas les cases LOP Check et Purity).

    Note : Tu verras peut-être un log s'ouvrir après le fix (c'est le log qui montre si la suppression a réussi). Sauvegarde-le sur ton Bureau et poste-le avec le nouveau log OTL
    16 Août 2010 13:27:59

    Oui avec tous les problèmes que j'ai avec cet ordinateur j'imagine bien^^

    Voila ci dessous le log OTL :


    All processes killed
    ========== OTL ==========
    No active process named explorer.exe was found!
    No active process named zinkseek125.exe was found!
    No active process named zinkseek.exe was found!
    Service toyylzvo stopped successfully!
    Service toyylzvo deleted successfully!
    File C:\WINDOWS\System32\jkuuprd.dll File not found not found.
    Service ZinkSeek Service stopped successfully!
    Service ZinkSeek Service deleted successfully!
    C:\Documents and Settings\All Users\Application Data\ZinkSeek\zinkseek125.exe moved successfully.
    Prefs.js: "http://search.search-click.com/?sid=10101019100&s=" removed from keyword.URL
    C:\Documents and Settings\Raymond\Application Data\Mozilla\FireFox\Profiles\2xggzj84.default\user.js moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{5625662B-83FA-4E4C-9A5D-9833DD2B31A3}\defaults\preferences folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{5625662B-83FA-4E4C-9A5D-9833DD2B31A3}\defaults folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{5625662B-83FA-4E4C-9A5D-9833DD2B31A3}\chrome folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{5625662B-83FA-4E4C-9A5D-9833DD2B31A3} folder moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F36F993-803C-4D8A-B748-ED4740B49163}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F36F993-803C-4D8A-B748-ED4740B49163}\ deleted successfully.
    C:\WINDOWS\system32\kngcq.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FCC5E78-3F60-1DC5-4DF5-6BA5AEA1DAE6}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FCC5E78-3F60-1DC5-4DF5-6BA5AEA1DAE6}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD0AD3C2-B691-47CA-A57A-B2CBDA4F2BD9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD0AD3C2-B691-47CA-A57A-B2CBDA4F2BD9}\ deleted successfully.
    C:\WINDOWS\system32\gngcq.dll moved successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bipro deleted successfully.
    File C:\WINDOWS\System32\kngcq.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eorezo deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MChk deleted successfully.
    C:\WINDOWS\system32\xngcq.exe moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\skb deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Kkevapoyowu deleted successfully.
    C:\WINDOWS\wcdsfv.dll moved successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//@signup.mar@\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//@surf.mar@\ deleted successfully.
    C:\Documents and Settings\NetworkService\Application Data\Street-Ads\sta folder moved successfully.
    C:\Documents and Settings\NetworkService\Application Data\Street-Ads folder moved successfully.
    C:\Documents and Settings\NetworkService\Application Data\Sky-Banners\skb folder moved successfully.
    C:\Documents and Settings\NetworkService\Application Data\Sky-Banners folder moved successfully.
    C:\Documents and Settings\Raymond\Application Data\Street-Ads\sta folder moved successfully.
    C:\Documents and Settings\Raymond\Application Data\Street-Ads folder moved successfully.
    C:\Documents and Settings\Raymond\Application Data\Sky-Banners\skb folder moved successfully.
    C:\Documents and Settings\Raymond\Application Data\Sky-Banners folder moved successfully.
    C:\Program Files\ZinkSeek folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\ZinkSeek folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat moved successfully.
    C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe moved successfully.
    File C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe_ not found.
    File C:\WINDOWS\System32\gngcq.dll not found.
    File C:\WINDOWS\System32\kngcq.dll not found.
    C:\WINDOWS\system32\winset.ini moved successfully.
    C:\WINDOWS\system32\lxpkxvvgjepsnuf.exe moved successfully.
    File C:\WINDOWS\System32\winset.ini not found.
    C:\WINDOWS\tasks\Updater.job moved successfully.
    File C:\WINDOWS\System32\lxpkxvvgjepsnuf.exe not found.
    C:\WINDOWS\system32\iyvu9_32.dll moved successfully.
    C:\WINDOWS\system32\gnfiv.dll moved successfully.
    C:\WINDOWS\system32\sjyebahf.dll moved successfully.
    Folder C:\Documents and Settings\All Users\Application Data\ZinkSeek\ not found.
    C:\Documents and Settings\Raymond\Application Data\eoRezo\SoftwareUpdate\Software\itsTV\3.0.1.121 folder moved successfully.
    C:\Documents and Settings\Raymond\Application Data\eoRezo\SoftwareUpdate\Software\itsTV folder moved successfully.
    C:\Documents and Settings\Raymond\Application Data\eoRezo\SoftwareUpdate\Software folder moved successfully.
    C:\Documents and Settings\Raymond\Application Data\eoRezo\SoftwareUpdate\Download folder moved successfully.
    C:\Documents and Settings\Raymond\Application Data\eoRezo\SoftwareUpdate folder moved successfully.
    C:\Documents and Settings\Raymond\Application Data\eoRezo folder moved successfully.
    Folder C:\Documents and Settings\Raymond\Application Data\Sky-Banners\ not found.
    Folder C:\Documents and Settings\Raymond\Application Data\Street-Ads\ not found.
    ========== SERVICES/DRIVERS ==========
    Error: No service named SRV - (toyylzvo) -- C:\WINDOWS\System32\jkuuprd.dll File not found was found to stop!
    Service\Driver key SRV - (toyylzvo) -- C:\WINDOWS\System32\jkuuprd.dll File not found not found.
    Error: No service named toyylzvo was found to stop!
    Service\Driver key toyylzvo not found.
    Error: No service named SRV - (ZinkSeek Service) -- C:\Documents and Settings\All Users\Application Data\ZinkSeek\zinkseek125.exe () was found to stop!
    Service\Driver key SRV - (ZinkSeek Service) -- C:\Documents and Settings\All Users\Application Data\ZinkSeek\zinkseek125.exe () not found.
    Error: No service named ZinkSeek Service was found to stop!
    Service\Driver key ZinkSeek Service not found.
    ========== REGISTRY ==========
    ========== FILES ==========
    Folder C:\Program Files\ZinkSeek not found.
    Folder C:\Documents and Settings\All Users\Application Data\ZinkSeek not found.
    C:\WINDOWS\tasks\At1.job moved successfully.
    C:\WINDOWS\tasks\At10.job moved successfully.
    C:\WINDOWS\tasks\At100.job moved successfully.
    C:\WINDOWS\tasks\At1000.job moved successfully.
    C:\WINDOWS\tasks\At1001.job moved successfully.
    C:\WINDOWS\tasks\At1002.job moved successfully.
    C:\WINDOWS\tasks\At1003.job moved successfully.
    C:\WINDOWS\tasks\At1004.job moved successfully.
    C:\WINDOWS\tasks\At1005.job moved successfully.
    C:\WINDOWS\tasks\At1006.job moved successfully.
    C:\WINDOWS\tasks\At1007.job moved successfully.
    C:\WINDOWS\tasks\At1008.job moved successfully.
    C:\WINDOWS\tasks\At1009.job moved successfully.
    C:\WINDOWS\tasks\At101.job moved successfully.
    C:\WINDOWS\tasks\At1010.job moved successfully.
    C:\WINDOWS\tasks\At1011.job moved successfully.
    C:\WINDOWS\tasks\At1012.job moved successfully.
    C:\WINDOWS\tasks\At1013.job moved successfully.
    C:\WINDOWS\tasks\At1014.job moved successfully.
    C:\WINDOWS\tasks\At1015.job moved successfully.
    C:\WINDOWS\tasks\At1016.job moved successfully.
    C:\WINDOWS\tasks\At1017.job moved successfully.
    C:\WINDOWS\tasks\At1018.job moved successfully.
    C:\WINDOWS\tasks\At1019.job moved successfully.
    C:\WINDOWS\tasks\At102.job moved successfully.
    C:\WINDOWS\tasks\At1020.job moved successfully.
    C:\WINDOWS\tasks\At1021.job moved successfully.
    C:\WINDOWS\tasks\At1022.job moved successfully.
    C:\WINDOWS\tasks\At1023.job moved successfully.
    C:\WINDOWS\tasks\At1024.job moved successfully.
    C:\WINDOWS\tasks\At1025.job moved successfully.
    C:\WINDOWS\tasks\At1026.job moved successfully.
    C:\WINDOWS\tasks\At1027.job moved successfully.
    C:\WINDOWS\tasks\At1028.job moved successfully.
    C:\WINDOWS\tasks\At1029.job moved successfully.
    C:\WINDOWS\tasks\At103.job moved successfully.
    C:\WINDOWS\tasks\At1030.job moved successfully.
    C:\WINDOWS\tasks\At1031.job moved successfully.
    C:\WINDOWS\tasks\At1032.job moved successfully.
    C:\WINDOWS\tasks\At1033.job moved successfully.
    C:\WINDOWS\tasks\At1034.job moved successfully.
    C:\WINDOWS\tasks\At1035.job moved successfully.
    C:\WINDOWS\tasks\At1036.job moved successfully.
    C:\WINDOWS\tasks\At1037.job moved successfully.
    C:\WINDOWS\tasks\At1038.job moved successfully.
    C:\WINDOWS\tasks\At1039.job moved successfully.
    C:\WINDOWS\tasks\At104.job moved successfully.
    C:\WINDOWS\tasks\At1040.job moved successfully.
    C:\WINDOWS\tasks\At1041.job moved successfully.
    C:\WINDOWS\tasks\At1042.job moved successfully.
    C:\WINDOWS\tasks\At1043.job moved successfully.
    C:\WINDOWS\tasks\At1044.job moved successfully.
    C:\WINDOWS\tasks\At1045.job moved successfully.
    C:\WINDOWS\tasks\At1046.job moved successfully.
    C:\WINDOWS\tasks\At1047.job moved successfully.
    C:\WINDOWS\tasks\At1048.job moved successfully.
    C:\WINDOWS\tasks\At1049.job moved successfully.
    C:\WINDOWS\tasks\At105.job moved successfully.
    C:\WINDOWS\tasks\At1050.job moved successfully.
    C:\WINDOWS\tasks\At1051.job moved successfully.
    C:\WINDOWS\tasks\At1052.job moved successfully.
    C:\WINDOWS\tasks\At1053.job moved successfully.
    C:\WINDOWS\tasks\At1054.job moved successfully.
    C:\WINDOWS\tasks\At1055.job moved successfully.
    C:\WINDOWS\tasks\At1056.job moved successfully.
    C:\WINDOWS\tasks\At1057.job moved successfully.
    C:\WINDOWS\tasks\At1058.job moved successfully.
    C:\WINDOWS\tasks\At1059.job moved successfully.
    C:\WINDOWS\tasks\At106.job moved successfully.
    C:\WINDOWS\tasks\At1060.job moved successfully.
    C:\WINDOWS\tasks\At1061.job moved successfully.
    C:\WINDOWS\tasks\At1062.job moved successfully.
    C:\WINDOWS\tasks\At1063.job moved successfully.
    C:\WINDOWS\tasks\At1064.job moved successfully.
    C:\WINDOWS\tasks\At1065.job moved successfully.
    C:\WINDOWS\tasks\At1066.job moved successfully.
    C:\WINDOWS\tasks\At1067.job moved successfully.
    C:\WINDOWS\tasks\At1068.job moved successfully.
    C:\WINDOWS\tasks\At1069.job moved successfully.
    C:\WINDOWS\tasks\At107.job moved successfully.
    C:\WINDOWS\tasks\At1070.job moved successfully.
    C:\WINDOWS\tasks\At1071.job moved successfully.
    C:\WINDOWS\tasks\At1072.job moved successfully.
    C:\WINDOWS\tasks\At1073.job moved successfully.
    C:\WINDOWS\tasks\At1074.job moved successfully.
    C:\WINDOWS\tasks\At1075.job moved successfully.
    C:\WINDOWS\tasks\At1076.job moved successfully.
    C:\WINDOWS\tasks\At1077.job moved successfully.
    C:\WINDOWS\tasks\At1078.job moved successfully.
    C:\WINDOWS\tasks\At1079.job moved successfully.
    C:\WINDOWS\tasks\At108.job moved successfully.
    C:\WINDOWS\tasks\At1080.job moved successfully.
    C:\WINDOWS\tasks\At1081.job moved successfully.
    C:\WINDOWS\tasks\At1082.job moved successfully.
    C:\WINDOWS\tasks\At1083.job moved successfully.
    C:\WINDOWS\tasks\At1084.job moved successfully.
    C:\WINDOWS\tasks\At1085.job moved successfully.
    C:\WINDOWS\tasks\At1086.job moved successfully.
    C:\WINDOWS\tasks\At1087.job moved successfully.
    C:\WINDOWS\tasks\At1088.job moved successfully.
    C:\WINDOWS\tasks\At1089.job moved successfully.
    C:\WINDOWS\tasks\At109.job moved successfully.
    C:\WINDOWS\tasks\At1090.job moved successfully.
    C:\WINDOWS\tasks\At1091.job moved successfully.
    C:\WINDOWS\tasks\At1092.job moved successfully.
    C:\WINDOWS\tasks\At1093.job moved successfully.
    C:\WINDOWS\tasks\At1094.job moved successfully.
    C:\WINDOWS\tasks\At1095.job moved successfully.
    C:\WINDOWS\tasks\At1096.job moved successfully.
    C:\WINDOWS\tasks\At1097.job moved successfully.
    C:\WINDOWS\tasks\At1098.job moved successfully.
    C:\WINDOWS\tasks\At1099.job moved successfully.
    C:\WINDOWS\tasks\At11.job moved successfully.
    C:\WINDOWS\tasks\At110.job moved successfully.
    C:\WINDOWS\tasks\At1100.job moved successfully.
    C:\WINDOWS\tasks\At1101.job moved successfully.
    C:\WINDOWS\tasks\At1102.job moved successfully.
    C:\WINDOWS\tasks\At1103.job moved successfully.
    C:\WINDOWS\tasks\At1104.job moved successfully.
    C:\WINDOWS\tasks\At1105.job moved successfully.
    C:\WINDOWS\tasks\At1106.job moved successfully.
    C:\WINDOWS\tasks\At1107.job moved successfully.
    C:\WINDOWS\tasks\At1108.job moved successfully.
    C:\WINDOWS\tasks\At1109.job moved successfully.
    C:\WINDOWS\tasks\At111.job moved successfully.
    C:\WINDOWS\tasks\At1110.job moved successfully.
    C:\WINDOWS\tasks\At1111.job moved successfully.
    C:\WINDOWS\tasks\At1112.job moved successfully.
    C:\WINDOWS\tasks\At1113.job moved successfully.
    C:\WINDOWS\tasks\At1114.job moved successfully.
    C:\WINDOWS\tasks\At1115.job moved successfully.
    C:\WINDOWS\tasks\At1116.job moved successfully.
    C:\WINDOWS\tasks\At1117.job moved successfully.
    C:\WINDOWS\tasks\At1118.job moved successfully.
    C:\WINDOWS\tasks\At1119.job moved successfully.
    C:\WINDOWS\tasks\At112.job moved successfully.
    C:\WINDOWS\tasks\At1120.job moved successfully.
    C:\WINDOWS\tasks\At1121.job moved successfully.
    C:\WINDOWS\tasks\At1122.job moved successfully.
    C:\WINDOWS\tasks\At1123.job moved successfully.
    C:\WINDOWS\tasks\At1124.job moved successfully.
    C:\WINDOWS\tasks\At1125.job moved successfully.
    C:\WINDOWS\tasks\At1126.job moved successfully.
    C:\WINDOWS\tasks\At1127.job moved successfully.
    C:\WINDOWS\tasks\At1128.job moved successfully.
    C:\WINDOWS\tasks\At1129.job moved successfully.
    C:\WINDOWS\tasks\At113.job moved successfully.
    C:\WINDOWS\tasks\At1130.job moved successfully.
    C:\WINDOWS\tasks\At1131.job moved successfully.
    C:\WINDOWS\tasks\At1132.job moved successfully.
    C:\WINDOWS\tasks\At1133.job moved successfully.
    C:\WINDOWS\tasks\At1134.job moved successfully.
    C:\WINDOWS\tasks\At1135.job moved successfully.
    C:\WINDOWS\tasks\At1136.job moved successfully.
    C:\WINDOWS\tasks\At1137.job moved successfully.
    C:\WINDOWS\tasks\At1138.job moved successfully.
    C:\WINDOWS\tasks\At1139.job moved successfully.
    C:\WINDOWS\tasks\At114.job moved successfully.
    C:\WINDOWS\tasks\At1140.job moved successfully.
    C:\WINDOWS\tasks\At1141.job moved successfully.
    C:\WINDOWS\tasks\At1142.job moved successfully.
    C:\WINDOWS\tasks\At1143.job moved successfully.
    C:\WINDOWS\tasks\At1144.job moved successfully.
    C:\WINDOWS\tasks\At1145.job moved successfully.
    C:\WINDOWS\tasks\At1146.job moved successfully.
    C:\WINDOWS\tasks\At1147.job moved successfully.
    C:\WINDOWS\tasks\At1148.job moved successfully.
    C:\WINDOWS\tasks\At1149.job moved successfully.
    C:\WINDOWS\tasks\At115.job moved successfully.
    C:\WINDOWS\tasks\At1150.job moved successfully.
    C:\WINDOWS\tasks\At1151.job moved successfully.
    C:\WINDOWS\tasks\At1152.job moved successfully.
    C:\WINDOWS\tasks\At1153.job moved successfully.
    C:\WINDOWS\tasks\At1154.job moved successfully.
    C:\WINDOWS\tasks\At1155.job moved successfully.
    C:\WINDOWS\tasks\At1156.job moved successfully.
    C:\WINDOWS\tasks\At1157.job moved successfully.
    C:\WINDOWS\tasks\At1158.job moved successfully.
    C:\WINDOWS\tasks\At1159.job moved successfully.
    C:\WINDOWS\tasks\At116.job moved successfully.
    C:\WINDOWS\tasks\At1160.job moved successfully.
    C:\WINDOWS\tasks\At1161.job moved successfully.
    C:\WINDOWS\tasks\At1162.job moved successfully.
    C:\WINDOWS\tasks\At1163.job moved successfully.
    C:\WINDOWS\tasks\At1164.job moved successfully.
    C:\WINDOWS\tasks\At1165.job moved successfully.
    C:\WINDOWS\tasks\At1166.job moved successfully.
    C:\WINDOWS\tasks\At1167.job moved successfully.
    C:\WINDOWS\tasks\At1168.job moved successfully.
    C:\WINDOWS\tasks\At1169.job moved successfully.
    C:\WINDOWS\tasks\At117.job moved successfully.
    C:\WINDOWS\tasks\At1170.job moved successfully.
    C:\WINDOWS\tasks\At1171.job moved successfully.
    C:\WINDOWS\tasks\At1172.job moved successfully.
    C:\WINDOWS\tasks\At1173.job moved successfully.
    C:\WINDOWS\tasks\At1174.job moved successfully.
    C:\WINDOWS\tasks\At1175.job moved successfully.
    C:\WINDOWS\tasks\At1176.job moved successfully.
    C:\WINDOWS\tasks\At1177.job moved successfully.
    C:\WINDOWS\tasks\At1178.job moved successfully.
    C:\WINDOWS\tasks\At1179.job moved successfully.
    C:\WINDOWS\tasks\At118.job moved successfully.
    C:\WINDOWS\tasks\At1180.job moved successfully.
    C:\WINDOWS\tasks\At1181.job moved successfully.
    C:\WINDOWS\tasks\At1182.job moved successfully.
    C:\WINDOWS\tasks\At1183.job moved successfully.
    C:\WINDOWS\tasks\At1184.job moved successfully.
    C:\WINDOWS\tasks\At1185.job moved successfully.
    C:\WINDOWS\tasks\At1186.job moved successfully.
    C:\WINDOWS\tasks\At1187.job moved successfully.
    C:\WINDOWS\tasks\At1188.job moved successfully.
    C:\WINDOWS\tasks\At1189.job moved successfully.
    C:\WINDOWS\tasks\At119.job moved successfully.
    C:\WINDOWS\tasks\At1190.job moved successfully.
    C:\WINDOWS\tasks\At1191.job moved successfully.
    C:\WINDOWS\tasks\At1192.job moved successfully.
    C:\WINDOWS\tasks\At1193.job moved successfully.
    C:\WINDOWS\tasks\At1194.job moved successfully.
    C:\WINDOWS\tasks\At1195.job moved successfully.
    C:\WINDOWS\tasks\At1196.job moved successfully.
    C:\WINDOWS\tasks\At1197.job moved successfully.
    C:\WINDOWS\tasks\At1198.job moved successfully.
    C:\WINDOWS\tasks\At1199.job moved successfully.
    C:\WINDOWS\tasks\At12.job moved successfully.
    C:\WINDOWS\tasks\At120.job moved successfully.
    C:\WINDOWS\tasks\At1200.job moved successfully.
    C:\WINDOWS\tasks\At1201.job moved successfully.
    C:\WINDOWS\tasks\At1202.job moved successfully.
    C:\WINDOWS\tasks\At1203.job moved successfully.
    C:\WINDOWS\tasks\At1204.job moved successfully.
    C:\WINDOWS\tasks\At1205.job moved successfully.
    C:\WINDOWS\tasks\At1206.job moved successfully.
    C:\WINDOWS\tasks\At1207.job moved successfully.
    C:\WINDOWS\tasks\At1208.job moved successfully.
    C:\WINDOWS\tasks\At1209.job moved successfully.
    C:\WINDOWS\tasks\At121.job moved successfully.
    C:\WINDOWS\tasks\At1210.job moved successfully.
    C:\WINDOWS\tasks\At1211.job moved successfully.
    C:\WINDOWS\tasks\At1212.job moved successfully.
    C:\WINDOWS\tasks\At1213.job moved successfully.
    C:\WINDOWS\tasks\At1214.job moved successfully.
    C:\WINDOWS\tasks\At1215.job moved successfully.
    C:\WINDOWS\tasks\At1216.job moved successfully.
    C:\WINDOWS\tasks\At1217.job moved successfully.
    C:\WINDOWS\tasks\At1218.job moved successfully.
    C:\WINDOWS\tasks\At1219.job moved successfully.
    C:\WINDOWS\tasks\At122.job moved successfully.
    C:\WINDOWS\tasks\At1220.job moved successfully.
    C:\WINDOWS\tasks\At1221.job moved successfully.
    C:\WINDOWS\tasks\At1222.job moved successfully.
    C:\WINDOWS\tasks\At1223.job moved successfully.
    C:\WINDOWS\tasks\At1224.job moved successfully.
    C:\WINDOWS\tasks\At1225.job moved successfully.
    C:\WINDOWS\tasks\At1226.job moved successfully.
    C:\WINDOWS\tasks\At1227.job moved successfully.
    C:\WINDOWS\tasks\At1228.job moved successfully.
    C:\WINDOWS\tasks\At1229.job moved successfully.
    C:\WINDOWS\tasks\At123.job moved successfully.
    C:\WINDOWS\tasks\At1230.job moved successfully.
    C:\WINDOWS\tasks\At1231.job moved successfully.
    C:\WINDOWS\tasks\At1232.job moved successfully.
    C:\WINDOWS\tasks\At1233.job moved successfully.
    C:\WINDOWS\tasks\At1234.job moved successfully.
    C:\WINDOWS\tasks\At1235.job moved successfully.
    C:\WINDOWS\tasks\At1236.job moved successfully.
    C:\WINDOWS\tasks\At1237.job moved successfully.
    C:\WINDOWS\tasks\At1238.job moved successfully.
    C:\WINDOWS\tasks\At1239.job moved successfully.
    C:\WINDOWS\tasks\At124.job moved successfully.
    C:\WINDOWS\tasks\At1240.job moved successfully.
    C:\WINDOWS\tasks\At1241.job moved successfully.
    C:\WINDOWS\tasks\At1242.job moved successfully.
    C:\WINDOWS\tasks\At1243.job moved successfully.
    C:\WINDOWS\tasks\At1244.job moved successfully.
    C:\WINDOWS\tasks\At1245.job moved successfully.
    C:\WINDOWS\tasks\At1246.job moved successfully.
    C:\WINDOWS\tasks\At1247.job moved successfully.
    C:\WINDOWS\tasks\At1248.job moved successfully.
    C:\WINDOWS\tasks\At1249.job moved successfully.
    C:\WINDOWS\tasks\At125.job moved successfully.
    C:\WINDOWS\tasks\At1250.job moved successfully.
    C:\WINDOWS\tasks\At1251.job moved successfully.
    C:\WINDOWS\tasks\At1252.job moved successfully.
    C:\WINDOWS\tasks\At1253.job moved successfully.
    C:\WINDOWS\tasks\At1254.job moved successfully.
    C:\WINDOWS\tasks\At1255.job moved successfully.
    C:\WINDOWS\tasks\At1256.job moved successfully.
    C:\WINDOWS\tasks\At1257.job moved successfully.
    C:\WINDOWS\tasks\At1258.job moved successfully.
    C:\WINDOWS\tasks\At1259.job moved successfully.
    C:\WINDOWS\tasks\At126.job moved successfully.
    C:\WINDOWS\tasks\At1260.job moved successfully.
    C:\WINDOWS\tasks\At1261.job moved successfully.
    C:\WINDOWS\tasks\At1262.job moved successfully.
    C:\WINDOWS\tasks\At1263.job moved successfully.
    C:\WINDOWS\tasks\At1264.job moved successfully.
    C:\WINDOWS\tasks\At1265.job moved successfully.
    C:\WINDOWS\tasks\At1266.job moved successfully.
    C:\WINDOWS\tasks\At1267.job moved successfully.
    C:\WINDOWS\tasks\At1268.job moved successfully.
    C:\WINDOWS\tasks\At1269.job moved successfully.
    C:\WINDOWS\tasks\At127.job moved successfully.
    C:\WINDOWS\tasks\At1270.job moved successfully.
    C:\WINDOWS\tasks\At1271.job moved successfully.
    C:\WINDOWS\tasks\At1272.job moved successfully.
    C:\WINDOWS\tasks\At1273.job moved successfully.
    C:\WINDOWS\tasks\At1274.job moved successfully.
    C:\WINDOWS\tasks\At1275.job moved successfully.
    C:\WINDOWS\tasks\At1276.job moved successfully.
    C:\WINDOWS\tasks\At1277.job moved successfully.
    C:\WINDOWS\tasks\At1278.job moved successfully.
    C:\WINDOWS\tasks\At1279.job moved successfully.
    C:\WINDOWS\tasks\At128.job moved successfully.
    C:\WINDOWS\tasks\At1280.job moved successfully.
    C:\WINDOWS\tasks\At1281.job moved successfully.
    C:\WINDOWS\tasks\At1282.job moved successfully.
