Se connecter / S'enregistrer
Votre question

Trojans divers et variés....

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
25 Juin 2010 09:31:46

Bonjour,

Mon micro ne trouve plus le disque dur pour démarrer. et je suis obligée de passer par F8 pour pallier ce problème. :heink: 
D'autre part, il subit une attaque massive de virus, j'ai bitdefender en anti-virus qui ne peut éradiquer ces importuns !.
J'ai fait un scan par hijackthis, mais je ne sais pas lire le contenu...
Accepteriez-vous de m'aider ?
Merci
Voici le scanner
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:23:39, on 25/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Micro Application\LauncherMA.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ke.voila.fr/S/voila?kw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0C5196E2-B858-4157-AB2A-3FB7C275FDCA} - c:\windows\system32\htqhfic.dll (file missing)
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Lanceur.lnk = C:\Program Files\Micro Application\LauncherMA.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Lanceur.lnk = C:\Program Files\Micro Application\LauncherMA.exe (User 'Default user')
O4 - .DEFAULT Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: Lanceur.lnk = C:\Program Files\Micro Application\LauncherMA.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Assistant Smart Wizard NETGEAR pour WG311v3.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.01net.com/telecharger/
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrob...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: cbssreg - C:\Documents and Settings\All Users\Documents\Settings\cbss.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate1ca1d7557e8909e) (gupdate1ca1d7557e8909e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 11047 bytes

Autres pages sur : trojans divers varies

a c 267 8 Sécurité
25 Juin 2010 10:25:22

Bonjour,

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    26 Juin 2010 10:09:23

    Bonjour,

    Merci pour ton aide :bounce: 

    Voici le compte rendu MBAM :

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Version de la base de données: 4052

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    26/06/2010 10:05:57
    mbam-log-2010-06-26 (10-05-57).txt

    Type d'examen: Examen rapide
    Elément(s) analysé(s): 121883
    Temps écoulé: 8 minute(s), 28 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 7
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\Documents and Settings\All Users\Documents\Settings\cbss.dll (Trojan.Agent) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg (Trojan.Agent) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Documents and Settings\françoise\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Documents\Settings\cbss.dll (Trojan.Agent) -> Delete on reboot.
    Contenus similaires
    a c 267 8 Sécurité
    26 Juin 2010 10:25:06

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Télécharge OTL (de OldTimer) sur ton Bureau.
  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.
  • Coche également les cases à côté de Recherche Lop et Recherche Purity.
  • Enfin, clique sur le bouton Analyse. Le scan ne prendra pas beaucoup de temps.
  • Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).

    Pour me transmettre les rapports :
  • Clique sur ce lien : http://www.cijoint.fr/
  • Clique sur Parcourir... et cherche le fichier du rapport que tu souhaites me transmettre.
  • Clique sur Ouvrir.
  • Clique sur Cliquez ici pour déposer le fichier.
  • Un lien de cette forme, hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt, est ajouté dans la page.
  • Copie-colle ce lien dans ta réponse.
    a c 267 8 Sécurité
    26 Juin 2010 15:49:30

  • Télécharge Ad-Remover (de C_XX) sur ton Bureau.
  • Déconnecte-toi et ferme toutes applications en cours.
  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
  • Choisis Nettoyer puis valide.
  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
    26 Juin 2010 18:36:05

    j'ai effectué la manoeuvre que tu m'as demandé, voici le compte-rendu.
    cordialement
    Françoise



    ======= RAPPORT D'AD-REMOVER 2.0.0.1,C | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par C_XX le 23/06/10 à 19:20
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

    C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 18:09:06 le 26/06/2010, Mode normal

    Microsoft Windows XP Édition familiale Service Pack 3 (X86)
    françoise@PONCHON-CBEEFAD ( )

    ============== ACTION(S) ==============


    0,Dossier supprimé: C:\Documents and Settings\All Users\Application Data\GamesBar
    0,Dossier supprimé: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\GamesBar
    0,Dossier supprimé: C:\Program Files\GamesBar
    0,Dossier supprimé: C:\Program Files\IEToolbar
    0,Dossier supprimé: C:\Documents and Settings\françoise\Application Data\iWin

    (!) -- Fichiers temporaires supprimés.