    C:\WINDOWS\tasks\At1283.job moved successfully.
    C:\WINDOWS\tasks\At1284.job moved successfully.
    C:\WINDOWS\tasks\At1285.job moved successfully.
    C:\WINDOWS\tasks\At1286.job moved successfully.
    C:\WINDOWS\tasks\At1287.job moved successfully.
    C:\WINDOWS\tasks\At1288.job moved successfully.
    C:\WINDOWS\tasks\At1289.job moved successfully.
    C:\WINDOWS\tasks\At129.job moved successfully.
    C:\WINDOWS\tasks\At1290.job moved successfully.
    C:\WINDOWS\tasks\At1291.job moved successfully.
    C:\WINDOWS\tasks\At1292.job moved successfully.
    C:\WINDOWS\tasks\At1293.job moved successfully.
    C:\WINDOWS\tasks\At1294.job moved successfully.
    C:\WINDOWS\tasks\At1295.job moved successfully.
    C:\WINDOWS\tasks\At1296.job moved successfully.
    C:\WINDOWS\tasks\At1297.job moved successfully.
    C:\WINDOWS\tasks\At1298.job moved successfully.
    C:\WINDOWS\tasks\At1299.job moved successfully.
    C:\WINDOWS\tasks\At13.job moved successfully.
    C:\WINDOWS\tasks\At130.job moved successfully.
    C:\WINDOWS\tasks\At1300.job moved successfully.
    C:\WINDOWS\tasks\At1301.job moved successfully.
    C:\WINDOWS\tasks\At1302.job moved successfully.
    C:\WINDOWS\tasks\At1303.job moved successfully.
    C:\WINDOWS\tasks\At1304.job moved successfully.
    C:\WINDOWS\tasks\At1305.job moved successfully.
    C:\WINDOWS\tasks\At1306.job moved successfully.
    C:\WINDOWS\tasks\At1307.job moved successfully.
    C:\WINDOWS\tasks\At1308.job moved successfully.
    C:\WINDOWS\tasks\At1309.job moved successfully.
    C:\WINDOWS\tasks\At131.job moved successfully.
    C:\WINDOWS\tasks\At1310.job moved successfully.
    C:\WINDOWS\tasks\At1311.job moved successfully.
    C:\WINDOWS\tasks\At1312.job moved successfully.
    C:\WINDOWS\tasks\At1313.job moved successfully.
    C:\WINDOWS\tasks\At1314.job moved successfully.
    C:\WINDOWS\tasks\At1315.job moved successfully.
    C:\WINDOWS\tasks\At1316.job moved successfully.
    C:\WINDOWS\tasks\At1317.job moved successfully.
    C:\WINDOWS\tasks\At1318.job moved successfully.
    C:\WINDOWS\tasks\At1319.job moved successfully.
    C:\WINDOWS\tasks\At132.job moved successfully.
    C:\WINDOWS\tasks\At1320.job moved successfully.
    C:\WINDOWS\tasks\At1321.job moved successfully.
    C:\WINDOWS\tasks\At1322.job moved successfully.
    C:\WINDOWS\tasks\At1323.job moved successfully.
    C:\WINDOWS\tasks\At1324.job moved successfully.
    C:\WINDOWS\tasks\At1325.job moved successfully.
    C:\WINDOWS\tasks\At1326.job moved successfully.
    C:\WINDOWS\tasks\At1327.job moved successfully.
    C:\WINDOWS\tasks\At1328.job moved successfully.
    C:\WINDOWS\tasks\At1329.job moved successfully.
    C:\WINDOWS\tasks\At133.job moved successfully.
    C:\WINDOWS\tasks\At1330.job moved successfully.
    C:\WINDOWS\tasks\At1331.job moved successfully.
    C:\WINDOWS\tasks\At1332.job moved successfully.
    C:\WINDOWS\tasks\At1333.job moved successfully.
    C:\WINDOWS\tasks\At1334.job moved successfully.
    C:\WINDOWS\tasks\At1335.job moved successfully.
    C:\WINDOWS\tasks\At1336.job moved successfully.
    C:\WINDOWS\tasks\At1337.job moved successfully.
    C:\WINDOWS\tasks\At1338.job moved successfully.
    C:\WINDOWS\tasks\At1339.job moved successfully.
    C:\WINDOWS\tasks\At134.job moved successfully.
    C:\WINDOWS\tasks\At1340.job moved successfully.
    C:\WINDOWS\tasks\At1341.job moved successfully.
    C:\WINDOWS\tasks\At1342.job moved successfully.
    C:\WINDOWS\tasks\At1343.job moved successfully.
    C:\WINDOWS\tasks\At1344.job moved successfully.
    C:\WINDOWS\tasks\At1345.job moved successfully.
    C:\WINDOWS\tasks\At1346.job moved successfully.
    C:\WINDOWS\tasks\At1347.job moved successfully.
    C:\WINDOWS\tasks\At1348.job moved successfully.
    C:\WINDOWS\tasks\At1349.job moved successfully.
    C:\WINDOWS\tasks\At135.job moved successfully.
    C:\WINDOWS\tasks\At1350.job moved successfully.
    C:\WINDOWS\tasks\At1351.job moved successfully.
    C:\WINDOWS\tasks\At1352.job moved successfully.
    C:\WINDOWS\tasks\At1353.job moved successfully.
    C:\WINDOWS\tasks\At1354.job moved successfully.
    C:\WINDOWS\tasks\At1355.job moved successfully.
    C:\WINDOWS\tasks\At1356.job moved successfully.
    C:\WINDOWS\tasks\At1357.job moved successfully.
    C:\WINDOWS\tasks\At1358.job moved successfully.
    C:\WINDOWS\tasks\At1359.job moved successfully.
    C:\WINDOWS\tasks\At136.job moved successfully.
    C:\WINDOWS\tasks\At1360.job moved successfully.
    C:\WINDOWS\tasks\At1361.job moved successfully.
    C:\WINDOWS\tasks\At1362.job moved successfully.
    C:\WINDOWS\tasks\At1363.job moved successfully.
    C:\WINDOWS\tasks\At1364.job moved successfully.
    C:\WINDOWS\tasks\At1365.job moved successfully.
    C:\WINDOWS\tasks\At1366.job moved successfully.
    C:\WINDOWS\tasks\At1367.job moved successfully.
    C:\WINDOWS\tasks\At1368.job moved successfully.
    C:\WINDOWS\tasks\At1369.job moved successfully.
    C:\WINDOWS\tasks\At137.job moved successfully.
    C:\WINDOWS\tasks\At1370.job moved successfully.
    C:\WINDOWS\tasks\At1371.job moved successfully.
    C:\WINDOWS\tasks\At1372.job moved successfully.
    C:\WINDOWS\tasks\At1373.job moved successfully.
    C:\WINDOWS\tasks\At1374.job moved successfully.
    C:\WINDOWS\tasks\At1375.job moved successfully.
    C:\WINDOWS\tasks\At1376.job moved successfully.
    C:\WINDOWS\tasks\At1377.job moved successfully.
    C:\WINDOWS\tasks\At1378.job moved successfully.
    C:\WINDOWS\tasks\At1379.job moved successfully.
    C:\WINDOWS\tasks\At138.job moved successfully.
    C:\WINDOWS\tasks\At1380.job moved successfully.
    C:\WINDOWS\tasks\At1381.job moved successfully.
    C:\WINDOWS\tasks\At1382.job moved successfully.
    C:\WINDOWS\tasks\At1383.job moved successfully.
    C:\WINDOWS\tasks\At1384.job moved successfully.
    C:\WINDOWS\tasks\At1385.job moved successfully.
    C:\WINDOWS\tasks\At1386.job moved successfully.
    C:\WINDOWS\tasks\At1387.job moved successfully.
    C:\WINDOWS\tasks\At1388.job moved successfully.
    C:\WINDOWS\tasks\At1389.job moved successfully.
    C:\WINDOWS\tasks\At139.job moved successfully.
    C:\WINDOWS\tasks\At1390.job moved successfully.
    C:\WINDOWS\tasks\At1391.job moved successfully.
    C:\WINDOWS\tasks\At1392.job moved successfully.
    C:\WINDOWS\tasks\At1393.job moved successfully.
    C:\WINDOWS\tasks\At1394.job moved successfully.
    C:\WINDOWS\tasks\At1395.job moved successfully.
    C:\WINDOWS\tasks\At1396.job moved successfully.
    C:\WINDOWS\tasks\At1397.job moved successfully.
    C:\WINDOWS\tasks\At1398.job moved successfully.
    C:\WINDOWS\tasks\At1399.job moved successfully.
    C:\WINDOWS\tasks\At14.job moved successfully.
    C:\WINDOWS\tasks\At140.job moved successfully.
    C:\WINDOWS\tasks\At1400.job moved successfully.
    C:\WINDOWS\tasks\At1401.job moved successfully.
    C:\WINDOWS\tasks\At1402.job moved successfully.
    C:\WINDOWS\tasks\At1403.job moved successfully.
    C:\WINDOWS\tasks\At1404.job moved successfully.
    C:\WINDOWS\tasks\At1405.job moved successfully.
    C:\WINDOWS\tasks\At1406.job moved successfully.
    C:\WINDOWS\tasks\At1407.job moved successfully.
    C:\WINDOWS\tasks\At1408.job moved successfully.
    C:\WINDOWS\tasks\At1409.job moved successfully.
    C:\WINDOWS\tasks\At141.job moved successfully.
    C:\WINDOWS\tasks\At1410.job moved successfully.
    C:\WINDOWS\tasks\At1411.job moved successfully.
    C:\WINDOWS\tasks\At1412.job moved successfully.
    C:\WINDOWS\tasks\At1413.job moved successfully.
    C:\WINDOWS\tasks\At1414.job moved successfully.
    C:\WINDOWS\tasks\At1415.job moved successfully.
    C:\WINDOWS\tasks\At1416.job moved successfully.
    C:\WINDOWS\tasks\At1417.job moved successfully.
    C:\WINDOWS\tasks\At1418.job moved successfully.
    C:\WINDOWS\tasks\At1419.job moved successfully.
    C:\WINDOWS\tasks\At142.job moved successfully.
    C:\WINDOWS\tasks\At1420.job moved successfully.
    C:\WINDOWS\tasks\At1421.job moved successfully.
    C:\WINDOWS\tasks\At1422.job moved successfully.
    C:\WINDOWS\tasks\At1423.job moved successfully.
    C:\WINDOWS\tasks\At1424.job moved successfully.
    C:\WINDOWS\tasks\At1425.job moved successfully.
    C:\WINDOWS\tasks\At1426.job moved successfully.
    C:\WINDOWS\tasks\At1427.job moved successfully.
    C:\WINDOWS\tasks\At1428.job moved successfully.
    C:\WINDOWS\tasks\At1429.job moved successfully.
    C:\WINDOWS\tasks\At143.job moved successfully.
    C:\WINDOWS\tasks\At1430.job moved successfully.
    C:\WINDOWS\tasks\At1431.job moved successfully.
    C:\WINDOWS\tasks\At1432.job moved successfully.
    C:\WINDOWS\tasks\At1433.job moved successfully.
    C:\WINDOWS\tasks\At1434.job moved successfully.
    C:\WINDOWS\tasks\At1435.job moved successfully.
    C:\WINDOWS\tasks\At1436.job moved successfully.
    C:\WINDOWS\tasks\At1437.job moved successfully.
    C:\WINDOWS\tasks\At1438.job moved successfully.
    C:\WINDOWS\tasks\At1439.job moved successfully.
    C:\WINDOWS\tasks\At144.job moved successfully.
    C:\WINDOWS\tasks\At1440.job moved successfully.
    C:\WINDOWS\tasks\At1441.job moved successfully.
    C:\WINDOWS\tasks\At1442.job moved successfully.
    C:\WINDOWS\tasks\At1443.job moved successfully.
    C:\WINDOWS\tasks\At1444.job moved successfully.
    C:\WINDOWS\tasks\At1445.job moved successfully.
    C:\WINDOWS\tasks\At1446.job moved successfully.
    C:\WINDOWS\tasks\At1447.job moved successfully.
    C:\WINDOWS\tasks\At1448.job moved successfully.
    C:\WINDOWS\tasks\At1449.job moved successfully.
    C:\WINDOWS\tasks\At145.job moved successfully.
    C:\WINDOWS\tasks\At1450.job moved successfully.
    C:\WINDOWS\tasks\At1451.job moved successfully.
    C:\WINDOWS\tasks\At1452.job moved successfully.
    C:\WINDOWS\tasks\At1453.job moved successfully.
    C:\WINDOWS\tasks\At1454.job moved successfully.
    C:\WINDOWS\tasks\At1455.job moved successfully.
    C:\WINDOWS\tasks\At1456.job moved successfully.
    C:\WINDOWS\tasks\At1457.job moved successfully.
    C:\WINDOWS\tasks\At1458.job moved successfully.
    C:\WINDOWS\tasks\At1459.job moved successfully.
    C:\WINDOWS\tasks\At146.job moved successfully.
    C:\WINDOWS\tasks\At1460.job moved successfully.
    C:\WINDOWS\tasks\At1461.job moved successfully.
    C:\WINDOWS\tasks\At1462.job moved successfully.
    C:\WINDOWS\tasks\At1463.job moved successfully.
    C:\WINDOWS\tasks\At1464.job moved successfully.
    C:\WINDOWS\tasks\At1465.job moved successfully.
    C:\WINDOWS\tasks\At1466.job moved successfully.
    C:\WINDOWS\tasks\At1467.job moved successfully.
    C:\WINDOWS\tasks\At1468.job moved successfully.
    C:\WINDOWS\tasks\At1469.job moved successfully.
    C:\WINDOWS\tasks\At147.job moved successfully.
    C:\WINDOWS\tasks\At1470.job moved successfully.
    C:\WINDOWS\tasks\At1471.job moved successfully.
    C:\WINDOWS\tasks\At1472.job moved successfully.
    C:\WINDOWS\tasks\At1473.job moved successfully.
    C:\WINDOWS\tasks\At1474.job moved successfully.
    C:\WINDOWS\tasks\At1475.job moved successfully.
    C:\WINDOWS\tasks\At1476.job moved successfully.
    C:\WINDOWS\tasks\At1477.job moved successfully.
    C:\WINDOWS\tasks\At1478.job moved successfully.
    C:\WINDOWS\tasks\At1479.job moved successfully.
    C:\WINDOWS\tasks\At148.job moved successfully.
    C:\WINDOWS\tasks\At1480.job moved successfully.
    C:\WINDOWS\tasks\At1481.job moved successfully.
    C:\WINDOWS\tasks\At1482.job moved successfully.
    C:\WINDOWS\tasks\At1483.job moved successfully.
    C:\WINDOWS\tasks\At1484.job moved successfully.
    C:\WINDOWS\tasks\At1485.job moved successfully.
    C:\WINDOWS\tasks\At1486.job moved successfully.
    C:\WINDOWS\tasks\At1487.job moved successfully.
    C:\WINDOWS\tasks\At1488.job moved successfully.
    C:\WINDOWS\tasks\At1489.job moved successfully.
    C:\WINDOWS\tasks\At149.job moved successfully.
    C:\WINDOWS\tasks\At1490.job moved successfully.
    C:\WINDOWS\tasks\At1491.job moved successfully.
    C:\WINDOWS\tasks\At1492.job moved successfully.
    C:\WINDOWS\tasks\At1493.job moved successfully.
    C:\WINDOWS\tasks\At1494.job moved successfully.
    C:\WINDOWS\tasks\At1495.job moved successfully.
    C:\WINDOWS\tasks\At1496.job moved successfully.
    C:\WINDOWS\tasks\At1497.job moved successfully.
    C:\WINDOWS\tasks\At1498.job moved successfully.
    C:\WINDOWS\tasks\At1499.job moved successfully.
    C:\WINDOWS\tasks\At15.job moved successfully.
    C:\WINDOWS\tasks\At150.job moved successfully.
    C:\WINDOWS\tasks\At1500.job moved successfully.
    C:\WINDOWS\tasks\At1501.job moved successfully.
    C:\WINDOWS\tasks\At1502.job moved successfully.
    C:\WINDOWS\tasks\At1503.job moved successfully.
    C:\WINDOWS\tasks\At1504.job moved successfully.
    C:\WINDOWS\tasks\At1505.job moved successfully.
    C:\WINDOWS\tasks\At1506.job moved successfully.
    C:\WINDOWS\tasks\At1507.job moved successfully.
    C:\WINDOWS\tasks\At1508.job moved successfully.
    C:\WINDOWS\tasks\At1509.job moved successfully.
    C:\WINDOWS\tasks\At151.job moved successfully.
    C:\WINDOWS\tasks\At1510.job moved successfully.
    C:\WINDOWS\tasks\At1511.job moved successfully.
    C:\WINDOWS\tasks\At1512.job moved successfully.
    C:\WINDOWS\tasks\At1513.job moved successfully.
    C:\WINDOWS\tasks\At1514.job moved successfully.
    C:\WINDOWS\tasks\At1515.job moved successfully.
    C:\WINDOWS\tasks\At1516.job moved successfully.
    C:\WINDOWS\tasks\At1517.job moved successfully.
    C:\WINDOWS\tasks\At1518.job moved successfully.
    C:\WINDOWS\tasks\At1519.job moved successfully.
    C:\WINDOWS\tasks\At152.job moved successfully.
    C:\WINDOWS\tasks\At1520.job moved successfully.
    C:\WINDOWS\tasks\At1521.job moved successfully.
    C:\WINDOWS\tasks\At1522.job moved successfully.
    C:\WINDOWS\tasks\At1523.job moved successfully.
    C:\WINDOWS\tasks\At1524.job moved successfully.
    C:\WINDOWS\tasks\At1525.job moved successfully.
    C:\WINDOWS\tasks\At1526.job moved successfully.
    C:\WINDOWS\tasks\At1527.job moved successfully.
    C:\WINDOWS\tasks\At1528.job moved successfully.
    C:\WINDOWS\tasks\At1529.job moved successfully.
    C:\WINDOWS\tasks\At153.job moved successfully.
    C:\WINDOWS\tasks\At1530.job moved successfully.
    C:\WINDOWS\tasks\At1531.job moved successfully.
    C:\WINDOWS\tasks\At1532.job moved successfully.
    C:\WINDOWS\tasks\At1533.job moved successfully.
    C:\WINDOWS\tasks\At1534.job moved successfully.
    C:\WINDOWS\tasks\At1535.job moved successfully.
    C:\WINDOWS\tasks\At1536.job moved successfully.
    C:\WINDOWS\tasks\At1537.job moved successfully.
    C:\WINDOWS\tasks\At1538.job moved successfully.
    C:\WINDOWS\tasks\At1539.job moved successfully.
    C:\WINDOWS\tasks\At154.job moved successfully.
    C:\WINDOWS\tasks\At1540.job moved successfully.
    C:\WINDOWS\tasks\At1541.job moved successfully.
    C:\WINDOWS\tasks\At1542.job moved successfully.
    C:\WINDOWS\tasks\At1543.job moved successfully.
    C:\WINDOWS\tasks\At1544.job moved successfully.
    C:\WINDOWS\tasks\At1545.job moved successfully.
    C:\WINDOWS\tasks\At1546.job moved successfully.
    C:\WINDOWS\tasks\At1547.job moved successfully.
    C:\WINDOWS\tasks\At1548.job moved successfully.
    C:\WINDOWS\tasks\At1549.job moved successfully.
    C:\WINDOWS\tasks\At155.job moved successfully.
    C:\WINDOWS\tasks\At1550.job moved successfully.
    C:\WINDOWS\tasks\At1551.job moved successfully.
    C:\WINDOWS\tasks\At1552.job moved successfully.
    C:\WINDOWS\tasks\At1553.job moved successfully.
    C:\WINDOWS\tasks\At1554.job moved successfully.
    C:\WINDOWS\tasks\At1555.job moved successfully.
    C:\WINDOWS\tasks\At1556.job moved successfully.
    C:\WINDOWS\tasks\At1557.job moved successfully.
    C:\WINDOWS\tasks\At1558.job moved successfully.
    C:\WINDOWS\tasks\At1559.job moved successfully.
    C:\WINDOWS\tasks\At156.job moved successfully.
    C:\WINDOWS\tasks\At1560.job moved successfully.
    C:\WINDOWS\tasks\At1561.job moved successfully.
    C:\WINDOWS\tasks\At1562.job moved successfully.
    C:\WINDOWS\tasks\At1563.job moved successfully.
    C:\WINDOWS\tasks\At1564.job moved successfully.
    C:\WINDOWS\tasks\At1565.job moved successfully.
    C:\WINDOWS\tasks\At1566.job moved successfully.
    C:\WINDOWS\tasks\At1567.job moved successfully.
    C:\WINDOWS\tasks\At1568.job moved successfully.
    C:\WINDOWS\tasks\At1569.job moved successfully.
    C:\WINDOWS\tasks\At157.job moved successfully.
    C:\WINDOWS\tasks\At1570.job moved successfully.
    C:\WINDOWS\tasks\At1571.job moved successfully.
    C:\WINDOWS\tasks\At1572.job moved successfully.
    C:\WINDOWS\tasks\At1573.job moved successfully.
    C:\WINDOWS\tasks\At1574.job moved successfully.
    C:\WINDOWS\tasks\At1575.job moved successfully.
    C:\WINDOWS\tasks\At1576.job moved successfully.
    C:\WINDOWS\tasks\At1577.job moved successfully.
    C:\WINDOWS\tasks\At1578.job moved successfully.
    C:\WINDOWS\tasks\At1579.job moved successfully.
    C:\WINDOWS\tasks\At158.job moved successfully.
    C:\WINDOWS\tasks\At1580.job moved successfully.
    C:\WINDOWS\tasks\At1581.job moved successfully.
    C:\WINDOWS\tasks\At1582.job moved successfully.
    C:\WINDOWS\tasks\At1583.job moved successfully.
    C:\WINDOWS\tasks\At1584.job moved successfully.
    C:\WINDOWS\tasks\At1585.job moved successfully.
    C:\WINDOWS\tasks\At1586.job moved successfully.
    C:\WINDOWS\tasks\At1587.job moved successfully.
    C:\WINDOWS\tasks\At1588.job moved successfully.
    C:\WINDOWS\tasks\At1589.job moved successfully.
    C:\WINDOWS\tasks\At159.job moved successfully.
    C:\WINDOWS\tasks\At1590.job moved successfully.
    C:\WINDOWS\tasks\At1591.job moved successfully.
    C:\WINDOWS\tasks\At1592.job moved successfully.
    C:\WINDOWS\tasks\At1593.job moved successfully.
    C:\WINDOWS\tasks\At1594.job moved successfully.
    C:\WINDOWS\tasks\At1595.job moved successfully.
    C:\WINDOWS\tasks\At1596.job moved successfully.
    C:\WINDOWS\tasks\At1597.job moved successfully.
    C:\WINDOWS\tasks\At1598.job moved successfully.
    C:\WINDOWS\tasks\At1599.job moved successfully.
    C:\WINDOWS\tasks\At16.job moved successfully.
    C:\WINDOWS\tasks\At160.job moved successfully.
    C:\WINDOWS\tasks\At1600.job moved successfully.
    C:\WINDOWS\tasks\At1601.job moved successfully.
    C:\WINDOWS\tasks\At1602.job moved successfully.
    C:\WINDOWS\tasks\At1603.job moved successfully.
    C:\WINDOWS\tasks\At1604.job moved successfully.
    C:\WINDOWS\tasks\At1605.job moved successfully.
    C:\WINDOWS\tasks\At1606.job moved successfully.
    C:\WINDOWS\tasks\At1607.job moved successfully.
    C:\WINDOWS\tasks\At1608.job moved successfully.
    C:\WINDOWS\tasks\At1609.job moved successfully.
    C:\WINDOWS\tasks\At161.job moved successfully.
    C:\WINDOWS\tasks\At1610.job moved successfully.
    C:\WINDOWS\tasks\At1611.job moved successfully.
    C:\WINDOWS\tasks\At1612.job moved successfully.
    C:\WINDOWS\tasks\At1613.job moved successfully.
    C:\WINDOWS\tasks\At1614.job moved successfully.
    C:\WINDOWS\tasks\At1615.job moved successfully.
    C:\WINDOWS\tasks\At1616.job moved successfully.
    C:\WINDOWS\tasks\At1617.job moved successfully.
    C:\WINDOWS\tasks\At1618.job moved successfully.
    C:\WINDOWS\tasks\At1619.job moved successfully.
    C:\WINDOWS\tasks\At162.job moved successfully.
    C:\WINDOWS\tasks\At1620.job moved successfully.
    C:\WINDOWS\tasks\At1621.job moved successfully.
    C:\WINDOWS\tasks\At1622.job moved successfully.
    C:\WINDOWS\tasks\At1623.job moved successfully.
    C:\WINDOWS\tasks\At1624.job moved successfully.
    C:\WINDOWS\tasks\At1625.job moved successfully.
    C:\WINDOWS\tasks\At1626.job moved successfully.
    C:\WINDOWS\tasks\At1627.job moved successfully.
    C:\WINDOWS\tasks\At1628.job moved successfully.
    C:\WINDOWS\tasks\At1629.job moved successfully.
    C:\WINDOWS\tasks\At163.job moved successfully.
    C:\WINDOWS\tasks\At1630.job moved successfully.
    C:\WINDOWS\tasks\At1631.job moved successfully.
    C:\WINDOWS\tasks\At1632.job moved successfully.
    C:\WINDOWS\tasks\At1633.job moved successfully.
    C:\WINDOWS\tasks\At1634.job moved successfully.
    C:\WINDOWS\tasks\At1635.job moved successfully.
    C:\WINDOWS\tasks\At1636.job moved successfully.
    C:\WINDOWS\tasks\At1637.job moved successfully.
    C:\WINDOWS\tasks\At1638.job moved successfully.
    C:\WINDOWS\tasks\At1639.job moved successfully.
    C:\WINDOWS\tasks\At164.job moved successfully.
    C:\WINDOWS\tasks\At1640.job moved successfully.
    C:\WINDOWS\tasks\At1641.job moved successfully.
    C:\WINDOWS\tasks\At1642.job moved successfully.
    C:\WINDOWS\tasks\At1643.job moved successfully.
    C:\WINDOWS\tasks\At1644.job moved successfully.
    C:\WINDOWS\tasks\At1645.job moved successfully.
    C:\WINDOWS\tasks\At1646.job moved successfully.
    C:\WINDOWS\tasks\At1647.job moved successfully.
    C:\WINDOWS\tasks\At1648.job moved successfully.
    C:\WINDOWS\tasks\At1649.job moved successfully.
    C:\WINDOWS\tasks\At165.job moved successfully.
    C:\WINDOWS\tasks\At1650.job moved successfully.
    C:\WINDOWS\tasks\At1651.job moved successfully.
    C:\WINDOWS\tasks\At1652.job moved successfully.
    C:\WINDOWS\tasks\At1653.job moved successfully.
    C:\WINDOWS\tasks\At1654.job moved successfully.
    C:\WINDOWS\tasks\At1655.job moved successfully.
    C:\WINDOWS\tasks\At1656.job moved successfully.
    C:\WINDOWS\tasks\At1657.job moved successfully.
    C:\WINDOWS\tasks\At1658.job moved successfully.
    C:\WINDOWS\tasks\At1659.job moved successfully.
    C:\WINDOWS\tasks\At166.job moved successfully.
    C:\WINDOWS\tasks\At1660.job moved successfully.
    C:\WINDOWS\tasks\At1661.job moved successfully.
    C:\WINDOWS\tasks\At1662.job moved successfully.
    C:\WINDOWS\tasks\At1663.job moved successfully.
    C:\WINDOWS\tasks\At1664.job moved successfully.
    C:\WINDOWS\tasks\At1665.job moved successfully.
    C:\WINDOWS\tasks\At1666.job moved successfully.
    C:\WINDOWS\tasks\At1667.job moved successfully.
    C:\WINDOWS\tasks\At1668.job moved successfully.
    C:\WINDOWS\tasks\At1669.job moved successfully.
    C:\WINDOWS\tasks\At167.job moved successfully.
    C:\WINDOWS\tasks\At1670.job moved successfully.
    C:\WINDOWS\tasks\At1671.job moved successfully.
    C:\WINDOWS\tasks\At1672.job moved successfully.
    C:\WINDOWS\tasks\At1673.job moved successfully.
    C:\WINDOWS\tasks\At1674.job moved successfully.
    C:\WINDOWS\tasks\At1675.job moved successfully.
    C:\WINDOWS\tasks\At1676.job moved successfully.
    C:\WINDOWS\tasks\At1677.job moved successfully.
    C:\WINDOWS\tasks\At1678.job moved successfully.
    C:\WINDOWS\tasks\At1679.job moved successfully.
    C:\WINDOWS\tasks\At168.job moved successfully.
    C:\WINDOWS\tasks\At1680.job moved successfully.
    C:\WINDOWS\tasks\At1681.job moved successfully.
    C:\WINDOWS\tasks\At1682.job moved successfully.
    C:\WINDOWS\tasks\At1683.job moved successfully.
    C:\WINDOWS\tasks\At1684.job moved successfully.
    C:\WINDOWS\tasks\At1685.job moved successfully.
    C:\WINDOWS\tasks\At1686.job moved successfully.
    C:\WINDOWS\tasks\At1687.job moved successfully.
    C:\WINDOWS\tasks\At1688.job moved successfully.
    C:\WINDOWS\tasks\At1689.job moved successfully.
    C:\WINDOWS\tasks\At169.job moved successfully.
    C:\WINDOWS\tasks\At1690.job moved successfully.
    C:\WINDOWS\tasks\At1691.job moved successfully.
    C:\WINDOWS\tasks\At1692.job moved successfully.
    C:\WINDOWS\tasks\At1693.job moved successfully.
    C:\WINDOWS\tasks\At1694.job moved successfully.
    C:\WINDOWS\tasks\At1695.job moved successfully.
    C:\WINDOWS\tasks\At1696.job moved successfully.
    C:\WINDOWS\tasks\At1697.job moved successfully.
    C:\WINDOWS\tasks\At1698.job moved successfully.
    C:\WINDOWS\tasks\At1699.job moved successfully.
    C:\WINDOWS\tasks\At17.job moved successfully.
    C:\WINDOWS\tasks\At170.job moved successfully.
    C:\WINDOWS\tasks\At1700.job moved successfully.
    C:\WINDOWS\tasks\At1701.job moved successfully.
    C:\WINDOWS\tasks\At1702.job moved successfully.
    C:\WINDOWS\tasks\At1703.job moved successfully.
    C:\WINDOWS\tasks\At1704.job moved successfully.
    C:\WINDOWS\tasks\At1705.job moved successfully.
    C:\WINDOWS\tasks\At1706.job moved successfully.
    C:\WINDOWS\tasks\At1707.job moved successfully.
    C:\WINDOWS\tasks\At1708.job moved successfully.
    C:\WINDOWS\tasks\At1709.job moved successfully.
    C:\WINDOWS\tasks\At171.job moved successfully.
    C:\WINDOWS\tasks\At1710.job moved successfully.
    C:\WINDOWS\tasks\At1711.job moved successfully.
    C:\WINDOWS\tasks\At1712.job moved successfully.
    C:\WINDOWS\tasks\At1713.job moved successfully.
    C:\WINDOWS\tasks\At1714.job moved successfully.
    C:\WINDOWS\tasks\At1715.job moved successfully.
    C:\WINDOWS\tasks\At1716.job moved successfully.
    C:\WINDOWS\tasks\At1717.job moved successfully.
    C:\WINDOWS\tasks\At1718.job moved successfully.
    C:\WINDOWS\tasks\At1719.job moved successfully.
    C:\WINDOWS\tasks\At172.job moved successfully.
    C:\WINDOWS\tasks\At1720.job moved successfully.
    C:\WINDOWS\tasks\At1721.job moved successfully.
    C:\WINDOWS\tasks\At1722.job moved successfully.
    C:\WINDOWS\tasks\At1723.job moved successfully.
    C:\WINDOWS\tasks\At1724.job moved successfully.
    C:\WINDOWS\tasks\At1725.job moved successfully.
    C:\WINDOWS\tasks\At1726.job moved successfully.
    C:\WINDOWS\tasks\At1727.job moved successfully.
    C:\WINDOWS\tasks\At1728.job moved successfully.
    C:\WINDOWS\tasks\At1729.job moved successfully.
    C:\WINDOWS\tasks\At173.job moved successfully.
    C:\WINDOWS\tasks\At1730.job moved successfully.
    C:\WINDOWS\tasks\At1731.job moved successfully.
    C:\WINDOWS\tasks\At1732.job moved successfully.
    C:\WINDOWS\tasks\At1733.job moved successfully.
    C:\WINDOWS\tasks\At1734.job moved successfully.
    C:\WINDOWS\tasks\At1735.job moved successfully.
    C:\WINDOWS\tasks\At1736.job moved successfully.
    C:\WINDOWS\tasks\At1737.job moved successfully.
    C:\WINDOWS\tasks\At1738.job moved successfully.
    C:\WINDOWS\tasks\At1739.job moved successfully.
    C:\WINDOWS\tasks\At174.job moved successfully.
    C:\WINDOWS\tasks\At1740.job moved successfully.
    C:\WINDOWS\tasks\At1741.job moved successfully.
    C:\WINDOWS\tasks\At1742.job moved successfully.
    C:\WINDOWS\tasks\At1743.job moved successfully.
    C:\WINDOWS\tasks\At1744.job moved successfully.
    C:\WINDOWS\tasks\At1745.job moved successfully.
    C:\WINDOWS\tasks\At1746.job moved successfully.
    C:\WINDOWS\tasks\At1747.job moved successfully.
    C:\WINDOWS\tasks\At1748.job moved successfully.
    C:\WINDOWS\tasks\At1749.job moved successfully.
    C:\WINDOWS\tasks\At175.job moved successfully.
    C:\WINDOWS\tasks\At1750.job moved successfully.
    C:\WINDOWS\tasks\At1751.job moved successfully.
    C:\WINDOWS\tasks\At1752.job moved successfully.
    C:\WINDOWS\tasks\At1753.job moved successfully.
    C:\WINDOWS\tasks\At1754.job moved successfully.
    C:\WINDOWS\tasks\At1755.job moved successfully.
    C:\WINDOWS\tasks\At1756.job moved successfully.
    C:\WINDOWS\tasks\At1757.job moved successfully.
    C:\WINDOWS\tasks\At1758.job moved successfully.
    C:\WINDOWS\tasks\At1759.job moved successfully.
    C:\WINDOWS\tasks\At176.job moved successfully.
    C:\WINDOWS\tasks\At1760.job moved successfully.
    C:\WINDOWS\tasks\At1761.job moved successfully.
    C:\WINDOWS\tasks\At1762.job moved successfully.
    C:\WINDOWS\tasks\At1763.job moved successfully.
    C:\WINDOWS\tasks\At1764.job moved successfully.
    C:\WINDOWS\tasks\At1765.job moved successfully.
    C:\WINDOWS\tasks\At1766.job moved successfully.
    C:\WINDOWS\tasks\At1767.job moved successfully.
    C:\WINDOWS\tasks\At1768.job moved successfully.
    C:\WINDOWS\tasks\At1769.job moved successfully.
    C:\WINDOWS\tasks\At177.job moved successfully.
    C:\WINDOWS\tasks\At1770.job moved successfully.
    C:\WINDOWS\tasks\At1771.job moved successfully.
    C:\WINDOWS\tasks\At1772.job moved successfully.
    C:\WINDOWS\tasks\At1773.job moved successfully.
    C:\WINDOWS\tasks\At1774.job moved successfully.
    C:\WINDOWS\tasks\At1775.job moved successfully.
    C:\WINDOWS\tasks\At1776.job moved successfully.
    C:\WINDOWS\tasks\At1777.job moved successfully.
    C:\WINDOWS\tasks\At1778.job moved successfully.
    C:\WINDOWS\tasks\At1779.job moved successfully.
    C:\WINDOWS\tasks\At178.job moved successfully.
    C:\WINDOWS\tasks\At1780.job moved successfully.
    C:\WINDOWS\tasks\At1781.job moved successfully.
    C:\WINDOWS\tasks\At1782.job moved successfully.
    C:\WINDOWS\tasks\At1783.job moved successfully.
    C:\WINDOWS\tasks\At1784.job moved successfully.
    C:\WINDOWS\tasks\At1785.job moved successfully.
    C:\WINDOWS\tasks\At1786.job moved successfully.
    C:\WINDOWS\tasks\At1787.job moved successfully.
    C:\WINDOWS\tasks\At1788.job moved successfully.
    C:\WINDOWS\tasks\At1789.job moved successfully.
    C:\WINDOWS\tasks\At179.job moved successfully.
    C:\WINDOWS\tasks\At1790.job moved successfully.
    C:\WINDOWS\tasks\At1791.job moved successfully.
    C:\WINDOWS\tasks\At1792.job moved successfully.
    C:\WINDOWS\tasks\At1793.job moved successfully.
    C:\WINDOWS\tasks\At1794.job moved successfully.
    C:\WINDOWS\tasks\At1795.job moved successfully.
    C:\WINDOWS\tasks\At1796.job moved successfully.
    C:\WINDOWS\tasks\At1797.job moved successfully.
    C:\WINDOWS\tasks\At1798.job moved successfully.
    C:\WINDOWS\tasks\At1799.job moved successfully.
    C:\WINDOWS\tasks\At18.job moved successfully.
    C:\WINDOWS\tasks\At180.job moved successfully.
    C:\WINDOWS\tasks\At1800.job moved successfully.
    C:\WINDOWS\tasks\At1801.job moved successfully.
    C:\WINDOWS\tasks\At1802.job moved successfully.
    C:\WINDOWS\tasks\At1803.job moved successfully.
    C:\WINDOWS\tasks\At1804.job moved successfully.
    C:\WINDOWS\tasks\At1805.job moved successfully.
    C:\WINDOWS\tasks\At1806.job moved successfully.
    C:\WINDOWS\tasks\At1807.job moved successfully.
    C:\WINDOWS\tasks\At1808.job moved successfully.
    C:\WINDOWS\tasks\At1809.job moved successfully.
    C:\WINDOWS\tasks\At181.job moved successfully.
    C:\WINDOWS\tasks\At1810.job moved successfully.
    C:\WINDOWS\tasks\At1811.job moved successfully.
    C:\WINDOWS\tasks\At1812.job moved successfully.
    C:\WINDOWS\tasks\At1813.job moved successfully.
    C:\WINDOWS\tasks\At1814.job moved successfully.
    C:\WINDOWS\tasks\At1815.job moved successfully.
    C:\WINDOWS\tasks\At1816.job moved successfully.
    C:\WINDOWS\tasks\At1817.job moved successfully.
    C:\WINDOWS\tasks\At1818.job moved successfully.
    C:\WINDOWS\tasks\At1819.job moved successfully.
    C:\WINDOWS\tasks\At182.job moved successfully.
    C:\WINDOWS\tasks\At1820.job moved successfully.
    C:\WINDOWS\tasks\At1821.job moved successfully.
    C:\WINDOWS\tasks\At1822.job moved successfully.
    C:\WINDOWS\tasks\At1823.job moved successfully.
    C:\WINDOWS\tasks\At1824.job moved successfully.
    C:\WINDOWS\tasks\At1825.job moved successfully.
    C:\WINDOWS\tasks\At1826.job moved successfully.
    C:\WINDOWS\tasks\At1827.job moved successfully.
    C:\WINDOWS\tasks\At1828.job moved successfully.
    C:\WINDOWS\tasks\At1829.job moved successfully.
    C:\WINDOWS\tasks\At183.job moved successfully.
    C:\WINDOWS\tasks\At1830.job moved successfully.
    C:\WINDOWS\tasks\At1831.job moved successfully.
    C:\WINDOWS\tasks\At1832.job moved successfully.
    C:\WINDOWS\tasks\At1833.job moved successfully.
    C:\WINDOWS\tasks\At1834.job moved successfully.
    C:\WINDOWS\tasks\At1835.job moved successfully.
    C:\WINDOWS\tasks\At1836.job moved successfully.
    C:\WINDOWS\tasks\At1837.job moved successfully.
    C:\WINDOWS\tasks\At1838.job moved successfully.
    C:\WINDOWS\tasks\At1839.job moved successfully.
    C:\WINDOWS\tasks\At184.job moved successfully.
    C:\WINDOWS\tasks\At1840.job moved successfully.
    C:\WINDOWS\tasks\At1841.job moved successfully.
    C:\WINDOWS\tasks\At1842.job moved successfully.
    C:\WINDOWS\tasks\At1843.job moved successfully.
    C:\WINDOWS\tasks\At1844.job moved successfully.
    C:\WINDOWS\tasks\At1845.job moved successfully.
    C:\WINDOWS\tasks\At1846.job moved successfully.
    C:\WINDOWS\tasks\At1847.job moved successfully.
    C:\WINDOWS\tasks\At1848.job moved successfully.
    C:\WINDOWS\tasks\At1849.job moved successfully.
    C:\WINDOWS\tasks\At185.job moved successfully.
    C:\WINDOWS\tasks\At1850.job moved successfully.
    C:\WINDOWS\tasks\At1851.job moved successfully.
    C:\WINDOWS\tasks\At1852.job moved successfully.
    C:\WINDOWS\tasks\At1853.job moved successfully.
    C:\WINDOWS\tasks\At1854.job moved successfully.
    C:\WINDOWS\tasks\At1855.job moved successfully.
    C:\WINDOWS\tasks\At1856.job moved successfully.
    C:\WINDOWS\tasks\At1857.job moved successfully.
    C:\WINDOWS\tasks\At1858.job moved successfully.
    C:\WINDOWS\tasks\At1859.job moved successfully.
    C:\WINDOWS\tasks\At186.job moved successfully.
    C:\WINDOWS\tasks\At1860.job moved successfully.
    C:\WINDOWS\tasks\At1861.job moved successfully.
    C:\WINDOWS\tasks\At1862.job moved successfully.
    C:\WINDOWS\tasks\At1863.job moved successfully.
    C:\WINDOWS\tasks\At1864.job moved successfully.
    C:\WINDOWS\tasks\At1865.job moved successfully.
    C:\WINDOWS\tasks\At1866.job moved successfully.
    C:\WINDOWS\tasks\At1867.job moved successfully.
    C:\WINDOWS\tasks\At1868.job moved successfully.
    C:\WINDOWS\tasks\At1869.job moved successfully.
    C:\WINDOWS\tasks\At187.job moved successfully.
    C:\WINDOWS\tasks\At1870.job moved successfully.
    C:\WINDOWS\tasks\At1871.job moved successfully.
    C:\WINDOWS\tasks\At1872.job moved successfully.
    C:\WINDOWS\tasks\At188.job moved successfully.
    C:\WINDOWS\tasks\At189.job moved successfully.
    C:\WINDOWS\tasks\At19.job moved successfully.
    C:\WINDOWS\tasks\At190.job moved successfully.
    C:\WINDOWS\tasks\At191.job moved successfully.
    C:\WINDOWS\tasks\At192.job moved successfully.
    C:\WINDOWS\tasks\At193.job moved successfully.
    C:\WINDOWS\tasks\At194.job moved successfully.
    C:\WINDOWS\tasks\At195.job moved successfully.
    C:\WINDOWS\tasks\At196.job moved successfully.
    C:\WINDOWS\tasks\At197.job moved successfully.
    C:\WINDOWS\tasks\At198.job moved successfully.
    C:\WINDOWS\tasks\At199.job moved successfully.
    C:\WINDOWS\tasks\At2.job moved successfully.
    C:\WINDOWS\tasks\At20.job moved successfully.
    C:\WINDOWS\tasks\At200.job moved successfully.
    C:\WINDOWS\tasks\At201.job moved successfully.
    C:\WINDOWS\tasks\At202.job moved successfully.
    C:\WINDOWS\tasks\At203.job moved successfully.
    C:\WINDOWS\tasks\At204.job moved successfully.
    C:\WINDOWS\tasks\At205.job moved successfully.
    C:\WINDOWS\tasks\At206.job moved successfully.
    C:\WINDOWS\tasks\At207.job moved successfully.
    C:\WINDOWS\tasks\At208.job moved successfully.
    C:\WINDOWS\tasks\At209.job moved successfully.
    C:\WINDOWS\tasks\At21.job moved successfully.
    C:\WINDOWS\tasks\At210.job moved successfully.
    C:\WINDOWS\tasks\At211.job moved successfully.
    C:\WINDOWS\tasks\At212.job moved successfully.
    C:\WINDOWS\tasks\At213.job moved successfully.
    C:\WINDOWS\tasks\At214.job moved successfully.
    C:\WINDOWS\tasks\At215.job moved successfully.
    C:\WINDOWS\tasks\At216.job moved successfully.
    C:\WINDOWS\tasks\At217.job moved successfully.
    C:\WINDOWS\tasks\At218.job moved successfully.
    C:\WINDOWS\tasks\At219.job moved successfully.
    C:\WINDOWS\tasks\At22.job moved successfully.
    C:\WINDOWS\tasks\At220.job moved successfully.
    C:\WINDOWS\tasks\At221.job moved successfully.
    C:\WINDOWS\tasks\At222.job moved successfully.
    C:\WINDOWS\tasks\At223.job moved successfully.
    C:\WINDOWS\tasks\At224.job moved successfully.
    C:\WINDOWS\tasks\At225.job moved successfully.
    C:\WINDOWS\tasks\At226.job moved successfully.
    C:\WINDOWS\tasks\At227.job moved successfully.
    C:\WINDOWS\tasks\At228.job moved successfully.
    C:\WINDOWS\tasks\At229.job moved successfully.
    C:\WINDOWS\tasks\At23.job moved successfully.
    C:\WINDOWS\tasks\At230.job moved successfully.
    C:\WINDOWS\tasks\At231.job moved successfully.
    C:\WINDOWS\tasks\At232.job moved successfully.
    C:\WINDOWS\tasks\At233.job moved successfully.
    C:\WINDOWS\tasks\At234.job moved successfully.
    C:\WINDOWS\tasks\At235.job moved successfully.
    C:\WINDOWS\tasks\At236.job moved successfully.
    C:\WINDOWS\tasks\At237.job moved successfully.
    C:\WINDOWS\tasks\At238.job moved successfully.
    C:\WINDOWS\tasks\At239.job moved successfully.
    C:\WINDOWS\tasks\At24.job moved successfully.
    C:\WINDOWS\tasks\At240.job moved successfully.
    C:\WINDOWS\tasks\At241.job moved successfully.
    C:\WINDOWS\tasks\At242.job moved successfully.
    C:\WINDOWS\tasks\At243.job moved successfully.
    C:\WINDOWS\tasks\At244.job moved successfully.
    C:\WINDOWS\tasks\At245.job moved successfully.
    C:\WINDOWS\tasks\At246.job moved successfully.
    C:\WINDOWS\tasks\At247.job moved successfully.
    C:\WINDOWS\tasks\At248.job moved successfully.
    C:\WINDOWS\tasks\At249.job moved successfully.
    C:\WINDOWS\tasks\At25.job moved successfully.
    C:\WINDOWS\tasks\At250.job moved successfully.
    C:\WINDOWS\tasks\At251.job moved successfully.
    C:\WINDOWS\tasks\At252.job moved successfully.
    C:\WINDOWS\tasks\At253.job moved successfully.
    C:\WINDOWS\tasks\At254.job moved successfully.
    C:\WINDOWS\tasks\At255.job moved successfully.
    C:\WINDOWS\tasks\At256.job moved successfully.
    C:\WINDOWS\tasks\At257.job moved successfully.
    C:\WINDOWS\tasks\At258.job moved successfully.
    C:\WINDOWS\tasks\At259.job moved successfully.
    C:\WINDOWS\tasks\At26.job moved successfully.
    C:\WINDOWS\tasks\At260.job moved successfully.
    C:\WINDOWS\tasks\At261.job moved successfully.
    C:\WINDOWS\tasks\At262.job moved successfully.
    C:\WINDOWS\tasks\At263.job moved successfully.
    C:\WINDOWS\tasks\At264.job moved successfully.
    C:\WINDOWS\tasks\At265.job moved successfully.
    C:\WINDOWS\tasks\At266.job moved successfully.
    C:\WINDOWS\tasks\At267.job moved successfully.
    C:\WINDOWS\tasks\At268.job moved successfully.
    C:\WINDOWS\tasks\At269.job moved successfully.
    C:\WINDOWS\tasks\At27.job moved successfully.
    C:\WINDOWS\tasks\At270.job moved successfully.
    C:\WINDOWS\tasks\At271.job moved successfully.
    C:\WINDOWS\tasks\At272.job moved successfully.
    C:\WINDOWS\tasks\At273.job moved successfully.
    C:\WINDOWS\tasks\At274.job moved successfully.
    C:\WINDOWS\tasks\At275.job moved successfully.
    C:\WINDOWS\tasks\At276.job moved successfully.
    C:\WINDOWS\tasks\At277.job moved successfully.
    C:\WINDOWS\tasks\At278.job moved successfully.
    C:\WINDOWS\tasks\At279.job moved successfully.
    C:\WINDOWS\tasks\At28.job moved successfully.
    C:\WINDOWS\tasks\At280.job moved successfully.
    C:\WINDOWS\tasks\At281.job moved successfully.
    C:\WINDOWS\tasks\At282.job moved successfully.
    C:\WINDOWS\tasks\At283.job moved successfully.
    C:\WINDOWS\tasks\At284.job moved successfully.
    C:\WINDOWS\tasks\At285.job moved successfully.
    C:\WINDOWS\tasks\At286.job moved successfully.
    C:\WINDOWS\tasks\At287.job moved successfully.
    C:\WINDOWS\tasks\At288.job moved successfully.
    C:\WINDOWS\tasks\At289.job moved successfully.
    C:\WINDOWS\tasks\At29.job moved successfully.
    C:\WINDOWS\tasks\At290.job moved successfully.
    C:\WINDOWS\tasks\At291.job moved successfully.
    C:\WINDOWS\tasks\At292.job moved successfully.
    C:\WINDOWS\tasks\At293.job moved successfully.
    C:\WINDOWS\tasks\At294.job moved successfully.
    C:\WINDOWS\tasks\At295.job moved successfully.
    C:\WINDOWS\tasks\At296.job moved successfully.
    C:\WINDOWS\tasks\At297.job moved successfully.
    C:\WINDOWS\tasks\At298.job moved successfully.
    C:\WINDOWS\tasks\At299.job moved successfully.
    C:\WINDOWS\tasks\At3.job moved successfully.
    C:\WINDOWS\tasks\At30.job moved successfully.
    C:\WINDOWS\tasks\At300.job moved successfully.
    C:\WINDOWS\tasks\At301.job moved successfully.
    C:\WINDOWS\tasks\At302.job moved successfully.
    C:\WINDOWS\tasks\At303.job moved successfully.
    C:\WINDOWS\tasks\At304.job moved successfully.
    C:\WINDOWS\tasks\At305.job moved successfully.
    C:\WINDOWS\tasks\At306.job moved successfully.
    C:\WINDOWS\tasks\At307.job moved successfully.
    C:\WINDOWS\tasks\At308.job moved successfully.
    C:\WINDOWS\tasks\At309.job moved successfully.
    C:\WINDOWS\tasks\At31.job moved successfully.
    C:\WINDOWS\tasks\At310.job moved successfully.
    C:\WINDOWS\tasks\At311.job moved successfully.
    C:\WINDOWS\tasks\At312.job moved successfully.
    C:\WINDOWS\tasks\At313.job moved successfully.
    C:\WINDOWS\tasks\At314.job moved successfully.
    C:\WINDOWS\tasks\At315.job moved successfully.
    C:\WINDOWS\tasks\At316.job moved successfully.
    C:\WINDOWS\tasks\At317.job moved successfully.
    C:\WINDOWS\tasks\At318.job moved successfully.
    C:\WINDOWS\tasks\At319.job moved successfully.
    C:\WINDOWS\tasks\At32.job moved successfully.
    C:\WINDOWS\tasks\At320.job moved successfully.
    C:\WINDOWS\tasks\At321.job moved successfully.
    C:\WINDOWS\tasks\At322.job moved successfully.
    C:\WINDOWS\tasks\At323.job moved successfully.
    C:\WINDOWS\tasks\At324.job moved successfully.
    C:\WINDOWS\tasks\At325.job moved successfully.
    C:\WINDOWS\tasks\At326.job moved successfully.
    C:\WINDOWS\tasks\At327.job moved successfully.
    C:\WINDOWS\tasks\At328.job moved successfully.
    C:\WINDOWS\tasks\At329.job moved successfully.
    C:\WINDOWS\tasks\At33.job moved successfully.
    C:\WINDOWS\tasks\At330.job moved successfully.
    C:\WINDOWS\tasks\At331.job moved successfully.
    C:\WINDOWS\tasks\At332.job moved successfully.
    C:\WINDOWS\tasks\At333.job moved successfully.
    C:\WINDOWS\tasks\At334.job moved successfully.
    C:\WINDOWS\tasks\At335.job moved successfully.
    C:\WINDOWS\tasks\At336.job moved successfully.
    C:\WINDOWS\tasks\At337.job moved successfully.
    C:\WINDOWS\tasks\At338.job moved successfully.
    C:\WINDOWS\tasks\At339.job moved successfully.
    C:\WINDOWS\tasks\At34.job moved successfully.
    C:\WINDOWS\tasks\At340.job moved successfully.
    C:\WINDOWS\tasks\At341.job moved successfully.
    C:\WINDOWS\tasks\At342.job moved successfully.
    C:\WINDOWS\tasks\At343.job moved successfully.
    C:\WINDOWS\tasks\At344.job moved successfully.
    C:\WINDOWS\tasks\At345.job moved successfully.
    C:\WINDOWS\tasks\At346.job moved successfully.
    C:\WINDOWS\tasks\At347.job moved successfully.
    C:\WINDOWS\tasks\At348.job moved successfully.
    C:\WINDOWS\tasks\At349.job moved successfully.
    C:\WINDOWS\tasks\At35.job moved successfully.
    C:\WINDOWS\tasks\At350.job moved successfully.
    C:\WINDOWS\tasks\At351.job moved successfully.
    C:\WINDOWS\tasks\At352.job moved successfully.
    C:\WINDOWS\tasks\At353.job moved successfully.
    C:\WINDOWS\tasks\At354.job moved successfully.
    C:\WINDOWS\tasks\At355.job moved successfully.
    C:\WINDOWS\tasks\At356.job moved successfully.
    C:\WINDOWS\tasks\At357.job moved successfully.
    C:\WINDOWS\tasks\At358.job moved successfully.
    C:\WINDOWS\tasks\At359.job moved successfully.
    C:\WINDOWS\tasks\At36.job moved successfully.
    C:\WINDOWS\tasks\At360.job moved successfully.
    C:\WINDOWS\tasks\At361.job moved successfully.
    C:\WINDOWS\tasks\At362.job moved successfully.
    C:\WINDOWS\tasks\At363.job moved successfully.
    C:\WINDOWS\tasks\At364.job moved successfully.
    C:\WINDOWS\tasks\At365.job moved successfully.
    C:\WINDOWS\tasks\At366.job moved successfully.
    C:\WINDOWS\tasks\At367.job moved successfully.
    C:\WINDOWS\tasks\At368.job moved successfully.
    C:\WINDOWS\tasks\At369.job moved successfully.
    C:\WINDOWS\tasks\At37.job moved successfully.
    C:\WINDOWS\tasks\At370.job moved successfully.
    C:\WINDOWS\tasks\At371.job moved successfully.
    C:\WINDOWS\tasks\At372.job moved successfully.
    C:\WINDOWS\tasks\At373.job moved successfully.
    C:\WINDOWS\tasks\At374.job moved successfully.
    C:\WINDOWS\tasks\At375.job moved successfully.
    C:\WINDOWS\tasks\At376.job moved successfully.
    C:\WINDOWS\tasks\At377.job moved successfully.
    C:\WINDOWS\tasks\At378.job moved successfully.
    C:\WINDOWS\tasks\At379.job moved successfully.
    C:\WINDOWS\tasks\At38.job moved successfully.
    C:\WINDOWS\tasks\At380.job moved successfully.
    C:\WINDOWS\tasks\At381.job moved successfully.
    C:\WINDOWS\tasks\At382.job moved successfully.
    C:\WINDOWS\tasks\At383.job moved successfully.
    C:\WINDOWS\tasks\At384.job moved successfully.
    C:\WINDOWS\tasks\At385.job moved successfully.
    C:\WINDOWS\tasks\At386.job moved successfully.
    C:\WINDOWS\tasks\At387.job moved successfully.
    C:\WINDOWS\tasks\At388.job moved successfully.
    C:\WINDOWS\tasks\At389.job moved successfully.
    C:\WINDOWS\tasks\At39.job moved successfully.
    C:\WINDOWS\tasks\At390.job moved successfully.
    C:\WINDOWS\tasks\At391.job moved successfully.
    C:\WINDOWS\tas
    a b , Internet Explorer
    16 Août 2010 14:26:06