    1,Clé supprimée: HKLM\Software\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
    1,Clé supprimée: HKLM\Software\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
    1,Clé supprimée: HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
    1,Clé supprimée: HKLM\Software\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
    1,Clé supprimée: HKLM\Software\Classes\TypeLib\{338BFB9A-EA66-7554-FB44-DF75BA3936AC}
    1,Clé supprimée: HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
    1,Clé supprimée: HKLM\Software\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
    0,Clé supprimée: HKLM\Software\Classes\ComObject.DeskbarEnabler
    0,Clé supprimée: HKLM\Software\Classes\ComObject.DeskbarEnabler.1
    0,Clé supprimée: HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook
    0,Clé supprimée: HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1
    0,Clé supprimée: HKLM\Software\AskBarDis
    0,Clé supprimée: HKLM\Software\Conduit
    0,Clé supprimée: HKLM\Software\GamesBar
    0,Clé supprimée: HKLM\Software\GamesBarSetup
    0,Clé supprimée: HKLM\Software\PopCap
    0,Clé supprimée: HKLM\Software\AppDataLow\AskBarDis
    0,Clé supprimée: HKCU\Software\GamesBar
    0,Clé supprimée: HKCU\Software\PopCap
    0,Clé supprimée: HKCU\Software\AppDataLow\AskBarDis
    0,Clé supprimée: HKCU\Software\AppDataLow\fbebe224-93af-324e-3d79-ac11683e94b7
    3,Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    0,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealAssistant
    0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gamesbar


    ============== SCAN ADDITIONNEL ==============

    ** Internet Explorer Version [8.0.6001.18702] **

    [HKCU\Software\Microsoft\Internet Explorer\Main]
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    Use Custom Search URL: 1
    Use Search Asst: no

    [HKLM\Software\Microsoft\Internet Explorer\Main]
    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/

    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 66 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 26/06/2010 (2514 Octet(s))

    Fin à: 18:18:55, 26/06/2010

    ============== E.O.F ==============
    a c 267 8 Sécurité
    27 Juin 2010 03:22:59

  • Relance Ad-Remover et choisis Désinstaller.

  • Mets à jour Java.

  • Refais un scan OTL et poste le rapport OTL.
    27 Juin 2010 08:28:33

    Bonjour,

    Voici le rapport OTL

    Bonne journée,

    OTL logfile created on: 27/06/2010 08:22:29 - Run 2
    OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\françoise\Bureau
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
    3,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232,88 Gb Total Space | 118,80 Gb Free Space | 51,01% Space Free | Partition Type: NTFS
    Drive D: | 609,27 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
    Drive E: | 180,29 Gb Total Space | 3,51 Gb Free Space | 1,95% Space Free | Partition Type: NTFS
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: PONCHON-CBEEFAD
    Current User Name: françoise
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\françoise\Bureau\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    PRC - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
    PRC - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.)
    PRC - C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
    PRC - C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe ()
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
    PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe (Canal+ Active)
    PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
    PRC - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
    PRC - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
    PRC - C:\Program Files\Micro Application\LauncherMA.exe (Micro Application)
    PRC - C:\Program Files\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
    PRC - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
    PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\slserv.exe (Smart Link)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)
    PRC - C:\WINDOWS\system32\lxddcoms.exe ( )


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\françoise\Bureau\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (LIVESRV) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
    SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.)
    SRV - (scan) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
    SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
    SRV - (CanalPlus.VOD) -- C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe (Canal+ Active)
    SRV - (maconfservice) -- C:\Program Files\ma-config.com\maconfservice.exe (CybelSoft)
    SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
    SRV - (wlidsvc) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
    SRV - (Arrakis3) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe ()
    SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
    SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
    SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe (Smart Link)
    SRV - (FTRTSVC) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)
    SRV - (lxdd_device) -- C:\WINDOWS\System32\lxddcoms.exe ( )
    SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (bdftdif) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
    DRV - (driverhardwarev2) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (CybelSoft)
    DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
    DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
    DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
    DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
    DRV - (Trufos) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)
    DRV - (BDSelfPr) -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender S.R.L.)
    DRV - (bdfsfltr) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
    DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
    DRV - (Profos) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys ()
    DRV - (Cap7134) -- C:\WINDOWS\system32\drivers\vm7133.sys (VidzMedia Pte Ltd)
    DRV - (vmPhTune) MonsterTV TV Tuner (Combined) -- C:\WINDOWS\system32\drivers\vmPhTune.sys (VidzMedia Pte. Ltd.)
    DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
    DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH)
    DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\wg111v3.sys (Realtek Semiconductor Corporation )
    DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation)
    DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI Corporation)
    DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation)
    DRV - (PCANDIS5) -- C:\WINDOWS\system32\pcandis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys (Smart Link)
    DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Smart Link)
    DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys (Smart Link)
    DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys (Smart Link)
    DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys (Smart Link)
    DRV - (RecAgent) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys (Smart Link)
    DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys (Smart Link)
    DRV - (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
    DRV - (P0630VID) -- C:\WINDOWS\system32\drivers\P0630Vid.sys (Creative Technology Ltd.)
    DRV - (PCAMPR5) -- C:\WINDOWS\system32\pcampr5.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C F8 39 CE 49 17 CA 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F1 1C 24 01 2F A6 F3 4B A9 C6 8D 97 A5 82 90 72 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/08/22 07:21:56 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ [2010/02/06 18:36:37 | 000,000,000 | ---D | M]