    Bonjour,

    1)

    Télécharge Ad-Remover (C_XX) sur ton Bureau.
    /!\ Déconnecte-toi et ferme toutes applications en cours /!\
    Double-cliquez sur AD-R présent sur ton bureau. (Clic droit -> "Exécuter en tant qu'administrateur" pour VISTA)
    Patiente jusqu'à l'apparition du menu principale. A partir de là, clique sur Scanner. Ont te demandera de confirmer, clique sur Oui et patiente jusqu'à la fin du scan.
    !! Laisse Travailler l'outil !!
    Une fenêtre contenant le rapport va s'ouvrir, poste moi le rapport dans ta prochaine réponse.
    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
    Ensuite clique sur Quitter pour fermer Ad-Remover.

    Note : Le rapport que Ad-Remover viens de générer se trouve ici : C:\Ad-Report-SCAN

    2)

    Télécharge UsbFix (de El desaparecido & C_XX) sur ton bureau.
    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées, sans les ouvrir

  • Double-clique sur "USBFix.exe" pour lancer l'outil.
  • Au menu choisis principal, clique sur Recherche.
  • Puis laisse travailler l'outil ...
  • Une fois terminé, poste le rapport USBFix.txt qui est généré ...


    Note : le rapport est sauvegardé à la racine du disque. (C:\USBFix.txt)

    "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    17 Août 2010 13:23:50

    ############################## | UsbFix 7.020 | [Recherche]

    Utilisateur: Raymond (Administrateur) # TOULOUSE-5FEBB6 [ ]
    Mis à jour le 12/08/10 par El Desaparecido / C_XX
    Lancé à 13:02:33 | 17/08/2010
    Site Web: http://pagesperso-orange.fr/NosTools/index.html
    Contact: FindyKill.Contact@gmail.com

    CPU: AMD Athlon(tm) 64 Processor 4000+
    Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 2
    Internet Explorer 6.0.2900.2180

    Antivirus: avast! antivirus 4.8.1229 [VPS 081231-1] 4.8.1229 [Enabled | (!) Outdated]
    RAM -> 1022 Mo
    C:\ (%systemdrive%) -> Disque fixe # 49 Go (7 Go libre(s) - 13%) [] # NTFS
    D:\ -> Disque fixe # 100 Go (25 Go libre(s) - 25%) [Sauvegardes] # NTFS
    I:\ -> CD-ROM

    ################## | Éléments infectieux |



    ======= RAPPORT D'AD-REMOVER 2.0.0.1,D | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par C_XX le 26/07/10 à 12:00
    Contact: AdRemover.contact[AT]gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

    C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 12:54:04 le 17/08/2010, Mode normal

    Microsoft Windows XP Professionnel Service Pack 2 (X86)
    Raymond@TOULOUSE-5FEBB6 ( )

    ============== RECHERCHE ==============


    0,Dossier trouvé: C:\Documents and Settings\Raymond\Application Data\Search Settings
    0,Dossier trouvé: C:\WINDOWS\$NtUninstallMTF1011$
    3,Fichier trouvé: C:\WINDOWS\Installer\5fb8ee.msi

    1,Clé trouvée: HKLM\Software\Classes\CLSID\{91805898-B638-43EB-9ADB-C7925BBB95F6}
    1,Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{91805898-B638-43EB-9ADB-C7925BBB95F6}
    1,Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91805898-B638-43EB-9ADB-C7925BBB95F6}
    1,Clé trouvée: HKLM\Software\Classes\CLSID\{EF2DCAD4-43C5-4488-A7CD-6274814BE5E0}
    1,Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF2DCAD4-43C5-4488-A7CD-6274814BE5E0}
    1,Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF2DCAD4-43C5-4488-A7CD-6274814BE5E0}
    0,Clé trouvée: HKLM\Software\Classes\adgj.agHlp
    0,Clé trouvée: HKLM\Software\Classes\adgj.agHlp.1
    0,Clé trouvée: HKLM\Software\Classes\adShotHlpr.adShotHlpr
    0,Clé trouvée: HKLM\Software\Classes\adShotHlpr.adShotHlpr.1.0
    0,Clé trouvée: HKLM\Software\Search Settings
    0,Clé trouvée: HKLM\Software\Sky-Banners
    0,Clé trouvée: HKLM\Software\Street-Ads
    0,Clé trouvée: HKCU\Software\EoRezo
    0,Clé trouvée: HKCU\Software\Search Settings
    0,Clé trouvée: HKCU\Software\Sky-Banners
    0,Clé trouvée: HKCU\Software\Street-Ads
    0,Clé trouvée: HKU\.DEFAULT\Software\Sky-Banners
    0,Clé trouvée: HKU\.DEFAULT\Software\Street-Ads
    0,Clé trouvée: HKU\S-1-5-18\Software\Sky-Banners
    0,Clé trouvée: HKU\S-1-5-18\Software\Street-Ads
    0,Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
    0,Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
    0,Clé trouvée: HKLM\Software\Classes\AppID\{38061EDC-40BB-4618-A8DA-E56353347E6D}
    0,Clé trouvée: HKLM\Software\Classes\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B}
    0,Clé trouvée: HKLM\Software\Classes\AppID\{7B6A2552-E65B-4A9E-ADD4-C45577FFD8FD}


    ============== SCAN ADDITIONNEL ==============

    ** Mozilla Firefox Version [3.6.8 (fr)] **

    -- C:\Documents and Settings\Raymond\Application Data\Mozilla\FireFox\Profiles\2xggzj84.default\Prefs.js --
    browser.search.selectedEngine, Google (Language: FR)
    browser.startup.homepage, hxxp://www.sfr.fr/
    browser.startup.homepage_override.mstone, rv:1.9.2.8
    privacy.popups.showBrowserMessage, false

    ========================================

    ** Internet Explorer Version [6.0.2900.2180] **

    [HKCU\Software\Microsoft\Internet Explorer\Main]
    Default_Page_URL: hxxp://fr.msn.com/
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search Page: hxxp://www.google.com
    Show_ToolBar: yes
    Start Page: hxxp://www.sfr.fr/
    Use Search Asst: no

    [HKLM\Software\Microsoft\Internet Explorer\Main]
    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
    Default_Search_URL: hxxp://www.google.com/ie
    Delete_Temp_Files_On_Exit: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    Blank: res://mshtml.dll/blank.htm

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

    C:\Ad-Report-SCAN[1].txt - 17/08/2010 (2412 Octet(s))

    Fin à: 12:56:43, 17/08/2010

    ============== E.O.F ==============

    ################## | Registre |

    Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
    Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
    Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

    ################## | Mountpoints2 |

    HKCU\.\.\.\.\Explorer\MountPoints2\{5f7a8793-2885-11df-8243-0019dbab8d94}
    Shell\AutoRun\Command = EmDesk.exe
    Shell\EmDesk\Command = EmDesk.exe


    ################## | Vaccin |

    (!) Cet ordinateur n'est pas vacciné!

    ################## | E.O.F |














    a b , Internet Explorer
    17 Août 2010 14:48:59

    Bonjour,

    Tu m'as copié le rapport Ad-Remover au milieu de celui d'UsbFix, mais c'est pas grave :D 

    1)

    /!\ Déconnecte toi et ferme toutes applications en cours /!\
    Relance AD-R à partir de ton bureau. (Clic droit -> "Exécuter en tant qu'administrateur" pour VISTA)
    Patiente jusqu'à l'apparition du menu principale. A partir de là, clique sur Nettoyer. On te demandera de confirmer, clique sur Oui et patiente jusqu'à la fin du scan.
    !! Laisse Travailler l'outil !!
    A la fin du scan on te propose de redémarrer, accepte en cliquant sur oui. Ton PC va redémarrer.
    Une fois ton PC rallumé, rend toi ici : C:\ et ouvre le fichier nommé Ad-Report-CLEAN.
    Poste moi dans ta prochaine réponse le contenu de Ad-Report-CLEAN.
    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

    2)
    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées, sans les ouvrir

  • Double clic sur le raccourci UsbFix présent sur ton bureau.
  • Au menu principal clique sur Suppression.
  • Il est possible que ton bureau disparaisse et que le pc redémarre.
  • Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
  • Ensuite postes le rapport UsbFix.txt qui apparaitra avec le bureau .


    Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    17 Août 2010 18:19:33

    Bonjour désole pour la petite erreur et de mon impolitesse :sweat: 
    voila ci dessous les rapports :

    ======= RAPPORT D'AD-REMOVER 2.0.0.1,D | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par C_XX le 26/07/10 à 12:00
    Contact: AdRemover.contact[AT]gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

    C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 17:52:59 le 17/08/2010, Mode normal

    Microsoft Windows XP Professionnel Service Pack 2 (X86)
    Raymond@TOULOUSE-5FEBB6 ( )

    ============== ACTION(S) ==============


    0,Dossier supprimé: C:\Documents and Settings\Raymond\Application Data\Search Settings
    0,Dossier supprimé: C:\WINDOWS\$NtUninstallMTF1011$
    3,Fichier supprimé: C:\WINDOWS\Installer\5fb8ee.msi

    (!) -- Fichiers temporaires supprimés.


    1,Clé supprimée: HKLM\Software\Classes\CLSID\{91805898-B638-43EB-9ADB-C7925BBB95F6}
    1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{91805898-B638-43EB-9ADB-C7925BBB95F6}
    1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91805898-B638-43EB-9ADB-C7925BBB95F6}
    1,Clé supprimée: HKLM\Software\Classes\CLSID\{EF2DCAD4-43C5-4488-A7CD-6274814BE5E0}
    1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF2DCAD4-43C5-4488-A7CD-6274814BE5E0}
    1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF2DCAD4-43C5-4488-A7CD-6274814BE5E0}
    0,Clé supprimée: HKLM\Software\Classes\adgj.agHlp
    0,Clé supprimée: HKLM\Software\Classes\adgj.agHlp.1
    0,Clé supprimée: HKLM\Software\Classes\adShotHlpr.adShotHlpr
    0,Clé supprimée: HKLM\Software\Classes\adShotHlpr.adShotHlpr.1.0
    0,Clé supprimée: HKLM\Software\Search Settings
    0,Clé supprimée: HKLM\Software\Sky-Banners
    0,Clé supprimée: HKLM\Software\Street-Ads
    0,Clé supprimée: HKCU\Software\EoRezo
    0,Clé supprimée: HKCU\Software\Search Settings
    0,Clé supprimée: HKCU\Software\Sky-Banners
    0,Clé supprimée: HKCU\Software\Street-Ads
    0,Clé supprimée: HKU\.DEFAULT\Software\Sky-Banners
    0,Clé supprimée: HKU\.DEFAULT\Software\Street-Ads
    0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
    0,Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
    0,Clé supprimée: HKLM\Software\Classes\AppID\{38061EDC-40BB-4618-A8DA-E56353347E6D}
    0,Clé supprimée: HKLM\Software\Classes\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B}
    0,Clé supprimée: HKLM\Software\Classes\AppID\{7B6A2552-E65B-4A9E-ADD4-C45577FFD8FD}


    ============== SCAN ADDITIONNEL ==============

    ** Mozilla Firefox Version [3.6.8 (fr)] **

    -- C:\Documents and Settings\Raymond\Application Data\Mozilla\FireFox\Profiles\2xggzj84.default\Prefs.js --
    browser.search.selectedEngine, Google (Language: FR)
    browser.startup.homepage, hxxp://www.sfr.fr/
    browser.startup.homepage_override.mstone, rv:1.9.2.8
    privacy.popups.showBrowserMessage, false

    ========================================

    ** Internet Explorer Version [6.0.2900.2180] **

    [HKCU\Software\Microsoft\Internet Explorer\Main]
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    Use Search Asst: no

    [HKLM\Software\Microsoft\Internet Explorer\Main]
    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/

    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 7 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 17/08/2010 (2412 Octet(s))
    C:\Ad-Report-SCAN[1].txt - 17/08/2010 (3992 Octet(s))
    C:\Ad-Report-SCAN[2].txt - 17/08/2010 (4048 Octet(s))

    Fin à: 17:55:45, 17/08/2010

    ============== E.O.F ==============
    ############################## | UsbFix 7.020 | [Suppression]

    Utilisateur: Raymond (Administrateur) # TOULOUSE-5FEBB6 [ ]
    Mis à jour le 12/08/10 par El Desaparecido / C_XX
    Lancé à 18:03:25 | 17/08/2010
    Site Web: http://pagesperso-orange.fr/NosTools/index.html
    Contact: FindyKill.Contact@gmail.com

    CPU: AMD Athlon(tm) 64 Processor 4000+
    Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 2
    Internet Explorer 6.0.2900.2180

    Antivirus: avast! antivirus 4.8.1229 [VPS 081231-1] 4.8.1229 [Enabled | (!) Outdated]
    RAM -> 1022 Mo
    C:\ (%systemdrive%) -> Disque fixe # 49 Go (7 Go libre(s) - 13%) [] # NTFS
    D:\ -> Disque fixe # 100 Go (26 Go libre(s) - 26%) [Sauvegardes] # NTFS
    I:\ -> CD-ROM

    ################## | Éléments infectieux |


    ################## | Registre |

    Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
    Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
    Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

    ################## | Mountpoints2 |


    ################## | Listing |

    [06/06/2010 - 14:58:05 | D ] C:\accuse reception impot 2009
    [17/08/2010 - 17:55:45 | A | 4316] C:\Ad-Report-CLEAN[1].txt
    [17/08/2010 - 13:01:00 | A | 3992] C:\Ad-Report-SCAN[1].txt
    [17/08/2010 - 13:22:44 | A | 4048] C:\Ad-Report-SCAN[2].txt
    [17/10/2007 - 18:55:00 | A | 0] C:\AUTOEXEC.BAT
    [26/02/2010 - 16:26:49 | RASH | 294] C:\boot.ini
    [28/08/2001 - 12:00:00 | RASH | 4952] C:\Bootfont.bin
    [30/04/2010 - 22:22:19 | D ] C:\chaine hi-fi
    [26/02/2010 - 16:26:48 | RASHD ] C:\cmdcons
    [04/08/2004 - 00:00:08 | A | 263488] C:\cmldr
    [03/08/2010 - 00:26:35 | D ] C:\Config.Msi
    [17/10/2007 - 18:55:00 | A | 0] C:\CONFIG.SYS
    [26/04/2010 - 18:07:04 | D ] C:\declaration entreprise
    [09/03/2010 - 21:32:22 | D ] C:\DEPANNAGE
    [25/04/2010 - 09:53:54 | D ] C:\diams
    [26/02/2010 - 12:35:17 | D ] C:\Documents and Settings
    [13/05/2010 - 09:47:17 | A | 26624] C:\FACTURE AUBERDIAC.XLS
    [14/03/2010 - 18:20:58 | D ] C:\factures
    [30/04/2010 - 20:57:15 | D ] C:\ff
    [17/08/2010 - 17:59:52 | ASH | 1072222208] C:\hiberfil.sys
    [17/10/2007 - 20:14:31 | D ] C:\HP
    [17/10/2007 - 18:55:00 | RASH | 0] C:\IO.SYS
    [16/06/2010 - 18:12:00 | D ] C:\LimeWire
    [13/05/2010 - 09:35:50 | A | 27136] C:\modele-facture-auto-entrepreneur.xls
    [17/10/2007 - 18:55:00 | RASH | 0] C:\MSDOS.SYS
    [18/10/2007 - 14:09:27 | RD ] C:\MSOCache
    [03/08/2004 - 22:38:34 | RASH | 47564] C:\NTDETECT.COM
    [03/08/2004 - 22:59:44 | RASH | 251712] C:\ntldr
    [18/10/2007 - 14:27:43 | D ] C:\Olifax
    [04/03/2008 - 19:10:38 | D ] C:\OLIFAXVX
    [17/08/2010 - 17:59:49 | ASH | 1610612736] C:\pagefile.sys
    [14/03/2010 - 18:24:11 | D ] C:\PP
    [17/08/2010 - 12:54:02 | RD ] C:\Program Files
    [17/08/2010 - 18:06:17 | SHD ] C:\RECYCLER
    [04/04/2008 - 17:38:51 | D ] C:\shareaza
    [27/06/2008 - 21:49:05 | AH | 268] C:\sqmdata00.sqm
    [11/03/2009 - 19:13:56 | AH | 268] C:\sqmdata01.sqm
    [13/03/2009 - 19:36:21 | AH | 232] C:\sqmdata02.sqm
    [13/03/2009 - 19:39:39 | AH | 232] C:\sqmdata03.sqm
    [13/03/2009 - 19:43:05 | AH | 232] C:\sqmdata04.sqm
    [11/04/2009 - 14:02:26 | AH | 268] C:\sqmdata05.sqm
    [25/04/2009 - 15:36:06 | AH | 268] C:\sqmdata06.sqm
    [23/05/2009 - 22:55:14 | AH | 268] C:\sqmdata07.sqm
    [13/05/2008 - 22:00:55 | AH | 268] C:\sqmdata08.sqm
    [14/05/2008 - 20:33:50 | AH | 268] C:\sqmdata09.sqm
    [14/05/2008 - 22:05:48 | AH | 268] C:\sqmdata10.sqm
    [15/05/2008 - 12:58:51 | AH | 268] C:\sqmdata11.sqm
    [15/05/2008 - 16:07:33 | AH | 268] C:\sqmdata12.sqm
    [15/05/2008 - 17:12:58 | AH | 268] C:\sqmdata13.sqm
    [29/05/2008 - 20:58:32 | AH | 268] C:\sqmdata14.sqm
    [30/05/2008 - 12:38:23 | AH | 268] C:\sqmdata15.sqm
    [30/05/2008 - 17:51:49 | AH | 268] C:\sqmdata16.sqm
    [30/05/2008 - 19:06:49 | AH | 268] C:\sqmdata17.sqm
    [30/05/2008 - 21:59:04 | AH | 268] C:\sqmdata18.sqm
    [19/06/2008 - 18:47:48 | AH | 268] C:\sqmdata19.sqm
    [27/06/2008 - 21:49:05 | AH | 244] C:\sqmnoopt00.sqm
    [11/03/2009 - 19:13:56 | AH | 244] C:\sqmnoopt01.sqm
    [13/03/2009 - 19:36:21 | AH | 244] C:\sqmnoopt02.sqm
    [13/03/2009 - 19:39:39 | AH | 244] C:\sqmnoopt03.sqm
    [13/03/2009 - 19:43:05 | AH | 244] C:\sqmnoopt04.sqm
    [11/04/2009 - 14:02:26 | AH | 244] C:\sqmnoopt05.sqm
    [25/04/2009 - 15:36:06 | AH | 244] C:\sqmnoopt06.sqm
    [23/05/2009 - 22:55:14 | AH | 244] C:\sqmnoopt07.sqm
    [13/05/2008 - 22:00:55 | AH | 244] C:\sqmnoopt08.sqm
    [14/05/2008 - 20:33:50 | AH | 244] C:\sqmnoopt09.sqm
    [14/05/2008 - 22:05:48 | AH | 244] C:\sqmnoopt10.sqm
    [15/05/2008 - 12:58:51 | AH | 244] C:\sqmnoopt11.sqm
    [15/05/2008 - 16:07:33 | AH | 244] C:\sqmnoopt12.sqm
    [15/05/2008 - 17:12:57 | AH | 244] C:\sqmnoopt13.sqm
    [29/05/2008 - 20:58:32 | AH | 244] C:\sqmnoopt14.sqm
    [30/05/2008 - 12:38:22 | AH | 244] C:\sqmnoopt15.sqm
    [30/05/2008 - 17:51:49 | AH | 244] C:\sqmnoopt16.sqm
    [30/05/2008 - 19:06:49 | AH | 244] C:\sqmnoopt17.sqm
    [30/05/2008 - 21:59:03 | AH | 244] C:\sqmnoopt18.sqm
    [19/06/2008 - 18:47:48 | AH | 244] C:\sqmnoopt19.sqm
    [30/07/2010 - 18:59:08 | SHD ] C:\System Volume Information
    [20/01/2009 - 22:39:48 | D ] C:\temp
    [28/10/2009 - 15:45:18 | D ] C:\tomtom
    [17/10/2007 - 20:04:26 | D ] C:\totalcmd
    [17/08/2010 - 18:06:17 | D ] C:\UsbFix
    [17/08/2010 - 18:06:21 | A | 1071] C:\UsbFix.txt
    [07/08/2008 - 20:53:52 | D ] C:\WESTWOOD
    [17/08/2010 - 18:00:22 | D ] C:\WINDOWS
    [06/07/2008 - 21:51:55 | D ] C:\winrar
    [12/08/2010 - 20:10:49 | D ] C:\xavier
    [04/03/2010 - 16:23:35 | A | 57] C:\xcrashdump.dat
    [26/05/2008 - 15:42:14 | D ] C:\µtorrent
    [28/03/2009 - 12:55:08 | D ] D:\camescope gravage
    [28/03/2009 - 14:24:46 | D ] D:\Camescope Sony
    [27/05/2009 - 18:41:14 | D ] D:\Chantal
    [08/03/2010 - 18:23:14 | D ] D:\cv chantal et raymond
    [28/10/2009 - 15:51:55 | D ] D:\Disque C Sauvegarde 28-10-09
    [21/07/2010 - 18:34:42 | D ] D:\Documents and Settings
    [15/08/2010 - 17:05:26 | D ] D:\essai money sauve
    [28/10/2009 - 15:55:20 | D ] D:\formation
    [02/01/2009 - 19:46:39 | D ] D:\hand
    [03/03/2010 - 21:11:19 | D ] D:\Impot
    [05/10/2009 - 17:48:12 | D ] D:\Impot handball
    [22/10/2007 - 20:06:50 | D ] D:\imprimante F2180
    [08/03/2008 - 19:20:25 | D ] D:\karting
    [30/10/2007 - 13:34:57 | D ] D:\la poste
    [26/04/2010 - 18:27:54 | D ] D:\labo
    [28/10/2009 - 15:54:24 | D ] D:\laville
    [11/08/2010 - 15:40:00 | RD ] D:\Mes documents
    [19/04/2009 - 16:34:15 | D ] D:\Photos
    [30/08/2008 - 13:28:28 | D ] D:\photos motocluteur
    [25/05/2009 - 19:43:24 | D ] D:\photos remorque
    [10/12/2007 - 21:38:08 | D ] D:\pneu
    [05/12/2009 - 14:58:40 | D ] D:\raymond
    [28/01/2008 - 13:59:29 | D ] D:\Record NOW
    [17/08/2010 - 18:06:17 | SHD ] D:\RECYCLER
    [19/04/2009 - 18:23:10 | D ] D:\router
    [27/12/2007 - 19:31:50 | D ] D:\Sauves du 17-10-07
    [30/07/2010 - 18:53:51 | SHD ] D:\System Volume Information
    [10/01/2010 - 19:32:27 | D ] D:\tomtom
    [28/10/2009 - 16:13:51 | D ] D:\tour
    [31/07/2010 - 15:41:21 | D ] D:\xavier
    [28/10/2009 - 12:46:16 | D ] D:\xavier essai musique
    [11/03/2008 - 19:04:04 | D ] D:\xavier2
    [16/08/2010 - 13:18:45 | D ] D:\_OTL

    ################## | Vaccin |

    C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
    D:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

    ################## | E.O.F |
    a b , Internet Explorer
    17 Août 2010 20:31:18

    Très bien.
    Est-ce que tu peux refaire un log OTL ?

    Et puis, comment se comporte ton PC à présent ?
    17 Août 2010 21:17:37

    j'ai toujours le même problème des fenêtres internet explorer qui s'ouvrent puis se referment... Sinon avant j'avais un message d'erreur avec un fichier "kvndll" (je crois qu'il s'appelait comme sa) qui été supprimé et bé ce message n'est plus !! Sinon j'ai toujours le probleme des pages internet explorer qui ouvre sur des pubs ou des fois rien (pages blanches "about blank")

    OTL logfile created on: 17/08/2010 21:05:52 - Run 2
    OTL by OldTimer - Version 3.2.9.1 Folder = D:\Mes documents\Téléchargements
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    1 022,00 Mb Total Physical Memory | 500,00 Mb Available Physical Memory | 49,00% Memory free
    2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 48,82 Gb Total Space | 6,50 Gb Free Space | 13,31% Space Free | Partition Type: NTFS
    Drive D: | 100,22 Gb Total Space | 26,03 Gb Free Space | 25,97% Space Free | Partition Type: NTFS
    Drive E: | 7,24 Gb Total Space | 6,01 Gb Free Space | 83,07% Space Free | Partition Type: FAT32
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: TOULOUSE-5FEBB6
    Current User Name: Raymond
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe ()
    PRC - D:\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe ()
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
    PRC - D:\xavier\Ipod\Ipodd\iTunesHelper .exe (Apple Inc.)
    PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
    PRC - C:\Program Files\Windows Live\Messenger\msnmsgr .exe (Microsoft Corporation)
    PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    PRC - C:\tomtom\TomTom HOME 2\HOMERunner .exe (TomTom)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe (Hewlett-Packard)
    PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
    PRC - C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


    ========== Modules (SafeList) ==========

    MOD - D:\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
    SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
    SRV - (MDM) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (SetupNTGLM7X) -- I:\NTGLM7X.sys File not found
    DRV - (NTACCESS) -- I:\NTACCESS.sys File not found
    DRV - (GMSIPCI) -- I:\INSTALL\GMSIPCI.SYS File not found
    DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
    DRV - (Daemon) -- C:\WINDOWS\System32\drivers\daemon.sys File not found
    DRV - (catchme) -- C:\DOCUME~1\Raymond\LOCALS~1\Temp\catchme.sys File not found
    DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
    DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
    DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
    DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
    DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
    DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
    DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
    DRV - (xfilt) -- C:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
    DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
    DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
    DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
    DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
    DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
    DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
    DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
    DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
    DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
    DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
    DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
    DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
    DRV - (hcwPVRP2) Hauppauge WinTV-PVR PCI II (Encoder-16) -- C:\WINDOWS\system32\drivers\hcwPVRP2.sys (Hauppauge Computer Works, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost

    ========== FireFox ==========

    FF - prefs.js..browser.search.order.1: "Google"
    FF - prefs.js..browser.search.selectedEngine: "Google (Language: FR)"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.sfr.fr/"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5

    FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/10 20:11:59 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 15:38:21 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/11 15:37:58 | 000,000,000 | ---D | M]

    [2010/08/11 15:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Extensions
    [2010/03/03 18:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2010/08/11 15:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\2xggzj84.default\extensions
    [2010/08/12 13:47:17 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\2xggzj84.default\searchplugins\google-language-fr.xml
    [2010/08/16 13:24:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/07/23 02:44:11 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
    [2010/07/23 02:44:11 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2010/07/23 02:44:11 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
    [2010/07/14 21:01:18 | 000,002,077 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml
    [2010/07/23 02:44:11 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
    [2010/07/23 02:44:11 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2010/02/26 17:58:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe ()
    O4 - HKLM..\Run: [iTunesHelper] D:\xavier\Ipod\Ipodd\iTunesHelper.exe ()
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
    O4 - HKCU..\Run: [Kkevapoyowu] C:\WINDOWS\wcdsfv.DLL (CyberLink Corp.)
    O4 - HKCU..\Run: [TomTomHOME.exe] C:\tomtom\TomTom HOME 2\HOMERunner.exe ()
    O4 - Startup: C:\Documents and Settings\Raymond\Menu Démarrer\Programmes\Démarrage\LimeWire On Startup.lnk = C:\LimeWire\LimeWire.exe (Lime Wire, LLC)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Contro... (MUWebControl Class)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c... (HP Download Manager)
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/fichiers/hardwaredet... (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash... (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/10/17 18:55:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/08/17 18:06:21 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2010/08/17 18:06:21 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2007/09/30 21:42:50 | 000,000,130 | ---- | M] () - E:\autorun.inf -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/08/17 18:06:21 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
    [2010/08/17 16:30:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Raymond\Recent
    [2010/08/17 13:01:14 | 000,000,000 | ---D | C] -- C:\UsbFix
    [2010/08/17 12:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
    [2010/08/11 15:40:00 | 000,000,000 | ---D | C] -- D:\Mes documents\Téléchargements
    [2010/08/08 15:19:20 | 000,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
    [2010/08/06 17:31:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\Settings
    [2010/08/06 15:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Malwarebytes
    [2010/08/05 09:45:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2010/08/05 09:45:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2010/08/03 01:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
    [2010/08/03 00:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/08/03 00:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/08/03 00:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2010/08/03 00:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/08/01 14:46:16 | 000,000,000 | ---D | C] -- C:\xavier
    [2010/08/01 14:30:04 | 000,000,000 | ---D | C] -- D:\Mes documents\Money sauvegarde
    [2010/08/01 14:29:12 | 000,000,000 | ---D | C] -- D:\Mes documents\WORD et autres documents textes
    [2010/08/01 14:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
    [2010/08/01 14:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\HPAppData
    [2010/07/30 18:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/07/30 18:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/07/30 18:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\AVS4YOU
    [2010/07/30 18:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\AVSMedia
    [2010/07/30 18:18:26 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
    [2010/07/30 18:18:26 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
    [2010/07/30 18:18:25 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
    [2010/07/30 18:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
    [2010/07/30 18:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
    [2010/07/29 01:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Local Settings\Application Data\WinAVI
    [2010/07/28 12:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\Apowersoft
    [2010/07/25 18:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\vlc
    [2010/07/25 18:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
    [2010/07/21 18:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010/07/21 18:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\$NtUninstallWTF1012$
    [2006/08/11 14:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

    ========== Files - Modified Within 30 Days ==========

    [2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2016.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2015.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2014.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2013.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2012.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2011.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2010.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2009.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2008.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2007.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2006.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2005.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2004.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2003.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2002.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2001.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2000.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1999.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1998.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1997.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1996.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1995.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1994.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1993.job
    [2010/08/17 21:03:52 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat
    [2010/08/17 21:03:51 | 000,072,706 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe
    [2010/08/17 21:00:11 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2010/08/17 21:00:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/08/17 21:00:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/08/17 21:00:01 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
    [2010/08/17 19:17:13 | 009,961,472 | -H-- | M] () -- C:\Documents and Settings\Raymond\NTUSER.DAT
    [2010/08/17 19:17:13 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Raymond\ntuser.ini
    [2010/08/17 19:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1988.job
    [2010/08/17 19:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1964.job
    [2010/08/17 19:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1940.job
    [2010/08/17 19:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1916.job
    [2010/08/17 19:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1892.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1992.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1991.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1990.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1989.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1987.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1986.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1985.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1984.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1983.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1982.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1981.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1980.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1979.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1978.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1977.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1976.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1975.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1974.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1973.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1972.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1971.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1970.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1969.job
    [2010/08/17 18:00:04 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1963.job
    [2010/08/17 18:00:04 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1939.job
    [2010/08/17 18:00:04 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1915.job
    [2010/08/17 18:00:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1891.job
    [2010/08/17 17:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1962.job
    [2010/08/17 17:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1938.job
    [2010/08/17 17:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1914.job
    [2010/08/17 17:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1890.job
    [2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1968.job
    [2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1967.job
    [2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1966.job
    [2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1965.job
    [2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1961.job
    [2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1960.job
    [2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1959.job
    [2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1958.job
    [2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1957.job
    [2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1956.job
    [2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1955.job
    [2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1954.job
    [2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1953.job
    [2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1952.job
    [2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1951.job
    [2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1950.job
    [2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1949.job
    [2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1948.job
    [2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1947.job
    [2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1946.job
    [2010/08/17 16:12:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1945.job
    [2010/08/17 16:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1937.job
    [2010/08/17 16:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1913.job
    [2010/08/17 16:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1889.job
    [2010/08/17 15:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1936.job
    [2010/08/17 15:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1912.job
    [2010/08/17 15:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1888.job
    [2010/08/17 14:53:35 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Raymond\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1944.job
    [2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1943.job
    [2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1942.job
    [2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1941.job
    [2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1935.job
    [2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1934.job
    [2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1933.job
    [2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1932.job
    [2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1931.job
    [2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1930.job
    [2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1929.job
    [2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1928.job
    [2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1927.job
    [2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1926.job
    [2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1925.job
    [2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1924.job
    [2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1923.job
    [2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1922.job
    [2010/08/17 14:07:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1921.job
    [2010/08/17 14:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At879.job
    [2010/08/17 14:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1911.job
    [2010/08/17 14:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1887.job
    [2010/08/17 13:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1910.job
    [2010/08/17 13:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1886.job
    [2010/08/17 13:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1454.job
    [2010/08/17 12:54:02 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Raymond\Bureau\AD-R.lnk
    [2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1920.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1919.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1918.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1917.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1909.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1908.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1907.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1906.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1905.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1904.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1903.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1902.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1901.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1900.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1899.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1898.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1897.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1896.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1895.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1894.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1893.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1885.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1884.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1883.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1882.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1881.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1880.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1879.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1878.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1877.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1876.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1875.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1874.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1873.job
    [2010/08/15 21:04:14 | 000,003,096 | ---- | M] () -- C:\WINDOWS\wincmd.ini
    [2010/08/15 20:00:25 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At333.job
    [2010/08/15 14:09:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/08/11 15:43:45 | 000,458,230 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
    [2010/08/11 15:43:45 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/08/11 15:43:45 | 000,071,248 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
    [2010/08/11 15:43:45 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/08/11 15:43:44 | 000,989,618 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/08/11 15:38:01 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/08/11 15:38:01 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
    [2010/08/10 19:25:37 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/08/10 12:33:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/08/08 20:05:13 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/08/02 19:41:09 | 000,002,591 | ---- | M] () -- C:\Documents and Settings\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
    [2010/08/01 12:13:10 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\Raymond\Bureau\CCleaner.lnk
    [2010/07/30 19:32:21 | 000,000,651 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/07/30 02:03:58 | 004,812,972 | -H-- | M] () -- C:\Documents and Settings\Raymond\Local Settings\Application Data\IconCache.db
    [2010/07/25 18:24:21 | 000,069,568 | ---- | M] () -- C:\Documents and Settings\Raymond\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

    ========== Files Created - No Company Name ==========

    [2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2016.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2015.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2014.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2013.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2012.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2011.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2010.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2009.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2008.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2007.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2006.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2005.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2004.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2003.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2002.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2001.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2000.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1999.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1998.job
    [2010/08/17 21:03:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1997.job
    [2010/08/17 21:03:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1996.job
    [2010/08/17 21:03:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1995.job
    [2010/08/17 21:03:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1994.job
    [2010/08/17 21:03:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1993.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1992.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1991.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1990.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1989.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1988.job
    [2010/08/17 18:11:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1987.job
    [2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1986.job
    [2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1985.job
    [2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1984.job
    [2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1983.job
    [2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1982.job
    [2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1981.job
    [2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1980.job
    [2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1979.job
    [2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1978.job
    [2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1977.job
    [2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1976.job
    [2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1975.job
    [2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1974.job
    [2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1973.job
    [2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1972.job
    [2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1971.job
    [2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1970.job
    [2010/08/17 18:11:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1969.job
    [2010/08/17 16:12:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1968.job
    [2010/08/17 16:12:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1967.job
    [2010/08/17 16:12:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1966.job
    [2010/08/17 16:12:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1965.job
    [2010/08/17 16:12:39 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1964.job
    [2010/08/17 16:12:39 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1963.job
    [2010/08/17 16:12:39 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1962.job
    [2010/08/17 16:12:39 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1961.job
    [2010/08/17 16:12:39 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1960.job
    [2010/08/17 16:12:39 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1959.job
    [2010/08/17 16:12:39 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1958.job
    [2010/08/17 16:12:39 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1957.job
    [2010/08/17 16:12:39 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1956.job
    [2010/08/17 16:12:39 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1955.job
    [2010/08/17 16:12:38 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1954.job
    [2010/08/17 16:12:38 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1953.job
    [2010/08/17 16:12:38 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1952.job
    [2010/08/17 16:12:38 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1951.job
    [2010/08/17 16:12:37 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1950.job
    [2010/08/17 16:12:37 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1949.job
    [2010/08/17 16:12:37 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1948.job
    [2010/08/17 16:12:37 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1947.job
    [2010/08/17 16:12:36 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1946.job
    [2010/08/17 16:12:36 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1945.job
    [2010/08/17 14:07:58 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1944.job
    [2010/08/17 14:07:58 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1943.job
    [2010/08/17 14:07:58 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1942.job
    [2010/08/17 14:07:58 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1941.job
    [2010/08/17 14:07:58 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1940.job
    [2010/08/17 14:07:58 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1939.job
    [2010/08/17 14:07:58 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1938.job
    [2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1937.job
    [2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1936.job
    [2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1935.job
    [2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1934.job
    [2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1933.job
    [2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1932.job
    [2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1931.job
    [2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1930.job
    [2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1929.job
    [2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1928.job
    [2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1927.job
    [2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1926.job
    [2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1925.job
    [2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1924.job
    [2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1923.job
    [2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1922.job
    [2010/08/17 14:07:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1921.job
    [2010/08/17 12:54:02 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Raymond\Bureau\AD-R.lnk
    [2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1920.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1919.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1918.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1917.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1916.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1915.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1914.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1913.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1912.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1911.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1910.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1909.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1908.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1907.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1906.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1905.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1904.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1903.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1902.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1901.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1900.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1899.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1898.job
    [2010/08/17 12:04:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1897.job
    [2010/08/16 15:27:33 | 000,072,706 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe
    [2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1896.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1895.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1894.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1893.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1892.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1891.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1890.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1889.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1888.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1887.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1886.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1885.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1884.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1883.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1882.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1881.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1880.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1879.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1878.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1877.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1876.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1875.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1874.job
    [2010/08/16 15:27:33 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1873.job
    [2010/08/16 15:27:32 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat
    [2010/08/11 15:38:01 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/08/11 15:38:01 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
    [2010/08/10 17:09:16 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1454.job
    [2010/08/06 13:22:29 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At879.job
    [2010/08/05 09:45:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/08/02 19:01:45 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At333.job
    [2010/08/01 12:13:10 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\Raymond\Bureau\CCleaner.lnk
    [2009/03/13 13:25:40 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
    [2009/01/20 22:52:37 | 000,552,960 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
    [2009/01/20 22:39:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
    [2008/05/03 05:46:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2008/05/03 05:46:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2008/05/03 05:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2008/05/03 05:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2008/05/03 05:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2008/04/05 19:21:24 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
    [2008/04/05 18:19:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2008/04/05 18:19:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
    [2008/03/22 20:44:38 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2007/10/26 16:08:18 | 000,000,440 | ---- | C] () -- C:\WINDOWS\pcvideo.ini
    [2007/10/26 16:08:17 | 000,010,513 | ---- | C] () -- C:\WINDOWS\Wintvstr.ini
    [2007/10/26 16:08:02 | 000,002,637 | ---- | C] () -- C:\WINDOWS\setupwtv.ini
    [2007/10/19 19:17:06 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2007/10/18 14:34:21 | 000,001,208 | ---- | C] () -- C:\WINDOWS\Radio_Fr.ini
    [2007/10/18 14:13:28 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/10/18 12:29:58 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2007/10/18 12:29:50 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
    [2007/10/17 21:02:23 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
    [2007/10/17 21:02:23 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIFRN.DLL
    [2007/10/17 21:02:23 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2007/10/17 20:04:07 | 000,003,096 | ---- | C] () -- C:\WINDOWS\wincmd.ini
    [2006/08/11 14:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
    [2006/05/23 12:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
    [2005/06/16 18:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
    [2005/05/03 18:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/10/27 00:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D 1B5B4F1
    < End of report >
    a b , Internet Explorer
    17 Août 2010 23:45:02

    En effet, il y a plein de choses qui ont apparu entre temps...

    Relance OTL.exe.

  • Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant (Ne le modifie pas):

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe ()
    DRV - (catchme) -- C:\DOCUME~1\Raymond\LOCALS~1\Temp\catchme.sys File not found
    [2010/08/17 21:03:52 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat
    [2010/08/17 21:03:51 | 000,072,706 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe

    :Files
    C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe
    C:\WINDOWS\tasks\At????.job

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


  • Puis clique sur le bouton Correction en haut de la fenêtre.
  • Laisse le programme travailler, redémarre une fois le fix terminé.
  • Enfin, poste un nouveau log OTL (cette fois, ne coche pas les cases LOP Check et Purity).

    Note : Tu verras peut-être un log s'ouvrir après le fix (c'est le log qui montre si la suppression a réussi). Si tu veux le poster, sauvegarde-le sur ton Bureau et poste-le avec le nouveau log OTL
    18 Août 2010 13:15:04

    Bonjour,
    Voila le log OTL après la correction faite et après l'analyse^^

    Le problème que je rencontre après tout ceci c'est un message de débogage nom de la fenêtre " débogage juste-à-temps" et l'application qui s'ouvre si je clik sur "utiliser le débogueur sélectionné" c'est "nouvelle instance de Microsoft Script Editor"

    OTL logfile created on: 18/08/2010 13:09:15 - Run 3
    OTL by OldTimer - Version 3.2.9.1 Folder = D:\Mes documents\Téléchargements
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    1 022,00 Mb Total Physical Memory | 558,00 Mb Available Physical Memory | 55,00% Memory free
    2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 48,82 Gb Total Space | 6,52 Gb Free Space | 13,35% Space Free | Partition Type: NTFS
    Drive D: | 100,22 Gb Total Space | 26,03 Gb Free Space | 25,97% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: TOULOUSE-5FEBB6
    Current User Name: Raymond
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - D:\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe ()
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
    PRC - D:\xavier\Ipod\Ipodd\iTunesHelper .exe (Apple Inc.)
    PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    PRC - C:\tomtom\TomTom HOME 2\HOMERunner .exe (TomTom)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe (Hewlett-Packard)
    PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
    PRC - C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


    ========== Modules (SafeList) ==========

    MOD - D:\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
    SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
    SRV - (MDM) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (SetupNTGLM7X) -- I:\NTGLM7X.sys File not found
    DRV - (NTACCESS) -- I:\NTACCESS.sys File not found
    DRV - (GMSIPCI) -- I:\INSTALL\GMSIPCI.SYS File not found
    DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
    DRV - (Daemon) -- C:\WINDOWS\System32\drivers\daemon.sys File not found
    DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
    DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
    DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
    DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
    DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
    DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
    DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
    DRV - (xfilt) -- C:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
    DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
    DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
    DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
    DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
    DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
    DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
    DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
    DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
    DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
    DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
    DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
    DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
    DRV - (hcwPVRP2) Hauppauge WinTV-PVR PCI II (Encoder-16) -- C:\WINDOWS\system32\drivers\hcwPVRP2.sys (Hauppauge Computer Works, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost

    ========== FireFox ==========

    FF - prefs.js..browser.search.order.1: "Google"
    FF - prefs.js..browser.search.selectedEngine: "Google (Language: FR)"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.sfr.fr/"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5

    FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/10 20:11:59 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 15:38:21 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/11 15:37:58 | 000,000,000 | ---D | M]

    [2010/08/11 15:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Extensions
    [2010/03/03 18:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2010/08/11 15:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\2xggzj84.default\extensions
    [2010/08/12 13:47:17 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\2xggzj84.default\searchplugins\google-language-fr.xml
    [2010/08/16 13:24:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/07/23 02:44:11 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
    [2010/07/23 02:44:11 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2010/07/23 02:44:11 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
    [2010/07/14 21:01:18 | 000,002,077 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml
    [2010/07/23 02:44:11 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
    [2010/07/23 02:44:11 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2010/02/26 17:58:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe ()
    O4 - HKLM..\Run: [iTunesHelper] D:\xavier\Ipod\Ipodd\iTunesHelper.exe ()
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
    O4 - HKCU..\Run: [Kkevapoyowu] C:\WINDOWS\wcdsfv.DLL (CyberLink Corp.)
    O4 - HKCU..\Run: [TomTomHOME.exe] C:\tomtom\TomTom HOME 2\HOMERunner.exe ()
    O4 - Startup: C:\Documents and Settings\Raymond\Menu Démarrer\Programmes\Démarrage\LimeWire On Startup.lnk = C:\LimeWire\LimeWire.exe (Lime Wire, LLC)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Contro... (MUWebControl Class)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c... (HP Download Manager)
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/fichiers/hardwaredet... (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash... (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/10/17 18:55:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/08/17 18:06:21 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2010/08/17 18:06:21 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/08/17 18:06:21 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
    [2010/08/17 16:30:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Raymond\Recent
    [2010/08/17 13:01:14 | 000,000,000 | ---D | C] -- C:\UsbFix
    [2010/08/17 12:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
    [2010/08/11 15:40:00 | 000,000,000 | ---D | C] -- D:\Mes documents\Téléchargements
    [2010/08/08 15:19:20 | 000,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
    [2010/08/06 17:31:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\Settings
    [2010/08/06 15:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Malwarebytes
    [2010/08/05 09:45:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2010/08/05 09:45:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2010/08/03 01:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
    [2010/08/03 00:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/08/03 00:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/08/03 00:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2010/08/03 00:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/08/01 14:46:16 | 000,000,000 | ---D | C] -- C:\xavier
    [2010/08/01 14:30:04 | 000,000,000 | ---D | C] -- D:\Mes documents\Money sauvegarde
    [2010/08/01 14:29:12 | 000,000,000 | ---D | C] -- D:\Mes documents\WORD et autres documents textes
    [2010/08/01 14:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
    [2010/08/01 14:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\HPAppData
    [2010/07/30 18:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/07/30 18:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/07/30 18:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\AVS4YOU
    [2010/07/30 18:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\AVSMedia
    [2010/07/30 18:18:26 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
    [2010/07/30 18:18:26 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
    [2010/07/30 18:18:25 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
    [2010/07/30 18:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
    [2010/07/30 18:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
    [2010/07/29 01:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Local Settings\Application Data\WinAVI
    [2010/07/28 12:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\Apowersoft
    [2010/07/25 18:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\vlc
    [2010/07/25 18:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
    [2010/07/21 18:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010/07/21 18:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\$NtUninstallWTF1012$
    [2006/08/11 14:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

    ========== Files - Modified Within 30 Days ==========

    [2010/08/18 13:06:52 | 009,961,472 | -H-- | M] () -- C:\Documents and Settings\Raymond\NTUSER.DAT
    [2010/08/18 12:41:45 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2010/08/18 12:37:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/08/18 12:37:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/08/18 12:37:31 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
    [2010/08/18 12:36:45 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Raymond\ntuser.ini
    [2010/08/17 21:45:11 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Raymond\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/17 12:54:02 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Raymond\Bureau\AD-R.lnk
    [2010/08/15 21:04:14 | 000,003,096 | ---- | M] () -- C:\WINDOWS\wincmd.ini
    [2010/08/15 14:09:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/08/11 15:43:45 | 000,458,230 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
    [2010/08/11 15:43:45 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/08/11 15:43:45 | 000,071,248 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
    [2010/08/11 15:43:45 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/08/11 15:43:44 | 000,989,618 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/08/11 15:38:01 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/08/11 15:38:01 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
    [2010/08/10 19:25:37 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/08/10 12:33:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/08/08 20:05:13 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/08/02 19:41:09 | 000,002,591 | ---- | M] () -- C:\Documents and Settings\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
    [2010/08/01 12:13:10 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\Raymond\Bureau\CCleaner.lnk
    [2010/07/30 19:32:21 | 000,000,651 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/07/30 02:03:58 | 004,812,972 | -H-- | M] () -- C:\Documents and Settings\Raymond\Local Settings\Application Data\IconCache.db
    [2010/07/25 18:24:21 | 000,069,568 | ---- | M] () -- C:\Documents and Settings\Raymond\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

    ========== Files Created - No Company Name ==========

    [2010/08/17 12:54:02 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Raymond\Bureau\AD-R.lnk
    [2010/08/11 15:38:01 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/08/11 15:38:01 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
    [2010/08/05 09:45:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/08/01 12:13:10 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\Raymond\Bureau\CCleaner.lnk
    [2009/03/13 13:25:40 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
    [2009/01/20 22:52:37 | 000,552,960 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
    [2009/01/20 22:39:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
    [2008/05/03 05:46:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2008/05/03 05:46:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2008/05/03 05:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2008/05/03 05:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2008/05/03 05:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2008/04/05 19:21:24 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
    [2008/04/05 18:19:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2008/04/05 18:19:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
    [2008/03/22 20:44:38 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2007/10/26 16:08:18 | 000,000,440 | ---- | C] () -- C:\WINDOWS\pcvideo.ini
    [2007/10/26 16:08:17 | 000,010,513 | ---- | C] () -- C:\WINDOWS\Wintvstr.ini
    [2007/10/26 16:08:02 | 000,002,637 | ---- | C] () -- C:\WINDOWS\setupwtv.ini
    [2007/10/19 19:17:06 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2007/10/18 14:34:21 | 000,001,208 | ---- | C] () -- C:\WINDOWS\Radio_Fr.ini
    [2007/10/18 14:13:28 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/10/18 12:29:58 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2007/10/18 12:29:50 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
    [2007/10/17 21:02:23 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
    [2007/10/17 21:02:23 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIFRN.DLL
    [2007/10/17 21:02:23 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2007/10/17 20:04:07 | 000,003,096 | ---- | C] () -- C:\WINDOWS\wincmd.ini
    [2006/08/11 14:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
    [2006/05/23 12:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
    [2005/06/16 18:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
    [2005/05/03 18:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/10/27 00:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D 1B5B4F1
    < End of report >
    a b , Internet Explorer
    18 Août 2010 13:33:18

    Bonjour,

    1)
    Relance OTL.exe.

  • Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant (Ne le modifie pas):

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Kkevapoyowu] C:\WINDOWS\wcdsfv.DLL (CyberLink Corp.)

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


  • Puis clique sur le bouton Correction en haut de la fenêtre.
  • Laisse le programme travailler, redémarre une fois le fix terminé.
  • Enfin, poste un nouveau log OTL (cette fois, ne coche pas les cases LOP Check et Purity).

    Note : Tu verras peut-être un log s'ouvrir après le fix (c'est le log qui montre si la suppression a réussi). Si tu veux le poster, sauvegarde-le sur ton Bureau et poste-le avec le nouveau log OTL

    2)

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
  • Effectue les mises à jour.
  • Ensuite, déconnecte toi et ferme toutes applications en cours.
  • Fais un examen dit Rapide.

    --> Laisse le programme travailler (et ne rien faire d'autre avec le PC durant le scan).
    --> à la fin tu cliques sur Résultat .
    --> Vérifie que tous les objets infectés soient validés, puis clique sur Suppression.

    Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

    Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes', le dernier en date) pour analyse ...
    18 Août 2010 14:56:08




    All processes killed
    ========== OTL ==========
    No active process named explorer.exe was found!
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Kkevapoyowu deleted successfully.
    C:\WINDOWS\wcdsfv.dll moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 65984 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 233575 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Raymond
    ->Temp folder emptied: 17214 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 79923770 bytes
    ->Flash cache emptied: 1406 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 15100 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 37768 bytes

    Total Files Cleaned = 77,00 mb


    OTL by OldTimer - Version 3.2.9.1 log created on 08182010_143520

    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_668.dat not found!

    Registry entries deleted on Reboot...

    ------------------------------------------------------------------------------------------------



    Malwarebytes' Anti-Malware 1.44
    Version de la base de données: 3510
    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    18/08/2010 14:54:52
    mbam-log-2010-08-18 (14-54-52).txt

    Type de recherche: Examen rapide
    Eléments examinés: 114104
    Temps écoulé: 3 minute(s), 44 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    a b , Internet Explorer
    18 Août 2010 16:20:40

    Très bien. Est-ce que tu peux refaire un scan avec OTL et l'uploader sur cijoint s'il te plait ?

    Comment se comporte ton PC maintenant ? Tu as toujours des problèmes de debugger ? Il te dit quel programme plante ?
    a b , Internet Explorer
    18 Août 2010 22:06:31

    Bon, soit tu te fais réinfecter à chaque fois, soit il y a quelque chose que j'ai loupé, parce qu'on a encore un processus et une clé de registre run à supprimer...

    On va essayer de voir avec un autre tool :
    1)
    Les logiciels d'émulation de CD ( comme Daemon Tools et autre ) peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :

  • Télécharge Defogger (de jpshortstuff) sur ton Bureau
    http://www.jpshortstuff.247fixes.com/Defogger.exe
  • Lance le
  • Une fenêtre apparait : clique sur "Disable"
  • Fais redémarrer l'ordinateur si l'outil te le demande
  • Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"

    2)

    Désactive bien ton antivirus avant de faire ça, il peut gêner le programme:
  • Télécharge Gmer. (Przemyslaw Gmerek)
  • Dézippe-le dans un dossier dédié ou sur ton Bureau.
  • Déconnecte toi d'Internet puis ferme tous les programmes.
  • Double-clique sur Gmer.exe.
    Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
  • Clique sur l'onglet Rootkit.
  • A droite, coche seulement Files, Services & Registry.
  • Clique maintenant sur Scan.
  • Lorsque le scan est terminé, clique sur Copy.
  • Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
  • Le rapport doit alors apparaître.
  • Enregistre le fichier sur ton Bureau et poste le contenu ici.
    18 Août 2010 23:26:53

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-08-18 23:25:44
    Windows 5.1.2600 Service Pack 2
    Running: gmer.exe; Driver: C:\DOCUME~1\Raymond\LOCALS~1\Temp\kwpyrfoc.sys


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a9416a825
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a9416a825@0012476470cc 0xC7 0x57 0x33 0x42 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x89 0xDF 0x67 0x94 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\xavier\jeux\farcast\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBF 0x21 0x61 0xE9 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEA 0x86 0x98 0x3F ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xEA 0x86 0x98 0x3F ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a9416a825 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a9416a825@0012476470cc 0xC7 0x57 0x33 0x42 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x89 0xDF 0x67 0x94 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\xavier\jeux\farcast\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBF 0x21 0x61 0xE9 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEA 0x86 0x98 0x3F ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xEA 0x86 0x98 0x3F ...

    ---- EOF - GMER 1.0.15 ----
    a b , Internet Explorer
    19 Août 2010 09:19:04

    Relance OTL.exe.

  • Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant (Ne le modifie pas):

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe ()
    O4 - HKCU..\Run: [Kkevapoyowu] C:\WINDOWS\wcdsfv.DLL (CyberLink Corp.)

    :Files
    C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe
    C:\WINDOWS\wcdsfv.DLL

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


  • Puis clique sur le bouton Correction en haut de la fenêtre.
  • Laisse le programme travailler, redémarre une fois le fix terminé.
  • Enfin, poste un nouveau log OTL (cette fois, ne coche pas les cases LOP Check et Purity).

    Note : Tu verras peut-être un log s'ouvrir après le fix (c'est le log qui montre si la suppression a réussi). Si tu veux le poster, sauvegarde-le sur ton Bureau et poste-le avec le nouveau log OTL
    19 Août 2010 11:48:46

    Bonjour, alors avant que je ne fasse la manip OTL sache que les pubs étaient revenues :(  mais après la petite manip tous avaient disparus^^

    Edit : Le message débogage est revenue est apparemment il veut me corriger ceci "[1028] C:\WINDOWS\system32\svchost.exe"


    OTL logfile created on: 19/08/2010 11:43:18 - Run 6
    OTL by OldTimer - Version 3.2.9.1 Folder = D:\Mes documents\Téléchargements
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    1 022,00 Mb Total Physical Memory | 663,00 Mb Available Physical Memory | 65,00% Memory free
    2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 48,82 Gb Total Space | 6,39 Gb Free Space | 13,10% Space Free | Partition Type: NTFS
    Drive D: | 100,22 Gb Total Space | 25,97 Gb Free Space | 25,91% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: TOULOUSE-5FEBB6
    Current User Name: Raymond
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - D:\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe ()
    PRC - D:\xavier\Ipod\Ipodd\iTunesHelper .exe (Apple Inc.)
    PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    PRC - C:\tomtom\TomTom HOME 2\HOMERunner .exe (TomTom)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe (Hewlett-Packard)
    PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
    PRC - C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


    ========== Modules (SafeList) ==========

    MOD - D:\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
    SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
    SRV - (MDM) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (SetupNTGLM7X) -- I:\NTGLM7X.sys File not found
    DRV - (NTACCESS) -- I:\NTACCESS.sys File not found
    DRV - (GMSIPCI) -- I:\INSTALL\GMSIPCI.SYS File not found
    DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
    DRV - (Daemon) -- C:\WINDOWS\System32\drivers\daemon.sys File not found
    DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
    DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
    DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
    DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
    DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
    DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
    DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
    DRV - (xfilt) -- C:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
    DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
    DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
    DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
    DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
    DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
    DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
    DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
    DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
    DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
    DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
    DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
    DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
    DRV - (hcwPVRP2) Hauppauge WinTV-PVR PCI II (Encoder-16) -- C:\WINDOWS\system32\drivers\hcwPVRP2.sys (Hauppauge Computer Works, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php?"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
    FF - prefs.js..network.proxy.ftp: "localhost"
    FF - prefs.js..network.proxy.gopher: "localhost"
    FF - prefs.js..network.proxy.http: "localhost"
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "localhost"
    FF - prefs.js..network.proxy.ssl: "localhost"
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/10 20:11:59 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/18 20:18:03 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/18 20:17:39 | 000,000,000 | ---D | M]

    [2010/08/18 20:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Extensions
    [2010/03/03 18:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2010/08/18 20:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\ak387jrk.default\extensions
    [2010/08/18 20:17:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/07/23 02:44:11 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
    [2010/07/23 02:44:11 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2010/07/23 02:44:11 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
    [2010/07/23 02:44:11 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
    [2010/07/23 02:44:11 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2010/02/26 17:58:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe ()
    O4 - HKLM..\Run: [iTunesHelper] D:\xavier\Ipod\Ipodd\iTunesHelper.exe ()
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
    O4 - HKCU..\Run: [Kkevapoyowu] C:\WINDOWS\wcdsfv.DLL (CyberLink Corp.)
    O4 - HKCU..\Run: [TomTomHOME.exe] C:\tomtom\TomTom HOME 2\HOMERunner.exe ()
    O4 - Startup: C:\Documents and Settings\Raymond\Menu Démarrer\Programmes\Démarrage\LimeWire On Startup.lnk = C:\LimeWire\LimeWire.exe (Lime Wire, LLC)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Contro... (MUWebControl Class)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c... (HP Download Manager)
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/fichiers/hardwaredet... (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash... (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/10/17 18:55:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/08/17 18:06:21 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2010/08/17 18:06:21 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/08/18 20:44:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Raymond\Recent
    [2010/08/18 15:30:19 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
    [2010/08/18 15:30:19 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
    [2010/08/18 15:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Local Settings\Application Data\Deployment
    [2010/08/17 18:06:21 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
    [2010/08/17 13:01:14 | 000,000,000 | ---D | C] -- C:\UsbFix
    [2010/08/17 12:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
    [2010/08/11 15:40:00 | 000,000,000 | ---D | C] -- D:\Mes documents\Téléchargements
    [2010/08/08 15:19:20 | 000,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
    [2010/08/06 17:31:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\Settings
    [2010/08/06 15:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Malwarebytes
    [2010/08/05 09:45:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2010/08/05 09:45:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2010/08/03 01:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
    [2010/08/03 00:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/08/03 00:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/08/03 00:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2010/08/03 00:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/08/01 14:46:16 | 000,000,000 | ---D | C] -- C:\xavier
    [2010/08/01 14:30:04 | 000,000,000 | ---D | C] -- D:\Mes documents\Money sauvegarde
    [2010/08/01 14:29:12 | 000,000,000 | ---D | C] -- D:\Mes documents\WORD et autres documents textes
    [2010/08/01 14:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
    [2010/08/01 14:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\HPAppData
    [2010/07/30 18:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/07/30 18:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/07/30 18:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\AVS4YOU
    [2010/07/30 18:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\AVSMedia
    [2010/07/30 18:18:26 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
    [2010/07/30 18:18:26 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
    [2010/07/30 18:18:25 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
    [2010/07/30 18:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
    [2010/07/30 18:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
    [2010/07/29 01:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Local Settings\Application Data\WinAVI
    [2010/07/28 12:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\Apowersoft
    [2010/07/25 18:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\vlc
    [2010/07/25 18:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
    [2010/07/21 18:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010/07/21 18:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\$NtUninstallWTF1012$
    [2006/08/11 14:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

    ========== Files - Modified Within 30 Days ==========

    [2010/08/19 11:39:14 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2010/08/19 11:38:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/08/19 11:38:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/08/19 11:38:09 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
    [2010/08/19 11:37:26 | 009,961,472 | -H-- | M] () -- C:\Documents and Settings\Raymond\NTUSER.DAT
    [2010/08/19 11:37:26 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Raymond\ntuser.ini
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
    [2010/08/19 11:33:31 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat
    [2010/08/18 23:00:12 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
    [2010/08/18 23:00:12 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
    [2010/08/18 23:00:06 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
    [2010/08/18 22:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
    [2010/08/18 22:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
    [2010/08/18 21:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
    [2010/08/18 21:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
    [2010/08/18 20:17:42 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/08/18 20:17:42 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
    [2010/08/18 20:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
    [2010/08/18 20:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
    [2010/08/18 19:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
    [2010/08/18 18:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
    [2010/08/18 17:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2010/08/17 21:45:11 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Raymond\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/17 12:54:02 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Raymond\Bureau\AD-R.lnk
    [2010/08/15 21:04:14 | 000,003,096 | ---- | M] () -- C:\WINDOWS\wincmd.ini
    [2010/08/15 14:09:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/08/11 15:43:45 | 000,458,230 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
    [2010/08/11 15:43:45 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/08/11 15:43:45 | 000,071,248 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
    [2010/08/11 15:43:45 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/08/11 15:43:44 | 000,989,618 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/08/10 19:25:37 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/08/10 12:33:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/08/08 20:05:13 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/08/02 19:41:09 | 000,002,591 | ---- | M] () -- C:\Documents and Settings\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
    [2010/08/01 12:13:10 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\Raymond\Bureau\CCleaner.lnk
    [2010/07/30 19:32:21 | 000,000,651 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/07/30 02:03:58 | 004,812,972 | -H-- | M] () -- C:\Documents and Settings\Raymond\Local Settings\Application Data\IconCache.db
    [2010/07/25 18:24:21 | 000,069,568 | ---- | M] () -- C:\Documents and Settings\Raymond\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

    ========== Files Created - No Company Name ==========

    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At95.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At93.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At91.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At89.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At87.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At85.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At83.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At81.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At79.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At77.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At75.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
    [2010/08/18 20:17:42 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/08/18 20:17:42 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
    [2010/08/18 16:57:30 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat
    [2010/08/17 12:54:02 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Raymond\Bureau\AD-R.lnk
    [2010/08/05 09:45:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/08/01 12:13:10 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\Raymond\Bureau\CCleaner.lnk
    [2009/03/13 13:25:40 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
    [2009/01/20 22:52:37 | 000,552,960 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
    [2009/01/20 22:39:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
    [2008/05/03 05:46:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2008/05/03 05:46:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2008/05/03 05:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2008/05/03 05:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2008/05/03 05:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2008/04/05 19:21:24 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
    [2008/04/05 18:19:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2008/04/05 18:19:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
    [2008/03/22 20:44:38 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2007/10/26 16:08:18 | 000,000,440 | ---- | C] () -- C:\WINDOWS\pcvideo.ini
    [2007/10/26 16:08:17 | 000,010,513 | ---- | C] () -- C:\WINDOWS\Wintvstr.ini
    [2007/10/26 16:08:02 | 000,002,637 | ---- | C] () -- C:\WINDOWS\setupwtv.ini
    [2007/10/19 19:17:06 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2007/10/18 14:34:21 | 000,001,208 | ---- | C] () -- C:\WINDOWS\Radio_Fr.ini
    [2007/10/18 14:13:28 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/10/18 12:29:58 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2007/10/18 12:29:50 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
    [2007/10/17 21:02:23 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
    [2007/10/17 21:02:23 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIFRN.DLL
    [2007/10/17 21:02:23 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2007/10/17 20:04:07 | 000,003,096 | ---- | C] () -- C:\WINDOWS\wincmd.ini
    [2006/08/11 14:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
    [2006/05/23 12:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
    [2005/06/16 18:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
    [2005/05/03 18:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/10/27 00:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D 1B5B4F1
    < End of report >
    a b , Internet Explorer
    19 Août 2010 13:58:55

    Bon, t'es complètement réinfecté là... J'avais peut être oublié quelque chose les 1ères fois.
    Si après ça, ça marche pas, on sortira l'artillerie lourde.

    Relance OTL.exe.

  • Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant (Ne le modifie pas):

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171
    O4 - HKCU..\Run: [Kkevapoyowu] C:\WINDOWS\wcdsfv.DLL (CyberLink Corp.)
    [2010/08/19 11:33:31 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat


    :Files
    C:\WINDOWS\tasks\At????.job
    C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat
    C:\WINDOWS\wcdsfv.DLL

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


  • Puis clique sur le bouton Correction en haut de la fenêtre.
  • Laisse le programme travailler, redémarre une fois le fix terminé.
  • Enfin, poste un nouveau log OTL (cette fois, ne coche pas les cases LOP Check et Purity).

    Note : Tu verras peut-être un log s'ouvrir après le fix (c'est le log qui montre si la suppression a réussi). Sauvegarde-le sur ton Bureau et poste-le avec le nouveau log OTL (n'oublie pas de les mettre sur cijoint comme demandé au début)

    19 Août 2010 15:34:14

    L'artillerie lourde je crains le pire^^

    OTL logfile created on: 19/08/2010 15:28:58 - Run 7
    OTL by OldTimer - Version 3.2.9.1 Folder = D:\Mes documents\Téléchargements
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    1 022,00 Mb Total Physical Memory | 651,00 Mb Available Physical Memory | 64,00% Memory free
    2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 48,82 Gb Total Space | 6,39 Gb Free Space | 13,08% Space Free | Partition Type: NTFS
    Drive D: | 100,22 Gb Total Space | 25,96 Gb Free Space | 25,91% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: TOULOUSE-5FEBB6
    Current User Name: Raymond
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - D:\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
    PRC - D:\xavier\Ipod\Ipodd\iTunesHelper .exe (Apple Inc.)
    PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    PRC - C:\tomtom\TomTom HOME 2\HOMERunner .exe (TomTom)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe (Hewlett-Packard)
    PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
    PRC - C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


    ========== Modules (SafeList) ==========

    MOD - D:\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
    SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
    SRV - (MDM) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (SetupNTGLM7X) -- I:\NTGLM7X.sys File not found
    DRV - (NTACCESS) -- I:\NTACCESS.sys File not found
    DRV - (GMSIPCI) -- I:\INSTALL\GMSIPCI.SYS File not found
    DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
    DRV - (Daemon) -- C:\WINDOWS\System32\drivers\daemon.sys File not found
    DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
    DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
    DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
    DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
    DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
    DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
    DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
    DRV - (xfilt) -- C:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
    DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
    DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
    DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
    DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
    DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
    DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
    DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
    DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
    DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
    DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
    DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
    DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
    DRV - (hcwPVRP2) Hauppauge WinTV-PVR PCI II (Encoder-16) -- C:\WINDOWS\system32\drivers\hcwPVRP2.sys (Hauppauge Computer Works, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php?"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
    FF - prefs.js..network.proxy.ftp: "localhost"
    FF - prefs.js..network.proxy.gopher: "localhost"
    FF - prefs.js..network.proxy.http: "localhost"
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "localhost"
    FF - prefs.js..network.proxy.ssl: "localhost"
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/10 20:11:59 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/18 20:18:03 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/18 20:17:39 | 000,000,000 | ---D | M]

    [2010/08/18 20:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Extensions
    [2010/03/03 18:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2010/08/18 20:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\ak387jrk.default\extensions
    [2010/08/18 20:17:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/07/23 02:44:11 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
    [2010/07/23 02:44:11 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2010/07/23 02:44:11 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
    [2010/07/23 02:44:11 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
    [2010/07/23 02:44:11 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2010/02/26 17:58:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe ()
    O4 - HKLM..\Run: [iTunesHelper] D:\xavier\Ipod\Ipodd\iTunesHelper.exe ()
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
    O4 - HKCU..\Run: [Kkevapoyowu] C:\WINDOWS\wcdsfv.DLL ()
    O4 - HKCU..\Run: [TomTomHOME.exe] C:\tomtom\TomTom HOME 2\HOMERunner.exe ()
    O4 - Startup: C:\Documents and Settings\Raymond\Menu Démarrer\Programmes\Démarrage\LimeWire On Startup.lnk = C:\LimeWire\LimeWire.exe (Lime Wire, LLC)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Contro... (MUWebControl Class)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c... (HP Download Manager)
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/fichiers/hardwaredet... (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash... (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/10/17 18:55:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/08/17 18:06:21 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2010/08/17 18:06:21 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/08/18 20:44:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Raymond\Recent
    [2010/08/18 15:30:19 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
    [2010/08/18 15:30:19 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
    [2010/08/18 15:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Local Settings\Application Data\Deployment
    [2010/08/17 18:06:21 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
    [2010/08/17 13:01:14 | 000,000,000 | ---D | C] -- C:\UsbFix
    [2010/08/17 12:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
    [2010/08/11 15:40:00 | 000,000,000 | ---D | C] -- D:\Mes documents\Téléchargements
    [2010/08/08 15:19:20 | 000,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
    [2010/08/06 17:31:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\Settings
    [2010/08/06 15:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Malwarebytes
    [2010/08/05 09:45:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2010/08/05 09:45:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2010/08/03 01:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
    [2010/08/03 00:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/08/03 00:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/08/03 00:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2010/08/03 00:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/08/01 14:46:16 | 000,000,000 | ---D | C] -- C:\xavier
    [2010/08/01 14:30:04 | 000,000,000 | ---D | C] -- D:\Mes documents\Money sauvegarde
    [2010/08/01 14:29:12 | 000,000,000 | ---D | C] -- D:\Mes documents\WORD et autres documents textes
    [2010/08/01 14:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
    [2010/08/01 14:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\HPAppData
    [2010/07/30 18:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/07/30 18:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/07/30 18:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\AVS4YOU
    [2010/07/30 18:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\AVSMedia
    [2010/07/30 18:18:26 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
    [2010/07/30 18:18:26 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
    [2010/07/30 18:18:25 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
    [2010/07/30 18:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
    [2010/07/30 18:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
    [2010/07/29 01:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Local Settings\Application Data\WinAVI
    [2010/07/28 12:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\Apowersoft
    [2010/07/25 18:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond\Application Data\vlc
    [2010/07/25 18:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
    [2010/07/21 18:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010/07/21 18:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\$NtUninstallWTF1012$
    [2006/08/11 14:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

    ========== Files - Modified Within 30 Days ==========

    [2010/08/19 15:28:43 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2010/08/19 15:26:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/08/19 15:26:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/08/19 15:26:35 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
    [2010/08/19 15:25:44 | 009,961,472 | -H-- | M] () -- C:\Documents and Settings\Raymond\NTUSER.DAT
    [2010/08/19 15:25:44 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Raymond\ntuser.ini
    [2010/08/19 15:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
    [2010/08/19 15:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
    [2010/08/19 15:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
    [2010/08/19 15:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
    [2010/08/19 15:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At112.job
    [2010/08/19 14:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
    [2010/08/19 14:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
    [2010/08/19 14:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
    [2010/08/19 14:00:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
    [2010/08/19 14:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At111.job
    [2010/08/19 13:42:48 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At99.job
    [2010/08/19 13:42:48 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At98.job
    [2010/08/19 13:42:48 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At97.job
    [2010/08/19 13:42:48 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At120.job
    [2010/08/19 13:42:48 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At119.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At118.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At117.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At116.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At115.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At114.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At113.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At110.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At109.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At108.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At107.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At106.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At105.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At104.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At103.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At102.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At101.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At100.job
    [2010/08/19 13:42:46 | 000,072,706 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe
    [2010/08/19 13:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
    [2010/08/19 13:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
    [2010/08/19 13:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
    [2010/08/19 13:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
    [2010/08/19 12:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
    [2010/08/19 12:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
    [2010/08/19 12:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
    [2010/08/19 12:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
    [2010/08/18 23:00:12 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
    [2010/08/18 23:00:12 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
    [2010/08/18 23:00:06 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
    [2010/08/18 22:47:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
    [2010/08/18 22:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
    [2010/08/18 22:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
    [2010/08/18 21:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
    [2010/08/18 21:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
    [2010/08/18 20:17:42 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/08/18 20:17:42 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
    [2010/08/18 20:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
    [2010/08/18 20:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
    [2010/08/18 19:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
    [2010/08/18 18:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
    [2010/08/18 17:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2010/08/17 21:45:11 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Raymond\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/17 12:54:02 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Raymond\Bureau\AD-R.lnk
    [2010/08/15 21:04:14 | 000,003,096 | ---- | M] () -- C:\WINDOWS\wincmd.ini
    [2010/08/15 14:09:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/08/11 15:43:45 | 000,458,230 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
    [2010/08/11 15:43:45 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/08/11 15:43:45 | 000,071,248 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
    [2010/08/11 15:43:45 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/08/11 15:43:44 | 000,989,618 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/08/10 19:25:37 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/08/10 12:33:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/08/08 20:05:13 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/08/02 19:41:09 | 000,002,591 | ---- | M] () -- C:\Documents and Settings\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
    [2010/08/01 12:13:10 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\Raymond\Bureau\CCleaner.lnk
    [2010/07/30 19:32:21 | 000,000,651 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/07/30 02:03:58 | 004,812,972 | -H-- | M] () -- C:\Documents and Settings\Raymond\Local Settings\Application Data\IconCache.db
    [2010/07/25 18:24:21 | 000,069,568 | ---- | M] () -- C:\Documents and Settings\Raymond\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

    ========== Files Created - No Company Name ==========

    [2010/08/19 13:42:47 | 000,072,706 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe
    [2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At99.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At98.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At97.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At120.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At119.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At118.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At117.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At116.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At115.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At114.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At113.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At112.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At111.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At110.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At109.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At108.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At107.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At106.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At105.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At104.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At103.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At102.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At101.job
    [2010/08/19 13:42:47 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At100.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At95.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At93.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At91.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At89.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At87.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At85.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At83.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At81.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At79.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At77.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At75.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
    [2010/08/19 11:33:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
    [2010/08/18 22:47:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
    [2010/08/18 20:17:42 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/08/18 20:17:42 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
    [2010/08/18 19:19:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
    [2010/08/18 16:57:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
    [2010/08/17 12:54:02 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Raymond\Bureau\AD-R.lnk
    [2010/08/05 09:45:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/08/01 12:13:10 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\Raymond\Bureau\CCleaner.lnk
    [2009/03/13 13:25:40 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
    [2009/01/20 22:52:37 | 000,552,960 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
    [2009/01/20 22:39:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
    [2008/05/03 05:46:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2008/05/03 05:46:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2008/05/03 05:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2008/05/03 05:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2008/05/03 05:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2008/04/05 19:21:24 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
    [2008/04/05 18:19:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2008/04/05 18:19:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
    [2008/03/22 20:44:38 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2007/10/26 16:08:18 | 000,000,440 | ---- | C] () -- C:\WINDOWS\pcvideo.ini
    [2007/10/26 16:08:17 | 000,010,513 | ---- | C] () -- C:\WINDOWS\Wintvstr.ini
    [2007/10/26 16:08:02 | 000,002,637 | ---- | C] () -- C:\WINDOWS\setupwtv.ini
    [2007/10/19 19:17:06 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2007/10/18 14:34:21 | 000,001,208 | ---- | C] () -- C:\WINDOWS\Radio_Fr.ini
    [2007/10/18 14:13:28 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/10/18 12:29:58 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2007/10/18 12:29:50 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
    [2007/10/17 21:02:23 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
    [2007/10/17 21:02:23 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIFRN.DLL
    [2007/10/17 21:02:23 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2007/10/17 20:04:07 | 000,003,096 | ---- | C] () -- C:\WINDOWS\wincmd.ini
    [2006/08/11 14:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
    [2006/05/23 12:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
    [2005/06/16 18:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
    [2005/05/03 18:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/10/27 00:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D 1B5B4F1
    < End of report >
    a b , Internet Explorer
    19 Août 2010 18:36:53

    Est-ce que tu peux refaire ce que je t'ai dit, mais en sauvegardant bien le log de suppression OTL s'il te plait ?
    J'ai pas l'impression que ça ait fait grand chose là.