    [2009/06/15 21:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Mozilla\Firefox\extensions
    [2009/06/15 21:36:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\françoise\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    [2010/02/09 00:45:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/02/06 18:34:21 | 000,065,536 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FFComm.dll
    [2009/10/26 16:53:52 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

    O1 HOSTS File: ([2006/03/02 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: () - {0C5196E2-B858-4157-AB2A-3FB7C275FDCA} - C:\WINDOWS\System32\htqhfic.dll File not found
    O2 - BHO: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
    O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
    O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
    O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
    O4 - HKLM..\Run: [LXDDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.DLL (Lexmark International, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [UserFaultCheck] File not found
    O4 - HKCU..\Run: [fsm] File not found
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Assistant Smart Wizard NETGEAR pour WG311v3.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\françoise\Menu Démarrer\Programmes\Démarrage\Lanceur.lnk = C:\Program Files\Micro Application\LauncherMA.exe (Micro Application)
    O4 - Startup: C:\Documents and Settings\françoise\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O9 - Extra Button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/direc... (Shockwave ActiveX Control)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_... (HardwareDetection Control)
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} https://static.impots.gouv.fr/tdir/static/adpform/AdSig... (AdVerifierADPCtrl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrob... (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/05/26 14:04:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2003/03/18 20:57:14 | 000,000,000 | R--D | M] - D:\Autoplay -- [ CDFS ]
    O32 - AutoRun File - [2002/04/05 00:03:26 | 000,000,058 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/06/26 23:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Cybertek Games
    [2010/06/26 15:20:57 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\françoise\Bureau\OTL.exe
    [2010/06/22 22:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
    [2010/06/20 11:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\françoise\Application Data\Enki Games
    [2010/06/20 11:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\françoise\Application Data\Game Mill Entertainment
    [2010/06/19 16:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\françoise\Application Data\Jetdogs Studios
    [2010/06/18 19:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\françoise\Application Data\Zylomv1001
    [2010/06/17 09:47:50 | 000,207,952 | ---- | C] (Big Fish Games) -- C:\Documents and Settings\françoise\Bureau\bigfishgames_p75345593_s5_l4.exe
    [2010/06/15 22:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\françoise\Application Data\ChaYoWo Games
    [2010/06/14 08:52:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\Settings
    [2010/06/14 02:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/06/14 01:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/06/14 00:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\LeeGTs Games
    [2010/06/14 00:40:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\françoise\Application Data\SevenSails
    [2010/06/14 00:39:03 | 000,000,000 | ---D | C] -- C:\games
    [2010/06/13 23:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\françoise\Application Data\Floodlight Games
    [2010/06/13 23:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
    [2010/06/12 23:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\françoise\Application Data\Skunk Studios
    [2010/06/12 22:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\françoise\Application Data\OpenOffice.org
    [2010/06/11 17:06:34 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
    [2010/06/10 23:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
    [2010/06/10 23:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
    [2010/06/10 23:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/06/10 23:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Java
    [2010/06/10 23:44:43 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2010/06/10 23:44:42 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2010/06/10 23:44:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2010/06/10 23:44:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2010/06/10 23:41:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\françoise\Bureau\OpenOffice.org 3.2 (fr) Installation Files
    [2010/06/10 13:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fenomen Games
    [2010/06/09 19:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\Games
    [2010/06/09 17:24:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\françoise\Application Data\VendelGAMES
    [2010/06/09 10:00:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\françoise\Recent
    [2010/06/09 09:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\Texas Holdem Poker 3D Deluxe Edition DeLEGiON
    [2010/06/07 18:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\françoise\Application Data\Magic3
    [2010/06/07 15:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AlawarWrapper
    [2010/06/07 11:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
    [2010/06/07 09:29:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\françoise\Application Data\DarkParablesBriarRose_BFG
    [2010/06/05 03:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2010/06/05 00:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
    [2010/06/04 23:47:08 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
    [2010/06/04 23:46:14 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
    [2009/05/26 20:20:03 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
    [2009/05/26 20:20:03 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
    [2009/05/26 20:20:02 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
    [2009/05/26 20:20:01 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
    [2009/05/26 20:20:00 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
    [2009/05/26 20:19:58 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
    [2009/05/26 20:19:58 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
    [2009/05/26 20:19:58 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
    [2009/05/26 20:19:57 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
    [2009/05/26 20:19:55 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
    [2009/05/26 20:19:50 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
    [2009/05/26 20:19:50 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/06/27 08:21:00 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/06/27 08:08:43 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6F676067-6626-4663-B0B5-512A9B8929AA}.job
    [2010/06/27 08:05:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2010/06/27 08:04:53 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/06/27 08:04:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/06/27 08:04:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/06/27 01:02:16 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\françoise\NTUSER.DAT
    [2010/06/27 01:02:16 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\françoise\ntuser.ini
    [2010/06/26 23:52:44 | 000,002,412 | ---- | M] () -- C:\Documents and Settings\françoise\Bureau\Dream Chronicles - The Book of Air Collector's Edition.lnk
    [2010/06/26 18:57:49 | 000,001,228 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Encore plus de jeux.lnk
    [2010/06/26 18:19:41 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
    [2010/06/26 15:20:58 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\françoise\Bureau\OTL.exe
    [2010/06/26 07:58:10 | 002,114,336 | -H-- | M] () -- C:\Documents and Settings\françoise\Local Settings\Application Data\IconCache.db
    [2010/06/25 22:41:53 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\françoise\Bureau\Blood Oath.lnk
    [2010/06/25 21:41:30 | 000,000,054 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
    [2010/06/25 21:41:30 | 000,000,016 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
    [2010/06/24 21:46:33 | 000,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/06/23 18:19:03 | 000,001,081 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Bookworm Adventures Deluxe.lnk
    [2010/06/23 18:19:03 | 000,000,194 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Plus de Grands Jeux!.url
    [2010/06/23 00:46:34 | 000,001,218 | ---- | M] () -- C:\Documents and Settings\françoise\Bureau\Raccourci vers BWASetup-fr.exe.lnk
    [2010/06/22 12:10:44 | 000,007,334 | ---- | M] () -- C:\Documents and Settings\françoise\Bureau\Bookworm Adventures deluxe[www.unlimited-tracker.net].torrent
    [2010/06/22 11:04:55 | 000,013,360 | ---- | M] () -- C:\Documents and Settings\françoise\Bureau\demande extrait naissance.pdf
    [2010/06/21 20:41:13 | 000,009,103 | ---- | M] () -- C:\Documents and Settings\françoise\Bureau\déclaration 2010.pdf
    [2010/06/18 19:02:20 | 000,001,189 | ---- | M] () -- C:\Documents and Settings\françoise\Bureau\Mystery P.I. - The London Caper Deluxe.lnk
    [2010/06/17 17:16:13 | 000,039,162 | ---- | M] () -- C:\Documents and Settings\françoise\Bureau\soluce Atlantis 4.odt
    [2010/06/17 14:53:29 | 000,001,768 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Jouer à Atlantis Evolution.lnk
    [2010/06/17 09:47:52 | 000,207,952 | ---- | M] (Big Fish Games) -- C:\Documents and Settings\françoise\Bureau\bigfishgames_p75345593_s5_l4.exe
    [2010/06/17 07:14:45 | 000,000,450 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
    [2010/06/16 19:35:46 | 000,001,452 | ---- | M] () -- C:\Documents and Settings\françoise\Bureau\Raccourci vers LostLagoonSurLesTracesDuDestin.exe.lnk
    [2010/06/15 16:27:58 | 000,024,789 | ---- | M] () -- C:\Documents and Settings\françoise\Bureau\The.Dark.Hills.of.Cherai[www.unlimited-tracker.net].torrent
    [2010/06/15 16:23:58 | 000,020,573 | ---- | M] () -- C:\Documents and Settings\françoise\Bureau\Art of Mulder[www.unlimited-tracker.net].torrent
    [2010/06/15 15:41:11 | 000,017,260 | ---- | M] () -- C:\Documents and Settings\françoise\Bureau\La.Lagune.Perdue.Sur.Les.Traces.Du.Destin[www.unlimited-tracker.net].torrent
    [2010/06/14 17:13:17 | 000,405,504 | ---- | M] () -- C:\Documents and Settings\françoise\Bureau\Annexe 1_Questionnaire AuvergneEnquête QS 2010.doc
    [2010/06/14 17:11:34 | 000,258,048 | ---- | M] () -- C:\Documents and Settings\françoise\Bureau\cahier des clausesparticulièrs Auvergne enquete2010_06052010-CMP.doc
    [2010/06/14 17:11:12 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\françoise\Bureau\Récap questions supplémentaires OLS 2010.xls
    [2010/06/14 17:03:51 | 003,939,840 | ---- | M] () -- C:\Documents and Settings\françoise\Bureau\yoga.doc
    [2010/06/14 00:47:17 | 000,001,355 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Midnight Mysteries 2 - Salem Witch Trials.lnk
    [2010/06/13 23:50:18 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\françoise\Bureau\Special Enquiry Detail The Hand that Feeds.lnk
    [2010/06/12 22:25:10 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\françoise\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.2.lnk
    [2010/06/12 08:27:54 | 000,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/06/12 01:18:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/06/12 01:12:08 | 001,117,194 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/06/12 01:12:08 | 000,535,550 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
    [2010/06/12 01:12:08 | 000,443,724 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/06/12 01:12:08 | 000,094,956 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
    [2010/06/12 01:12:08 | 000,071,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/06/11 08:51:32 | 000,001,157 | ---- | M] () -- C:\Documents and Settings\françoise\Bureau\Raccourci vers LampOfAladdin.exe.lnk
    [2010/06/11 07:25:30 | 000,074,632 | ---- | M] () -- C:\Documents and Settings\françoise\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/06/10 23:47:42 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\OpenOffice.org 3.2.lnk
    [2010/06/10 23:44:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2010/06/10 23:44:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2010/06/10 23:44:18 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2010/06/10 23:44:17 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2010/06/10 23:44:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
    [2010/06/09 19:17:05 | 000,002,314 | ---- | M] () -- C:\Documents and Settings\françoise\Bureau\Strange Cases The Lighthouse Mystery.lnk
    [2010/06/09 17:38:03 | 000,001,258 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\More Great Games.lnk
    [2010/06/07 09:12:34 | 000,001,596 | ---- | M] () -- C:\Documents and Settings\françoise\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
    [2010/06/07 09:12:34 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Game Manager.lnk
    [2010/06/07 08:54:42 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
    [2010/06/06 23:08:03 | 000,001,046 | ---- | M] () -- C:\Documents and Settings\françoise\Bureau\Raccourci vers AoM.exe.lnk
    [2010/06/06 07:11:50 | 000,205,022 | ---- | M] () -- C:\Documents and Settings\françoise\Mes documents\cc_20100606_071137.reg
    [2010/06/05 21:52:37 | 000,000,613 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/06/05 09:11:04 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Choix de navigateur .lnk
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/06/26 23:52:44 | 000,002,412 | ---- | C] () -- C:\Documents and Settings\françoise\Bureau\Dream Chronicles - The Book of Air Collector's Edition.lnk
    [2010/06/26 18:57:49 | 000,001,228 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Encore plus de jeux.lnk
    [2010/06/25 22:41:53 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\françoise\Bureau\Blood Oath.lnk
    [2010/06/24 21:48:44 | 000,002,654 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\0C5196E2-B858-4157-AB2A-3FB7C275FDCA.txt
    [2010/06/23 17:26:27 | 000,003,490 | ---- | C] () -- C:\Documents and Settings\françoise\Local Settings\Application Data\0C5196E2-B858-4157-AB2A-3FB7C275FDCA.txt
    [2010/06/23 00:46:34 | 000,001,218 | ---- | C] () -- C:\Documents and Settings\françoise\Bureau\Raccourci vers BWASetup-fr.exe.lnk
    [2010/06/22 22:19:00 | 000,001,081 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Bookworm Adventures Deluxe.lnk
    [2010/06/22 22:19:00 | 000,000,194 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Plus de Grands Jeux!.url
    [2010/06/22 22:18:56 | 000,000,054 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
    [2010/06/22 22:18:56 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
    [2010/06/22 12:10:44 | 000,007,334 | ---- | C] () -- C:\Documents and Settings\françoise\Bureau\Bookworm Adventures deluxe[www.unlimited-tracker.net].torrent
    [2010/06/22 11:04:55 | 000,013,360 | ---- | C] () -- C:\Documents and Settings\françoise\Bureau\demande extrait naissance.pdf
    [2010/06/21 20:41:13 | 000,009,103 | ---- | C] () -- C:\Documents and Settings\françoise\Bureau\déclaration 2010.pdf
    [2010/06/18 19:02:19 | 000,001,189 | ---- | C] () -- C:\Documents and Settings\françoise\Bureau\Mystery P.I. - The London Caper Deluxe.lnk
    [2010/06/17 17:16:12 | 000,039,162 | ---- | C] () -- C:\Documents and Settings\françoise\Bureau\soluce Atlantis 4.odt
    [2010/06/17 14:53:29 | 000,001,768 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Jouer à Atlantis Evolution.lnk
    [2010/06/16 19:35:46 | 000,001,452 | ---- | C] () -- C:\Documents and Settings\françoise\Bureau\Raccourci vers LostLagoonSurLesTracesDuDestin.exe.lnk
    [2010/06/15 16:27:58 | 000,024,789 | ---- | C] () -- C:\Documents and Settings\françoise\Bureau\The.Dark.Hills.of.Cherai[www.unlimited-tracker.net].torrent
    [2010/06/15 16:23:57 | 000,020,573 | ---- | C] () -- C:\Documents and Settings\françoise\Bureau\Art of Mulder[www.unlimited-tracker.net].torrent
    [2010/06/15 15:41:09 | 000,017,260 | ---- | C] () -- C:\Documents and Settings\françoise\Bureau\La.Lagune.Perdue.Sur.Les.Traces.Du.Destin[www.unlimited-tracker.net].torrent
    [2010/06/14 17:13:16 | 000,405,504 | ---- | C] () -- C:\Documents and Settings\françoise\Bureau\Annexe 1_Questionnaire AuvergneEnquête QS 2010.doc
    [2010/06/14 17:11:33 | 000,258,048 | ---- | C] () -- C:\Documents and Settings\françoise\Bureau\cahier des clausesparticulièrs Auvergne enquete2010_06052010-CMP.doc
    [2010/06/14 17:11:09 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\françoise\Bureau\Récap questions supplémentaires OLS 2010.xls
    [2010/06/14 17:03:48 | 003,939,840 | ---- | C] () -- C:\Documents and Settings\françoise\Bureau\yoga.doc
    [2010/06/14 00:47:17 | 000,001,355 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Midnight Mysteries 2 - Salem Witch Trials.lnk
    [2010/06/13 23:50:18 | 000,001,945 | ---- | C] () -- C:\Documents and Settings\françoise\Bureau\Special Enquiry Detail The Hand that Feeds.lnk
    [2010/06/12 22:25:10 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\françoise\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.2.lnk
    [2010/06/12 01:13:20 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2010/06/11 08:51:32 | 000,001,157 | ---- | C] () -- C:\Documents and Settings\françoise\Bureau\Raccourci vers LampOfAladdin.exe.lnk
    [2010/06/10 23:47:42 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\OpenOffice.org 3.2.lnk
    [2010/06/09 19:17:05 | 000,002,314 | ---- | C] () -- C:\Documents and Settings\françoise\Bureau\Strange Cases The Lighthouse Mystery.lnk
    [2010/06/09 17:38:03 | 000,001,258 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\More Great Games.lnk
    [2010/06/06 23:08:03 | 000,001,046 | ---- | C] () -- C:\Documents and Settings\françoise\Bureau\Raccourci vers AoM.exe.lnk
    [2010/06/06 07:11:42 | 000,205,022 | ---- | C] () -- C:\Documents and Settings\françoise\Mes documents\cc_20100606_071137.reg
    [2010/06/05 09:11:04 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Choix de navigateur .lnk
    [2009/11/06 18:22:29 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
    [2009/10/05 06:52:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhantomOfVenice.INI
    [2009/10/04 18:32:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
    [2009/07/27 22:40:49 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
    [2009/07/27 22:40:49 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
    [2009/07/27 20:44:20 | 000,000,174 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
    [2009/07/14 08:29:21 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
    [2009/07/14 08:29:21 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
    [2009/05/29 12:18:44 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
    [2009/05/29 12:18:44 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
    [2009/05/29 08:37:24 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
    [2009/05/26 20:31:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
    [2009/05/26 20:31:47 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
    [2009/05/26 20:31:15 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
    [2009/05/26 20:31:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
    [2009/05/26 20:31:14 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
    [2009/05/26 20:30:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
    [2009/05/26 20:30:47 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
    [2009/05/26 20:30:27 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
    [2009/05/26 20:30:27 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
    [2009/05/26 20:22:14 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
    [2009/05/26 20:20:04 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
    [2009/05/26 20:19:54 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
    [2009/05/26 18:54:58 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/05/26 17:00:33 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
    [2008/10/09 17:31:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
    [2008/08/04 13:56:27 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2008/08/04 13:56:27 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2008/08/04 13:56:27 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2008/05/26 22:23:32 | 000,016,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2008/05/26 22:23:30 | 000,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2008/05/26 22:23:28 | 000,016,036 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2007/01/31 15:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
    [2004/12/20 12:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2004/12/20 12:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2002/12/14 23:46:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll
    [2002/12/14 23:46:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
    [2002/12/14 23:46:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
    [2002/12/14 22:46:04 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
    [2002/11/15 14:11:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll

    ========== LOP Check ==========

    [2009/11/27 11:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
    [2010/06/08 15:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
    [2009/05/27 23:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2010/02/06 16:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
    [2010/01/24 10:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
    [2009/07/22 18:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
    [2009/05/29 12:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BSD Concept
    [2009/06/12 08:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2009/06/10 22:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ERS G-Studio
    [2010/01/15 21:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum2
    [2009/08/08 08:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
    [2010/06/10 13:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fenomen Games
    [2010/01/22 19:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
    [2010/06/13 23:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
    [2009/08/23 11:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
    [2009/08/23 20:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GAMESHASTRA
    [2009/07/23 08:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameXzone
    [2010/06/26 20:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
    [2009/10/15 18:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HideAndSecret3
    [2009/08/26 19:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HoverBee Studios
    [2010/06/16 19:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
    [2009/12/24 20:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
    [2009/11/17 20:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
    [2010/06/25 22:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
    [2009/11/02 20:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Micro Application
    [2010/06/14 00:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
    [2009/12/10 22:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
    [2010/06/26 23:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
    [2009/08/15 08:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
    [2010/02/12 19:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
    [2009/10/17 09:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
    [2009/09/05 22:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
    [2009/07/25 22:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Product
    [2009/07/25 22:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickClick
    [2009/10/01 17:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
    [2010/06/09 18:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
    [2009/12/22 00:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tages
    [2010/06/26 23:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/02/07 21:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Mirror Mysteries
    [2009/06/12 23:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
    [2009/06/20 08:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Anuman Interactive
    [2009/06/03 17:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Artogon
    [2009/12/18 20:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Awem
    [2009/09/07 23:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Azureus
    [2009/09/07 22:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Big Fish Games
    [2010/02/06 17:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\BitDefender
    [2010/01/24 10:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\blg
    [2009/07/14 08:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\BrandX Games
    [2009/09/20 22:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\BSD Concept
    [2010/01/30 07:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Cat's Eye Games
    [2010/06/15 22:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\ChaYoWo Games
    [2009/08/24 20:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Coyotes Tale
    [2009/06/12 08:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\DAEMON Tools Lite
    [2009/06/15 20:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\DAEMON Tools Pro
    [2010/06/07 09:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\DarkParablesBriarRose_BFG
    [2009/12/16 13:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Dekovir
    [2010/02/13 23:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\ElementalsTheMagicKey
    [2010/06/20 11:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Enki Games
    [2009/08/20 17:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Enlightenus
    [2009/08/01 08:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\ErrorExpert
    [2009/11/07 12:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\ERS G-Studio
    [2010/01/22 19:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Flood Light Games
    [2010/06/13 23:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Floodlight Games
    [2010/02/02 16:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Friday's games
    [2010/06/20 11:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Game Mill Entertainment
    [2009/12/30 17:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\GameHousev1002
    [2009/10/25 13:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Gamenauts
    [2009/10/25 17:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Games
    [2009/08/23 20:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\GAMESHASTRA
    [2009/07/12 18:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Gold Casual Games
    [2009/10/21 15:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\HdO Adventure
    [2009/09/09 19:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\HiT-MM
    [2009/09/13 08:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\IronCode
    [2010/06/19 16:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Jetdogs Studios
    [2009/11/20 19:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Lazy Turtle Games
    [2009/06/21 09:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Lexmark Imaging Studio
    [2009/11/01 11:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\LimeWire
    [2009/08/08 10:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Lost in the City
    [2009/11/13 21:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\MA
    [2009/07/21 19:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Magic Academy
    [2010/02/19 20:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Magic Academy 2
    [2010/06/07 18:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Magic3
    [2009/06/07 09:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Meridian93
    [2010/06/25 22:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Merscom
    [2009/11/19 13:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\MysteryStudio
    [2010/06/12 22:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\OpenOffice.org
    [2010/01/17 00:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Peace Craft
    [2009/11/24 01:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Ph03nixNewMedia
    [2010/06/26 23:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\PlayFirst
    [2010/02/03 05:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Playrix Entertainment
    [2009/10/17 09:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\PoBros
    [2009/06/24 06:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\ProtectDisc
    [2009/07/27 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Samsung
    [2009/05/27 15:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\SerpentOfIsis
    [2010/06/14 00:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\SevenSails
    [2009/11/07 10:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\she_is_a_shadow
    [2009/07/05 15:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\simon4
    [2010/06/12 23:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Skunk Studios
    [2009/10/11 20:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Software Informer
    [2009/07/13 07:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\SpinTop Games
    [2010/06/09 18:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\SulusGames
    [2009/08/07 10:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\System Tweaker
    [2009/12/29 21:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\TikisLab
    [2009/08/29 11:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\TMInc
    [2009/08/26 19:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Total Eclipse
    [2009/10/28 00:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Twintale Entertainment
    [2009/06/24 21:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Uniblue
    [2010/06/27 08:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\uTorrent
    [2009/08/15 08:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\V-Games
    [2009/12/05 21:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\VampireSaga
    [2010/06/09 17:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\VendelGAMES
    [2009/09/20 08:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Windows Desktop Search
    [2009/09/23 20:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Windows Search
    [2009/07/05 07:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\YoudaGames
    [2010/06/18 19:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Zylom
    [2009/09/27 09:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Zylom 3 Days Zoo Mystery
    [2010/06/18 19:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\françoise\Application Data\Zylomv1001
    [2010/06/27 08:08:43 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6F676067-6626-4663-B0B5-512A9B8929AA}.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 234 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69AF9D20
    @Alternate Data Stream - 233 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
    @Alternate Data Stream - 233 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E895790F
    @Alternate Data Stream - 233 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A58B27C9
    @Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EDC744FB
    @Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE
    @Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEED3F26
    @Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6425A235
    @Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D844EEF
    @Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:700B9342
    @Alternate Data Stream - 225 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FD496E1
    @Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B
    @Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F268D9
    @Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:596E2371
    @Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A828DAE
    @Alternate Data Stream - 220 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A60D0FA6
    @Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8384DB6
    @Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B
    @Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FFC2819
    @Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B845F669
    @Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B1EA607
    @Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:163CAB5A
    @Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FED25C29
    @Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2495D97A
    @Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D 4C72290
    @Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92A815D8
    @Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FCB9D0D
    @Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EF1AD34
    @Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B7E2022
    @Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC2D0F32
    @Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E76E7F3
    @Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB71BBA2
    @Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3CEEC4C
    @Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55818279
    @Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:737160C1
    @Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D 92485C9
    @Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BFB769D
    @Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7881FECE
    @Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A
    @Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:270A3983
    @Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF76F21
    @Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
    @Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B2B96C
    @Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F
    @Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECFD9449
    @Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D 48500F8
    @Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5197985B
    @Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A936202
    @Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8E82994
    @Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12D2EB9C
    @Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BC73C48
    @Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECCE99EF
    @Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DF68137
    @Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D AB09BDB
    @Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DEE6B65
    @Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDD78BE5
    @Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD9109D4
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA10407C
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8944C195
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:488F7244
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DAD93FF
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F0B6A5A
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:190B5C6B
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED51D3ED
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5025C6E4
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C928F3BE
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6017A808
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5345C8F6
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D FC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D 1B5B4F1
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2381A4
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0ED4AC2F
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F3AD49
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:627B7F7C
    < End of report >
    a c 267 8 Sécurité
    27 Juin 2010 08:54:41

    Comment va le PC ?

  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant (entre les deux espaces) :

    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: () - {0C5196E2-B858-4157-AB2A-3FB7C275FDCA} - C:\WINDOWS\System32\htqhfic.dll File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Java Plug-in 1.6.0_18)

    :commands
    [emptytemp]
    [reboot]

  • Puis clique sur le bouton Correction en haut de la fenêtre.
  • Laisse le programme travailler, redémarre une fois le fix terminé.
  • Poste le rapport qui s'affichera après redémarrage.
    27 Juin 2010 11:14:17

    Le PC ne va pas trop mal, ma foi, plus de fenêtres intempestives notifiant des troyans. Par contre des fenêtres de sites s'ouvrent toutes seules sous internet ou je fais une recherche par google, je clique sur le lien qui m'intéresse et me retrouve connectée à Ebay, alors qu'il n'y a aucun rapport :heink: 
    Bon dimanche !

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C5196E2-B858-4157-AB2A-3FB7C275FDCA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C5196E2-B858-4157-AB2A-3FB7C275FDCA}\ deleted successfully.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 41044 bytes

    User: françoise
    ->Temp folder emptied: 10729492 bytes
    ->Temporary Internet Files folder emptied: 12261943 bytes
    ->Java cache emptied: 494688 bytes
    ->Google Chrome cache emptied: 190536005 bytes
    ->Flash cache emptied: 5855 bytes

    User: fran�oise

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 1629297 bytes
    ->Flash cache emptied: 2132 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 9305