    Et puis, si tu pouvais les mettre sur cijoint aussi... merci :) 
    a b , Internet Explorer
    19 Août 2010 19:16:38

    Aaaah, y'a toujours pas le log de suppression, parce que rien n'est supprimé là..
    19 Août 2010 19:28:37

    Ah désole j'avais pas compris que je devais le poster !!
    Par contre je n'arrive pas à le mettre sur cijoint...


    All processes killed
    ========== OTL ==========
    No active process named explorer.exe was found!
    Process k6ByrXld.exe killed successfully!
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Kkevapoyowu deleted successfully.
    C:\WINDOWS\wcdsfv.dll moved successfully.
    ========== FILES ==========
    C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe moved successfully.
    C:\WINDOWS\wcdsfv.dll moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 65984 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 277926 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 824 bytes

    User: Raymond
    ->Temp folder emptied: 1248960 bytes
    ->Temporary Internet Files folder emptied: 547442 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 43474644 bytes
    ->Flash cache emptied: 646 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 125204 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 732309891 bytes

    Total Files Cleaned = 742,00 mb


    OTL by OldTimer - Version 3.2.9.1 log created on 08192010_185539

    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
    File move failed. C:\WINDOWS\temp\Perflib_Perfdata_648.dat scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
    a b , Internet Explorer
    20 Août 2010 01:06:57

    Il a pas tué les tâches planifiés ? *-)

    Relance OTL.exe.

  • Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant (Ne le modifie pas):

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

    :Files
    C:\WINDOWS\tasks\At??.job

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


  • Puis clique sur le bouton Correction en haut de la fenêtre.
  • Laisse le programme travailler, redémarre une fois le fix terminé.
  • Enfin, poste un nouveau log OTL (cette fois, ne coche pas les cases LOP Check et Purity).

    Note : Tu verras peut-être un log s'ouvrir après le fix (c'est le log qui montre si la suppression a réussi). Si tu veux le poster, sauvegarde-le sur ton Bureau et poste-le avec le nouveau log OTL



    Et poste bien les deux logs s'il te plait. (sur cijoint pour le log OTL normal et tu peux copier directement sur le forum celui de suppression)
    20 Août 2010 11:15:28

    Voila chef j'espère ne pas avoir ait de bêtise ^^
    Apparemment mon PC se comporte super bien !! J'espère que tu pourras confirmer ;) 


    http://www.cijoint.fr/cjlink.php?file=cj201008/cijTccOp...



    All processes killed
    ========== OTL ==========
    No active process named explorer.exe was found!
    ========== FILES ==========
    C:\WINDOWS\tasks\At1.job moved successfully.
    C:\WINDOWS\tasks\At10.job moved successfully.
    C:\WINDOWS\tasks\At11.job moved successfully.
    C:\WINDOWS\tasks\At12.job moved successfully.
    C:\WINDOWS\tasks\At13.job moved successfully.
    C:\WINDOWS\tasks\At14.job moved successfully.
    C:\WINDOWS\tasks\At15.job moved successfully.
    C:\WINDOWS\tasks\At16.job moved successfully.
    C:\WINDOWS\tasks\At17.job moved successfully.
    C:\WINDOWS\tasks\At18.job moved successfully.
    C:\WINDOWS\tasks\At19.job moved successfully.
    C:\WINDOWS\tasks\At2.job moved successfully.
    C:\WINDOWS\tasks\At20.job moved successfully.
    C:\WINDOWS\tasks\At21.job moved successfully.
    C:\WINDOWS\tasks\At22.job moved successfully.
    C:\WINDOWS\tasks\At23.job moved successfully.
    C:\WINDOWS\tasks\At24.job moved successfully.
    C:\WINDOWS\tasks\At25.job moved successfully.
    C:\WINDOWS\tasks\At26.job moved successfully.
    C:\WINDOWS\tasks\At27.job moved successfully.
    C:\WINDOWS\tasks\At28.job moved successfully.
    C:\WINDOWS\tasks\At29.job moved successfully.
    C:\WINDOWS\tasks\At3.job moved successfully.
    C:\WINDOWS\tasks\At30.job moved successfully.
    C:\WINDOWS\tasks\At31.job moved successfully.
    C:\WINDOWS\tasks\At32.job moved successfully.
    C:\WINDOWS\tasks\At33.job moved successfully.
    C:\WINDOWS\tasks\At34.job moved successfully.
    C:\WINDOWS\tasks\At35.job moved successfully.
    C:\WINDOWS\tasks\At36.job moved successfully.
    C:\WINDOWS\tasks\At37.job moved successfully.
    C:\WINDOWS\tasks\At38.job moved successfully.
    C:\WINDOWS\tasks\At39.job moved successfully.
    C:\WINDOWS\tasks\At4.job moved successfully.
    C:\WINDOWS\tasks\At40.job moved successfully.
    C:\WINDOWS\tasks\At41.job moved successfully.
    C:\WINDOWS\tasks\At42.job moved successfully.
    C:\WINDOWS\tasks\At43.job moved successfully.
    C:\WINDOWS\tasks\At44.job moved successfully.
    C:\WINDOWS\tasks\At45.job moved successfully.
    C:\WINDOWS\tasks\At46.job moved successfully.
    C:\WINDOWS\tasks\At47.job moved successfully.
    C:\WINDOWS\tasks\At48.job moved successfully.
    C:\WINDOWS\tasks\At49.job moved successfully.
    C:\WINDOWS\tasks\At5.job moved successfully.
    C:\WINDOWS\tasks\At50.job moved successfully.
    C:\WINDOWS\tasks\At51.job moved successfully.
    C:\WINDOWS\tasks\At52.job moved successfully.
    C:\WINDOWS\tasks\At53.job moved successfully.
    C:\WINDOWS\tasks\At54.job moved successfully.
    C:\WINDOWS\tasks\At55.job moved successfully.
    C:\WINDOWS\tasks\At56.job moved successfully.
    C:\WINDOWS\tasks\At57.job moved successfully.
    C:\WINDOWS\tasks\At58.job moved successfully.
    C:\WINDOWS\tasks\At59.job moved successfully.
    C:\WINDOWS\tasks\At6.job moved successfully.
    C:\WINDOWS\tasks\At60.job moved successfully.
    C:\WINDOWS\tasks\At61.job moved successfully.
    C:\WINDOWS\tasks\At62.job moved successfully.
    C:\WINDOWS\tasks\At63.job moved successfully.
    C:\WINDOWS\tasks\At64.job moved successfully.
    C:\WINDOWS\tasks\At65.job moved successfully.
    C:\WINDOWS\tasks\At66.job moved successfully.
    C:\WINDOWS\tasks\At67.job moved successfully.
    C:\WINDOWS\tasks\At68.job moved successfully.
    C:\WINDOWS\tasks\At69.job moved successfully.
    C:\WINDOWS\tasks\At7.job moved successfully.
    C:\WINDOWS\tasks\At70.job moved successfully.
    C:\WINDOWS\tasks\At71.job moved successfully.
    C:\WINDOWS\tasks\At72.job moved successfully.
    C:\WINDOWS\tasks\At73.job moved successfully.
    C:\WINDOWS\tasks\At74.job moved successfully.
    C:\WINDOWS\tasks\At75.job moved successfully.
    C:\WINDOWS\tasks\At76.job moved successfully.
    C:\WINDOWS\tasks\At77.job moved successfully.
    C:\WINDOWS\tasks\At78.job moved successfully.
    C:\WINDOWS\tasks\At79.job moved successfully.
    C:\WINDOWS\tasks\At8.job moved successfully.
    C:\WINDOWS\tasks\At80.job moved successfully.
    C:\WINDOWS\tasks\At81.job moved successfully.
    C:\WINDOWS\tasks\At82.job moved successfully.
    C:\WINDOWS\tasks\At83.job moved successfully.
    C:\WINDOWS\tasks\At84.job moved successfully.
    C:\WINDOWS\tasks\At85.job moved successfully.
    C:\WINDOWS\tasks\At86.job moved successfully.
    C:\WINDOWS\tasks\At87.job moved successfully.
    C:\WINDOWS\tasks\At88.job moved successfully.
    C:\WINDOWS\tasks\At89.job moved successfully.
    C:\WINDOWS\tasks\At9.job moved successfully.
    C:\WINDOWS\tasks\At90.job moved successfully.
    C:\WINDOWS\tasks\At91.job moved successfully.
    C:\WINDOWS\tasks\At92.job moved successfully.
    C:\WINDOWS\tasks\At93.job moved successfully.
    C:\WINDOWS\tasks\At94.job moved successfully.
    C:\WINDOWS\tasks\At95.job moved successfully.
    C:\WINDOWS\tasks\At96.job moved successfully.
    C:\WINDOWS\tasks\At97.job moved successfully.
    C:\WINDOWS\tasks\At98.job moved successfully.
    C:\WINDOWS\tasks\At99.job moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 65984 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Raymond
    ->Temp folder emptied: 3144647 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 96478263 bytes
    ->Flash cache emptied: 1047 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 187126 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 95,00 mb


    OTL by OldTimer - Version 3.2.9.1 log created on 08202010_110330

    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_62c.dat not found!

    Registry entries deleted on Reboot...
    a b , Internet Explorer
    20 Août 2010 13:47:34

    Booon, c'est pas encore tout à fait ça.

    Relance OTL.exe.

  • Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant (Ne le modifie pas):

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    [2010/08/19 23:06:14 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat
    [2010/08/19 23:06:13 | 000,072,706 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe
    O4 - HKCU..\Run: [Kkevapoyowu] C:\WINDOWS\wcdsfv.DLL (CyberLink Corp.)

    :Services

    :Reg

    :Files
    C:\WINDOWS\tasks\At????.job
    C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat
    C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe
    C:\WINDOWS\wcdsfv.DLL

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


  • Puis clique sur le bouton Correction en haut de la fenêtre.
  • Laisse le programme travailler, redémarre une fois le fix terminé.
  • Enfin, poste un nouveau log OTL (cette fois, ne coche pas les cases LOP Check et Purity).

    Note : Tu verras peut-être un log s'ouvrir après le fix (c'est le log qui montre si la suppression a réussi). Si tu veux le poster, sauvegarde-le sur ton Bureau et poste-le avec le nouveau log OTL


    Et comme la dernière fois, met bien le rapport OTL sur cijoint et le rapport de suppression sur le forum.

    J'espère que ça sera bon cette fois-ci.
    20 Août 2010 14:28:07

    EDIT: il faut sortir les artilleries lourdes y a tous qui est revenus....
    2 EDIT : Bé en fait j'ai plus rien là... tous marche bien il n'y a pas de soucis !!

    http://www.cijoint.fr/cjlink.php?file=cj201008/cijFkK07...



    All processes killed
    ========== OTL ==========
    No active process named explorer.exe was found!
    C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat moved successfully.
    C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe moved successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Kkevapoyowu deleted successfully.
    C:\WINDOWS\wcdsfv.dll moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\WINDOWS\tasks\At100.job moved successfully.
    C:\WINDOWS\tasks\At101.job moved successfully.
    C:\WINDOWS\tasks\At102.job moved successfully.
    C:\WINDOWS\tasks\At103.job moved successfully.
    C:\WINDOWS\tasks\At104.job moved successfully.
    C:\WINDOWS\tasks\At105.job moved successfully.
    C:\WINDOWS\tasks\At106.job moved successfully.
    C:\WINDOWS\tasks\At107.job moved successfully.
    C:\WINDOWS\tasks\At108.job moved successfully.
    C:\WINDOWS\tasks\At109.job moved successfully.
    C:\WINDOWS\tasks\At110.job moved successfully.
    C:\WINDOWS\tasks\At111.job moved successfully.
    C:\WINDOWS\tasks\At112.job moved successfully.
    C:\WINDOWS\tasks\At113.job moved successfully.
    C:\WINDOWS\tasks\At114.job moved successfully.
    C:\WINDOWS\tasks\At115.job moved successfully.
    C:\WINDOWS\tasks\At116.job moved successfully.
    C:\WINDOWS\tasks\At117.job moved successfully.
    C:\WINDOWS\tasks\At118.job moved successfully.
    C:\WINDOWS\tasks\At119.job moved successfully.
    C:\WINDOWS\tasks\At120.job moved successfully.
    C:\WINDOWS\tasks\At121.job moved successfully.
    C:\WINDOWS\tasks\At122.job moved successfully.
    C:\WINDOWS\tasks\At123.job moved successfully.
    C:\WINDOWS\tasks\At124.job moved successfully.
    C:\WINDOWS\tasks\At125.job moved successfully.
    C:\WINDOWS\tasks\At126.job moved successfully.
    C:\WINDOWS\tasks\At127.job moved successfully.
    C:\WINDOWS\tasks\At128.job moved successfully.
    C:\WINDOWS\tasks\At129.job moved successfully.
    C:\WINDOWS\tasks\At130.job moved successfully.
    C:\WINDOWS\tasks\At131.job moved successfully.
    C:\WINDOWS\tasks\At132.job moved successfully.
    C:\WINDOWS\tasks\At133.job moved successfully.
    C:\WINDOWS\tasks\At134.job moved successfully.
    C:\WINDOWS\tasks\At135.job moved successfully.
    C:\WINDOWS\tasks\At136.job moved successfully.
    C:\WINDOWS\tasks\At137.job moved successfully.
    C:\WINDOWS\tasks\At138.job moved successfully.
    C:\WINDOWS\tasks\At139.job moved successfully.
    C:\WINDOWS\tasks\At140.job moved successfully.
    C:\WINDOWS\tasks\At141.job moved successfully.
    C:\WINDOWS\tasks\At142.job moved successfully.
    C:\WINDOWS\tasks\At143.job moved successfully.
    C:\WINDOWS\tasks\At144.job moved successfully.
    C:\WINDOWS\tasks\At145.job moved successfully.
    C:\WINDOWS\tasks\At146.job moved successfully.
    C:\WINDOWS\tasks\At147.job moved successfully.
    C:\WINDOWS\tasks\At148.job moved successfully.
    C:\WINDOWS\tasks\At149.job moved successfully.
    C:\WINDOWS\tasks\At150.job moved successfully.
    C:\WINDOWS\tasks\At151.job moved successfully.
    C:\WINDOWS\tasks\At152.job moved successfully.
    C:\WINDOWS\tasks\At153.job moved successfully.
    C:\WINDOWS\tasks\At154.job moved successfully.
    C:\WINDOWS\tasks\At155.job moved successfully.
    C:\WINDOWS\tasks\At156.job moved successfully.
    C:\WINDOWS\tasks\At157.job moved successfully.
    C:\WINDOWS\tasks\At158.job moved successfully.
    C:\WINDOWS\tasks\At159.job moved successfully.
    C:\WINDOWS\tasks\At160.job moved successfully.
    C:\WINDOWS\tasks\At161.job moved successfully.
    C:\WINDOWS\tasks\At162.job moved successfully.
    C:\WINDOWS\tasks\At163.job moved successfully.
    C:\WINDOWS\tasks\At164.job moved successfully.
    C:\WINDOWS\tasks\At165.job moved successfully.
    C:\WINDOWS\tasks\At166.job moved successfully.
    C:\WINDOWS\tasks\At167.job moved successfully.
    C:\WINDOWS\tasks\At168.job moved successfully.
    C:\WINDOWS\tasks\At169.job moved successfully.
    C:\WINDOWS\tasks\At170.job moved successfully.
    C:\WINDOWS\tasks\At171.job moved successfully.
    C:\WINDOWS\tasks\At172.job moved successfully.
    C:\WINDOWS\tasks\At173.job moved successfully.
    C:\WINDOWS\tasks\At174.job moved successfully.
    C:\WINDOWS\tasks\At175.job moved successfully.
    C:\WINDOWS\tasks\At176.job moved successfully.
    C:\WINDOWS\tasks\At177.job moved successfully.
    C:\WINDOWS\tasks\At178.job moved successfully.
    C:\WINDOWS\tasks\At179.job moved successfully.
    C:\WINDOWS\tasks\At180.job moved successfully.
    C:\WINDOWS\tasks\At181.job moved successfully.
    C:\WINDOWS\tasks\At182.job moved successfully.
    C:\WINDOWS\tasks\At183.job moved successfully.
    C:\WINDOWS\tasks\At184.job moved successfully.
    C:\WINDOWS\tasks\At185.job moved successfully.
    C:\WINDOWS\tasks\At186.job moved successfully.
    C:\WINDOWS\tasks\At187.job moved successfully.
    C:\WINDOWS\tasks\At188.job moved successfully.
    C:\WINDOWS\tasks\At189.job moved successfully.
    C:\WINDOWS\tasks\At190.job moved successfully.
    C:\WINDOWS\tasks\At191.job moved successfully.
    C:\WINDOWS\tasks\At192.job moved successfully.
    C:\WINDOWS\tasks\At193.job moved successfully.
    C:\WINDOWS\tasks\At194.job moved successfully.
    C:\WINDOWS\tasks\At195.job moved successfully.
    C:\WINDOWS\tasks\At196.job moved successfully.
    C:\WINDOWS\tasks\At197.job moved successfully.
    C:\WINDOWS\tasks\At198.job moved successfully.
    C:\WINDOWS\tasks\At199.job moved successfully.
    C:\WINDOWS\tasks\At200.job moved successfully.
    C:\WINDOWS\tasks\At201.job moved successfully.
    C:\WINDOWS\tasks\At202.job moved successfully.
    C:\WINDOWS\tasks\At203.job moved successfully.
    C:\WINDOWS\tasks\At204.job moved successfully.
    C:\WINDOWS\tasks\At205.job moved successfully.
    C:\WINDOWS\tasks\At206.job moved successfully.
    C:\WINDOWS\tasks\At207.job moved successfully.
    C:\WINDOWS\tasks\At208.job moved successfully.
    C:\WINDOWS\tasks\At209.job moved successfully.
    C:\WINDOWS\tasks\At210.job moved successfully.
    C:\WINDOWS\tasks\At211.job moved successfully.
    C:\WINDOWS\tasks\At212.job moved successfully.
    C:\WINDOWS\tasks\At213.job moved successfully.
    C:\WINDOWS\tasks\At214.job moved successfully.
    C:\WINDOWS\tasks\At215.job moved successfully.
    C:\WINDOWS\tasks\At216.job moved successfully.
    File\Folder C:\Documents and Settings\All Users\Application Data\cn1lW7Ms.dat not found.
    File\Folder C:\Documents and Settings\All Users\Application Data\k6ByrXld.exe not found.
    C:\WINDOWS\wcdsfv.dll moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 219983 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 527 bytes

    User: Raymond
    ->Temp folder emptied: 1269170 bytes
    ->Temporary Internet Files folder emptied: 618940 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 88333578 bytes
    ->Flash cache emptied: 1843 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 152139 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 459326 bytes

    Total Files Cleaned = 87,00 mb


    OTL by OldTimer - Version 3.2.9.1 log created on 08202010_140501

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Y5C5E7WB\blackberry-bold-9700[1].mc_id=100001189 not found!
    File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
    C:\WINDOWS\temp\Perflib_Perfdata_630.dat moved successfully.

    Registry entries deleted on Reboot...
    a b , Internet Explorer
    21 Août 2010 00:37:21

    Hop hop hop, artillerie lourde...

    Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe


    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>[ ! ATTENTION ! ]<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
  • Ferme tes applications en cours ( ainsi que ton navigateur ) .
  • DÉSACTIVE TOUTES TES DÉFENSES (anti-virus, garde anti spy-ware, pare-feu) le temps de la manipe.
    En effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil (voire planter le PC)...Tu les réactiveras donc après !
    > Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
  • Tuto (aide) ici : http://www.bleepingcomputer.com/combofix/fr/comment-uti...
  • Note : pour XP, il est IMPÉRATIF d'installer la Console de Récupération de Windows si l'outil le demande (voir tuto ci-dessus).
    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>[ ! ATTENTION ! ]<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<


    Ensuite :
    > Clique droit/ "exécuter en tant qu'admin..." sur l'icône "ComboFix.exe" pour lancer l'outil .
    > A la fenêtre "DISCLAIMER..." , clique sur "oui" et laisse travailler ...


    Notes importantes :
    -> Ne rien faire avec le PC pendant le scan !
    -> N'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
    -> Si l'outil t'annonce qu'un version plus récente de ComboFix est disponible, accepte la mise à jour.
    -> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisse le faire .
    -> Si l'outil t'annonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarrer votre machine", tu acceptes .
    -> Si après un reboot éventuel , ton antivirus s'affole lorsque travail encore ComboFix , ignore les alertes ! ( ne supprime rien et ne mets rien en quarantaine )

    Le rapport sera crée ici : C:\Combofix.txt

    Réactive bien tes défenses une fois la procédure terminée.


    > Poste le rapport ComboFix pour analyse et attends la suite ...



    Note: je pars en vacances demain matin pour une semaine. Il y a Sham_Rock qui devrait passer sur le topic pour prendre la suite, sinon je reviens dans une semaine.
    21 Août 2010 12:45:22

    Bonne vacance à toi !!





    ComboFix 10-08-20.01 - Raymond 21/08/2010 12:30:48.3.1 - x86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1022.665 [GMT 2:00]
    Lancé depuis: d:\mes documents\Téléchargements\ComboFix.exe
    AV: avast! antivirus 4.8.1229 [VPS 081231-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users.\documents\settings
    c:\documents and settings\All Users\Application Data\k6ByrXld.exe
    c:\program files\$NtUninstallWTF1012$
    c:\program files\$NtUninstallWTF1012$\elUninstall.exe
    c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe
    c:\program files\HP\HP Software Update\HPWuSchd2.exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\QuickTime\qttask .exe
    c:\tomtom\TomTom HOME 2\HOMERunner.exe
    c:\windows\Tasks\At1.job
    c:\windows\wcdsfv.dll
    C:\xcrashdump.dat
    d:\xavier\Ipod\Ipodd\iTunesHelper.exe

    1. <pre>
    2. c:\program files\Fichiers communs\InstallShield\UpdateService\issch .exe --->c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe
    3. c:\program files\HP\HP Software Update\HPWuSchd2 .exe --->c:\program files\HP\HP Software Update\HPWuSchd2.exe
    4. c:\program files\QuickTime\qttask .exe --->c:\program files\QuickTime\qttask.exe
    5. c:\tomtom\TomTom HOME 2\HOMERunner .exe --->c:\tomtom\TomTom HOME 2\HOMERunner.exe
    6. </pre>

    .
    Une copie infectée de c:\windows\system32\drivers\ftdisk.sys a été trouvée et désinfectée
    Copie restaurée à partir de - Kitty had a snack :p 
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-07-21 au 2010-08-21 ))))))))))))))))))))))))))))))))))))
    .

    2010-08-20 19:44 . 2010-08-20 19:44 -------- d--h--w- c:\windows\msdownld.tmp
    2010-08-20 19:42 . 2009-02-20 08:31 81920 ----a-w- c:\windows\system32\ieencode.dll
    2010-08-20 19:42 . 2009-02-20 08:31 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
    2010-08-18 13:08 . 2010-08-20 20:05 -------- d-----w- c:\documents and settings\Raymond\Local Settings\Application Data\Deployment
    2010-08-17 11:01 . 2010-08-17 16:06 -------- d-----w- C:\UsbFix
    2010-08-17 10:54 . 2010-08-17 15:55 -------- d-----w- c:\program files\Ad-Remover
    2010-08-08 17:04 . 2010-08-12 11:12 -------- d-----w- c:\documents and settings\NetworkService\Tracing
    2010-08-08 13:19 . 2004-08-03 21:10 38016 -c--a-w- c:\windows\system32\dllcache\bthmodem.sys
    2010-08-08 13:19 . 2004-08-03 21:10 38016 ----a-w- c:\windows\system32\drivers\bthmodem.sys
    2010-08-06 13:12 . 2010-08-06 13:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Malwarebytes
    2010-08-05 07:45 . 2010-08-10 10:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-08-05 07:45 . 2010-08-05 07:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-08-02 23:12 . 2010-08-02 23:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
    2010-08-02 22:23 . 2010-08-02 22:23 -------- d-----w- c:\program files\iPod
    2010-08-02 22:22 . 2010-08-02 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-08-02 22:18 . 2010-08-02 22:18 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
    2010-08-02 22:13 . 2010-08-02 22:13 -------- d-----w- c:\program files\Apple Software Update
    2010-08-02 22:09 . 2010-08-02 22:09 -------- d-----w- c:\program files\Bonjour
    2010-08-01 12:46 . 2010-08-19 13:56 -------- d-----w- C:\xavier
    2010-08-01 12:10 . 2010-08-01 12:10 69568 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-08-01 12:01 . 2010-08-01 12:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
    2010-08-01 12:01 . 2010-08-20 21:23 -------- d-----w- c:\documents and settings\NetworkService\Application Data\HPAppData
    2010-08-01 12:01 . 2010-08-01 12:01 -------- d-----r- c:\documents and settings\NetworkService\Favoris
    2010-07-30 16:20 . 2010-07-30 16:20 -------- d-----w- c:\documents and settings\Raymond\Application Data\AVS4YOU
    2010-07-30 16:19 . 2010-07-30 20:22 -------- d-----w- c:\program files\Fichiers communs\AVSMedia
    2010-07-30 16:18 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
    2010-07-30 16:18 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
    2010-07-30 16:18 . 2010-08-01 10:35 -------- d-----w- c:\program files\AVS4YOU
    2010-07-30 16:18 . 2010-07-30 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
    2010-07-30 16:18 . 2008-08-13 09:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
    2010-07-28 23:13 . 2010-07-28 23:13 -------- d-----w- c:\documents and settings\Raymond\Local Settings\Application Data\WinAVI
    2010-07-28 10:20 . 2010-07-28 10:20 -------- d-----w- c:\documents and settings\Raymond\Application Data\Apowersoft
    2010-07-25 16:30 . 2010-07-25 16:33 -------- d-----w- c:\documents and settings\Raymond\Application Data\vlc
    2010-07-25 16:29 . 2010-07-25 16:29 -------- d-----w- c:\program files\VideoLAN

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-21 10:36 . 2007-12-23 09:29 -------- d-----w- c:\program files\QuickTime
    2010-08-21 10:23 . 2010-03-10 18:23 -------- d-----w- c:\documents and settings\Raymond\Application Data\HPAppData
    2010-08-21 09:55 . 2010-08-20 14:12 112 ----a-w- c:\documents and settings\All Users\Application Data\cn1lW7Ms.dat
    2010-08-21 09:51 . 2010-03-03 16:42 -------- d-----w- c:\documents and settings\Raymond\Application Data\LimeWire
    2010-08-11 13:43 . 2001-08-28 10:00 71248 ----a-w- c:\windows\system32\perfc00C.dat
    2010-08-11 13:43 . 2001-08-28 10:00 458230 ----a-w- c:\windows\system32\perfh00C.dat
    2010-08-03 10:54 . 2007-12-23 09:30 -------- d-----w- c:\documents and settings\Raymond\Application Data\Apple Computer
    2010-08-02 22:23 . 2007-12-23 09:29 -------- d-----w- c:\program files\Fichiers communs\Apple
    2010-08-01 12:52 . 2007-10-17 18:06 -------- d-----w- c:\program files\Google
    2010-08-01 10:34 . 2007-10-18 11:29 -------- d-----w- c:\program files\PestPatrol
    2010-07-30 21:04 . 2007-10-19 17:15 -------- d-----w- c:\program files\Picasa2
    2010-07-25 16:24 . 2007-10-19 18:57 69568 ----a-w- c:\documents and settings\Raymond\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-07-21 14:30 . 2010-07-21 14:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
    2010-06-08 14:51 . 2010-06-08 14:51 40629 ----a-w- c:\windows\system32\xnfiv.exe
    2010-05-24 16:31 . 2010-05-24 16:31 40633 ----a-w- c:\windows\system32\ulmkyadd.exe
    .
    1. <pre>
    2. c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    3. c:\program files\PestPatrol\CookiePatrol .exe
    4. c:\program files\PestPatrol\PPControl .exe
    5. c:\program files\PestPatrol\PPMemCheck .exe
    6. c:\program files\Picasa2\PicasaMediaDetector .exe
    7. c:\program files\Windows Live\Messenger\msnmsgr .exe
    8. c:\program files\Windows Live\Messenger\msnmsgr .exe
    9. c:\program files\Windows Live\Messenger\msnmsgr .exe
    10. c:\program files\Windows Live\Messenger\msnmsgr .exe
    11. c:\program files\Windows Live\Messenger\msnmsgr .exe
    12. c:\program files\Windows Live\Messenger\msnmsgr .exe
    13. c:\program files\Windows Live\Messenger\msnmsgr .exe
    14. c:\program files\Windows Live\Messenger\msnmsgr .exe
    15. c:\program files\Windows Live\Messenger\msnmsgr .exe
    16. c:\program files\Windows Live\Messenger\msnmsgr .exe
    17. c:\program files\Windows Live\Messenger\msnmsgr .exe
    18. c:\program files\Windows Live\Messenger\msnmsgr .exe
    19. c:\program files\Windows Live\Messenger\msnmsgr .exe
    20. c:\program files\Windows Live\Messenger\msnmsgr .exe
    21. c:\program files\Windows Live\Messenger\msnmsgr .exe
    22. c:\program files\Windows Live\Messenger\msnmsgr .exe
    23. c:\program files\Windows Live\Messenger\msnmsgr .exe
    24. </pre>


    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TomTomHOME.exe"="c:\tomtom\TomTom HOME 2\HOMERunner.exe" [2008-02-18 206184]
    "Kkevapoyowu"="c:\windows\wcdsfv.dll" [N/A]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
    "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 110592]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
    "nwiz"="nwiz.exe" [2008-05-03 1630208]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
    "iTunesHelper"="d:\xavier\Ipod\Ipodd\iTunesHelper.exe" [N/A]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
    "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2010-07-30 36868]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr .exe" [2009-07-26 3883856]

    c:\documents and settings\Raymond\Menu D‚marrer\Programmes\D‚marrage\
    LimeWire On Startup.lnk - c:\limewire\LimeWire.exe [2010-2-19 503808]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Raymond^Menu Démarrer^Programmes^Démarrage^Moniteur Fax-Voix.lnk]
    path=c:\documents and settings\Raymond\Menu Démarrer\Programmes\Démarrage\Moniteur Fax-Voix.lnk
    backup=c:\windows\pss\Moniteur Fax-Voix.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    2006-08-11 12:56 17920 ----a-w- c:\windows\CTHELPER.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
    2006-08-11 12:56 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13/04/2008 21:21 78416]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/04/2008 21:21 20560]
    S0 Daemon;Daemon;c:\windows\system32\drivers\daemon.sys --> c:\windows\system32\drivers\daemon.sys [?]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\i:\ntglm7x.sys --> i:\NTGLM7X.sys [?]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22/05/2008 16:24 717296]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    toyylzvo
    .
    Contenu du dossier 'Tâches planifiées'

    2010-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = about:blank
    uInternet Settings,ProxyServer = localhost
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    FF - ProfilePath - c:\documents and settings\Raymond\Application Data\Mozilla\Firefox\Profiles\ak387jrk.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?
    FF - prefs.js: network.proxy.ftp - localhost
    FF - prefs.js: network.proxy.gopher - localhost
    FF - prefs.js: network.proxy.http - localhost
    FF - prefs.js: network.proxy.socks - localhost
    FF - prefs.js: network.proxy.ssl - localhost
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
    FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
    FF - plugin: c:\program files\Picasa2\npPicasa3.dll
    FF - plugin: d:\xavier\Ipod\Ipodd\Mozilla Plugins\npitunes.dll

    ---- PARAMETRES FIREFOX ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    AddRemove-$NtUninstallWTF1012$ - c:\program files\$NtUninstallWTF1012$\elUninstall.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-21 12:36
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    Heure de fin: 2010-08-21 12:38:40
    ComboFix-quarantined-files.txt 2010-08-21 10:38

    Avant-CF: 5 003 202 560 octets libres
    Après-CF: 5 053 050 880 octets libres

    - - End Of File - - 87306FD1B57D306ABD25B969E6426553
    21 Août 2010 23:51:50

    Bonsoir
    A la demande d'Omar, je termine ta désinfection. ;) 

    Télécharge le fichier CFScript en cliquant le lien ci-dessous et met-le sur ton bureau.
    http://www.sendspace.com/file/p2j6en

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Combofix se lance, laisse toi guider..

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    22 Août 2010 12:29:52

    Bonjours, merci de prendre la relève^^


    ComboFix 10-08-21.06 - Raymond 22/08/2010 12:15:02.4.1 - x86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1022.617 [GMT 2:00]
    Lancé depuis: d:\mes documents\Téléchargements\ComboFix.exe
    Commutateurs utilisés :: d:\mes documents\Téléchargements\CFScript.txt
    AV: avast! antivirus 4.8.1229 [VPS 081231-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    FILE ::
    "c:\windows\system32\ulmkyadd.exe"
    "c:\windows\system32\xnfiv.exe"
    "c:\windows\wcdsfv.dll"
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\k6ByrXld.exe
    c:\documents and settings\Raymond\Favoris\PRONOTE, Logiciel de gestion de vie scolaire..url
    c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe
    c:\program files\HP\HP Software Update\HPWuSchd2.exe
    c:\program files\QuickTime\qttask.exe
    c:\tomtom\TomTom HOME 2\HOMERunner.exe
    c:\windows\system32\ulmkyadd.exe
    c:\windows\system32\xnfiv.exe
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At12.job
    c:\windows\Tasks\At13.job
    c:\windows\Tasks\At19.job

    1. <pre>
    2. c:\program files\Fichiers communs\InstallShield\UpdateService\issch .exe --->c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe
    3. c:\program files\HP\HP Software Update\HPWuSchd2 .exe --->c:\program files\HP\HP Software Update\HPWuSchd2.exe
    4. c:\program files\QuickTime\qttask .exe --->c:\program files\QuickTime\qttask.exe
    5. c:\tomtom\TomTom HOME 2\HOMERunner .exe --->c:\tomtom\TomTom HOME 2\HOMERunner.exe
    6. </pre>

    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-07-22 au 2010-08-22 ))))))))))))))))))))))))))))))))))))
    .

    2010-08-22 10:09 . 2010-08-22 10:10 -------- d-----w- c:\documents and settings\Raymond\Application Data\OfferBox
    2010-08-22 10:09 . 2010-08-22 10:09 -------- d-----w- c:\program files\OfferBox
    2010-08-20 19:44 . 2010-08-20 19:44 -------- d--h--w- c:\windows\msdownld.tmp
    2010-08-20 19:42 . 2009-02-20 08:31 81920 ----a-w- c:\windows\system32\ieencode.dll
    2010-08-20 19:42 . 2009-02-20 08:31 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
    2010-08-18 13:08 . 2010-08-20 20:05 -------- d-----w- c:\documents and settings\Raymond\Local Settings\Application Data\Deployment
    2010-08-17 11:01 . 2010-08-17 16:06 -------- d-----w- C:\UsbFix
    2010-08-17 10:54 . 2010-08-17 15:55 -------- d-----w- c:\program files\Ad-Remover
    2010-08-08 17:04 . 2010-08-12 11:12 -------- d-----w- c:\documents and settings\NetworkService\Tracing
    2010-08-08 13:19 . 2004-08-03 21:10 38016 -c--a-w- c:\windows\system32\dllcache\bthmodem.sys
    2010-08-08 13:19 . 2004-08-03 21:10 38016 ----a-w- c:\windows\system32\drivers\bthmodem.sys
    2010-08-06 13:12 . 2010-08-06 13:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Malwarebytes
    2010-08-05 07:45 . 2010-08-10 10:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-08-05 07:45 . 2010-08-05 07:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-08-02 23:12 . 2010-08-02 23:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
    2010-08-02 22:23 . 2010-08-02 22:23 -------- d-----w- c:\program files\iPod
    2010-08-02 22:22 . 2010-08-02 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-08-02 22:18 . 2010-08-02 22:18 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
    2010-08-02 22:13 . 2010-08-02 22:13 -------- d-----w- c:\program files\Apple Software Update
    2010-08-02 22:09 . 2010-08-02 22:09 -------- d-----w- c:\program files\Bonjour
    2010-08-01 12:46 . 2010-08-19 13:56 -------- d-----w- C:\xavier
    2010-08-01 12:10 . 2010-08-01 12:10 69568 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-08-01 12:01 . 2010-08-01 12:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
    2010-08-01 12:01 . 2010-08-20 21:23 -------- d-----w- c:\documents and settings\NetworkService\Application Data\HPAppData
    2010-08-01 12:01 . 2010-08-01 12:01 -------- d-----r- c:\documents and settings\NetworkService\Favoris
    2010-07-30 16:20 . 2010-07-30 16:20 -------- d-----w- c:\documents and settings\Raymond\Application Data\AVS4YOU
    2010-07-30 16:19 . 2010-07-30 20:22 -------- d-----w- c:\program files\Fichiers communs\AVSMedia
    2010-07-30 16:18 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
    2010-07-30 16:18 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
    2010-07-30 16:18 . 2010-08-01 10:35 -------- d-----w- c:\program files\AVS4YOU
    2010-07-30 16:18 . 2010-07-30 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
    2010-07-30 16:18 . 2008-08-13 09:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
    2010-07-28 23:13 . 2010-07-28 23:13 -------- d-----w- c:\documents and settings\Raymond\Local Settings\Application Data\WinAVI
    2010-07-28 10:20 . 2010-07-28 10:20 -------- d-----w- c:\documents and settings\Raymond\Application Data\Apowersoft
    2010-07-25 16:30 . 2010-07-25 16:33 -------- d-----w- c:\documents and settings\Raymond\Application Data\vlc
    2010-07-25 16:29 . 2010-07-25 16:29 -------- d-----w- c:\program files\VideoLAN

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-22 10:20 . 2007-12-23 09:29 -------- d-----w- c:\program files\QuickTime
    2010-08-22 10:15 . 2007-10-19 17:15 -------- d-----w- c:\program files\Picasa2
    2010-08-22 10:15 . 2007-10-18 11:29 -------- d-----w- c:\program files\PestPatrol
    2010-08-22 10:06 . 2010-03-10 18:23 -------- d-----w- c:\documents and settings\Raymond\Application Data\HPAppData
    2010-08-22 10:04 . 2010-08-20 14:12 112 ----a-w- c:\documents and settings\All Users\Application Data\cn1lW7Ms.dat
    2010-08-22 10:00 . 2010-03-03 16:42 -------- d-----w- c:\documents and settings\Raymond\Application Data\LimeWire
    2010-08-21 10:50 . 2001-08-28 10:00 71248 ----a-w- c:\windows\system32\perfc00C.dat
    2010-08-21 10:50 . 2001-08-28 10:00 458230 ----a-w- c:\windows\system32\perfh00C.dat
    2010-08-03 10:54 . 2007-12-23 09:30 -------- d-----w- c:\documents and settings\Raymond\Application Data\Apple Computer
    2010-08-02 22:23 . 2007-12-23 09:29 -------- d-----w- c:\program files\Fichiers communs\Apple
    2010-08-01 12:52 . 2007-10-17 18:06 -------- d-----w- c:\program files\Google
    2010-07-25 16:24 . 2007-10-19 18:57 69568 ----a-w- c:\documents and settings\Raymond\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-07-21 14:30 . 2010-07-21 14:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-08-21_10.36.48 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-08-22 10:00 . 2010-08-22 10:00 16384 c:\windows\Temp\Perflib_Perfdata_64c.dat
    + 2010-08-22 10:00 . 2010-08-22 10:00 16384 c:\windows\Temp\Perflib_Perfdata_54c.dat
    + 2010-04-16 20:12 . 2010-04-16 20:12 48464 c:\windows\system32\sirenacm.dll
    + 2001-08-28 10:00 . 2010-08-21 10:50 58596 c:\windows\system32\perfc009.dat
    - 2001-08-28 10:00 . 2010-08-11 13:43 58596 c:\windows\system32\perfc009.dat
    + 2010-08-21 18:24 . 2010-08-21 18:24 22016 c:\windows\Installer\12b6c0.msi
    + 2010-08-21 18:23 . 2010-08-21 18:23 27136 c:\windows\Installer\12b691.msi
    + 2010-08-21 18:23 . 2010-08-21 18:23 58880 c:\windows\Installer\12b673.msi
    + 2010-08-21 18:23 . 2010-08-21 18:23 61272 c:\windows\Installer\{B3B487E7-6171-4376-9074-B28082CEB504}\IconWlc.exe
    + 2010-08-21 18:24 . 2010-08-21 18:24 58945 c:\windows\Installer\{5DD76286-9BE7-4894-A990-E905E91AC818}\wlmail.exe
    - 2010-03-07 17:16 . 2010-03-07 17:16 58945 c:\windows\Installer\{5DD76286-9BE7-4894-A990-E905E91AC818}\wlmail.exe
    + 2010-08-21 18:24 . 2010-08-21 18:24 80395 c:\windows\Installer\{445B183D-F4F1-45C8-B9DB-F11355CA657B}\MsblIco.Exe
    + 2010-08-22 10:10 . 2010-08-22 10:10 57344 c:\windows\Installer\{2C8574B5-6935-4FCE-860E-F4E8602378FF}\NewShortcut21_959384787AC44F138BCCCA5B34AD4C4A.exe
    + 2010-08-22 10:10 . 2010-08-22 10:10 57344 c:\windows\Installer\{2C8574B5-6935-4FCE-860E-F4E8602378FF}\NewShortcut16_787B0DAD05DC46CC91305506DB2ABE18.exe
    + 2010-08-22 10:10 . 2010-08-22 10:10 57344 c:\windows\Installer\{2C8574B5-6935-4FCE-860E-F4E8602378FF}\NewShortcut11_9F3781393181404B950072B4018B7795.exe
    + 2010-08-22 10:10 . 2010-08-22 10:10 57344 c:\windows\Installer\{2C8574B5-6935-4FCE-860E-F4E8602378FF}\NewShortcut10_DB289C76EE574969ACAC0FCD904E9997.exe
    + 2010-08-22 10:10 . 2010-08-22 10:10 57344 c:\windows\Installer\{2C8574B5-6935-4FCE-860E-F4E8602378FF}\NewShortcut1_CE5B1499B5E045D19091836D8FA3ACAC.exe
    + 2010-08-22 10:09 . 2010-08-22 10:09 53248 c:\windows\Installer\{2C8574B5-6935-4FCE-860E-F4E8602378FF}\ARPPRODUCTICON.exe
    - 2001-08-28 10:00 . 2010-08-11 13:43 392296 c:\windows\system32\perfh009.dat
    + 2001-08-28 10:00 . 2010-08-21 10:50 392296 c:\windows\system32\perfh009.dat
    + 2010-08-21 18:24 . 2010-08-21 18:24 816640 c:\windows\Installer\12b6ef.msi
    + 2010-08-21 18:24 . 2010-08-21 18:24 429056 c:\windows\Installer\12b6b7.msi
    + 2010-08-21 18:23 . 2010-08-21 18:23 149504 c:\windows\Installer\12b684.msi
    + 2010-08-22 10:09 . 2010-08-22 10:09 2193920 c:\windows\Installer\90df3.msi
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}]
    2010-07-21 13:05 135000 ----a-w- c:\program files\OfferBox\OfferBoxBHO.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TomTomHOME.exe"="c:\tomtom\TomTom HOME 2\HOMERunner.exe" [2008-02-18 206184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
    "SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
    "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 110592]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
    "nwiz"="nwiz.exe" [2008-05-03 1630208]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
    "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

    c:\documents and settings\Raymond\Menu D‚marrer\Programmes\D‚marrage\
    LimeWire On Startup.lnk - c:\limewire\LimeWire.exe [2010-2-19 503808]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Raymond^Menu Démarrer^Programmes^Démarrage^Moniteur Fax-Voix.lnk]
    path=c:\documents and settings\Raymond\Menu Démarrer\Programmes\Démarrage\Moniteur Fax-Voix.lnk
    backup=c:\windows\pss\Moniteur Fax-Voix.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    2006-08-11 12:56 17920 ----a-w- c:\windows\CTHELPER.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
    2006-08-11 12:56 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13/04/2008 21:21 78416]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/04/2008 21:21 20560]
    S0 Daemon;Daemon;c:\windows\system32\drivers\daemon.sys --> c:\windows\system32\drivers\daemon.sys [?]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\i:\ntglm7x.sys --> i:\NTGLM7X.sys [?]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22/05/2008 16:24 717296]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contenu du dossier 'Tâches planifiées'

    2010-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = about:blank
    uInternet Settings,ProxyServer = localhost
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    FF - ProfilePath - c:\documents and settings\Raymond\Application Data\Mozilla\Firefox\Profiles\ak387jrk.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?
    FF - prefs.js: network.proxy.ftp - localhost
    FF - prefs.js: network.proxy.gopher - localhost
    FF - prefs.js: network.proxy.http - localhost
    FF - prefs.js: network.proxy.socks - localhost
    FF - prefs.js: network.proxy.ssl - localhost
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
    FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
    FF - plugin: c:\program files\Picasa2\npPicasa3.dll
    FF - plugin: d:\xavier\Ipod\Ipodd\Mozilla Plugins\npitunes.dll

    ---- PARAMETRES FIREFOX ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-iTunesHelper - d:\xavier\Ipod\Ipodd\iTunesHelper.exe
    HKU-Default-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr .exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-22 12:20
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    Heure de fin: 2010-08-22 12:21:50
    ComboFix-quarantined-files.txt 2010-08-22 10:21
    ComboFix2.txt 2010-08-21 10:38

    Avant-CF: 4 767 326 208 octets libres
    Après-CF: 4 829 724 672 octets libres

    - - End Of File - - A8128C1E07C63B2454CE23A5ECC4CA16
    22 Août 2010 17:25:48

    Par contre j'ai eu un petit soucis j'ai pas réussis a trouver le premier log donc j'ai relancé le programme et la voila le log mais y a plus rien comme la première fois j'ai tous supprimé...

    EDIT: j'ai remarqué la présence d'un programme search settings qui est en fait un virus mais je n'arrive pas à l'enlever (panneau de configuration ajout/suppression de programmes " search settings" supprimer) avec cette manip j'ai un message d'erreur qui fait que je ne peut pas le supprimer.
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=f9e691b5f1d94240bbce51c6ce74d428
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-08-22 03:01:18
    # local_time=2010-08-22 05:01:18 (+0100, Paris, Madrid)
    # country="France"
    # lang=1036
    # osver=5.1.2600 NT Service Pack 2
    # compatibility_mode=512 16777215 100 0 15213421 15213421 0 0
    # compatibility_mode=769 16775129 100 96 11304 218776633 51669555 0
    # compatibility_mode=8192 67108863 100 0 6719 6719 0 0
    # scanned=107320
    # found=0
    # cleaned=0
    # scan_time=4605
    22 Août 2010 22:30:41

    re
    Citation :
    j'ai remarqué la présence d'un programme search settings qui est en fait un virus mais je n'arrive pas à l'enlever (panneau de configuration ajout/suppression de programmes " search settings" supprimer) avec cette manip j'ai un message d'erreur qui fait que je ne peut pas le supprimer.

    quel est le message?
    pour moi, ce programme n'est plus sur ton pc...

    22 Août 2010 23:04:25

    Re bonsoir,
    Le message est :
    The feature you are trying to use is on a network ressource that is unvailable.

    Click ok to try again, or enter an alternate path to a folder containing the installation package " 'SearchSettings.msi' " in the box below.

    Use source :
    C:\DOCUME~1\Raymond\LOCALS~1\Temp\_is2D3\

    La je fait ok puis le mess d'erreur est :

    The path "
    C:\DOCUME~1\Raymond\LOCALS~1\Temp\_is2D3\searchsettings.msi" cannot be found.


    22 Août 2010 23:25:22

    re
    c'est bon, c'est propre. ;) 
    d'autres soucis?
    23 Août 2010 09:05:45

    Re, bé si possible j'aimerais bien l'enlever de mon ajout/suppression de programmes si possible ^^
    Et sinon à part ça tous marche nikel !! j'ai fait un petit nettoyage avec Spybot aussi il m'a trouvé quelques problèmes mais depuis le nettoyage avec combofix tous marche nikel !!!!
    24 Août 2010 09:36:48

    re
    vire spybot, il ne trouve rien à part des cookies. (ce sont des fichiers qui s'installent sur ton pc quand tu surfes sur le net)

    on va peaufiner:

    Télécharge SystemLook à partir d'un des liens ci dessous sur ton Bureau.
    Download Mirror:: http://jpshortstuff.247fixes.com/SystemLook.exe
    Download Mirror #2:: http://images.malwareremoval.com/jpshortstuff/SystemLoo...

    * Double-click SystemLook.exe pour le lancer.
    * Clic droit/copier le contenu du cadre ci dessous ,et clic droit/coller dans le cadre blanc de SystemLook:

    :filefind
    SearchSettings.msi


    * Click le bouton Look pour commencer le scan.
    * Copie-colle dans ta prochaine réponse le rapport\contenu du fichier texte qui s'affiche

    Note: Le rapport peut aussi être trouvé sur ton Bureau nommé SystemLook.txt
    24 Août 2010 11:04:39

    Bonjour,

    ok mais spybot me bloque aussi les Spams ^^

    Voici le rapport :

    SystemLook v1.0 by jpshortstuff (11.01.10)
    Log created at 11:00 on 24/08/2010 by Raymond (Administrator - Elevation successful)

    ========== filefind ==========

    Searching for "SearchSettings.msi"
    No files found.

    -=End Of File=-


    Edit :

    https://addons.mozilla.org/en-US/firefox/addon/3239/
    Est ce que tu peut me dire si ce n'est pas une arnaque et si ça marche vraiment s'il te plaît ?? Je cherche en fait un module pour firefox qui modifie l'adresse IP.
    24 Août 2010 18:46:53

    Citation :
    Edit :


    https://addons.mozilla.org/en-US/firefox/addon/3239/
    Est ce que tu peut me dire si ce n'est pas une arnaque et si ça marche vraiment s'il te plaît ?? Je cherche en fait un module pour firefox qui modifie l'adresse IP.

    je ne connais pas . et ça me fait bien rigoler ce genre de tools pour modifier ton ip.
    si tu commets quelque chose d'illicite, tu crois pas que les "forces de l'ordre" ont les moyens de te loger??? :lol: 

    ~Télécharge CCleaner:

    http://www.filehippo.com/download_ccleaner/

    ~Lors de l'installation décoche: "Ajouter la Barre d'Outils Yahoo! Ccleaner"
    Clique sur le bouton nettoyeur, tu fais " lancer le nettoyage "
    Clique sur le bouton erreurs, tu fais "chercher les erreurs ", puis "réparer les erreurs".
    Tuto de CCleaner: (merci à Malekal) .
    http://www.malekal.com/tutorial_CCleaner.html
    24 Août 2010 21:35:14

    Non mais ce n'est pas par rapport aux "forces de l'ordre" en fait sur le site Megavideo pour regarder les vidéos non stop il faut payer sinon il y a une limite de temps puis il faut attendre 50 min... pour passer à coter de ça il faudrait changer son IP ;) 

    Ccleaner je l'ai déjà et j'ai déjà essayer de supprimer la ligne searchsettings mais rien y fait il y est encore et toujours :( 
    25 Août 2010 14:04:10

    Citation :
    Non mais ce n'est pas par rapport aux "forces de l'ordre" en fait sur le site Megavideo pour regarder les vidéos non stop il faut payer sinon il y a une limite de temps puis il faut attendre 50 min... pour passer à coter de ça il faudrait changer son IP

    si tu supprimes tes cookies, ça ne suffit pas?

    Citation :
    Ccleaner je l'ai déjà et j'ai déjà essayer de supprimer la ligne searchsettings mais rien y fait il y est encore et toujours :( 

    il n'y a plus que la ligne, donc ce n'est pas très grave ;) 
    25 Août 2010 15:35:10

    Je ne sais pas je vais essayer ^^ EDIT : j'ai essayé et ça ne marche pas^^
    En tous cas merci à toi et à Omar merci beaucoup !!!

    A par contre un petit service un tous dernier :p 
    Pour supprimer les programmes que j'ai dû utiliser lors de ma désinfection dans leurs totalités sans qu'ils laissent de traces... Est ce que c'est possible ^^ ??
    26 Août 2010 08:59:47

    re
    suis ce tuto:
    http://www.commentcamarche.net/faq/8341-toolscleaner-su...

    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    Lire aussi:
  • Antispyware gratuit : ça sert à rien!


    ~Edite ton premier message et marque [résolu] dans le titre.
    Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.

    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS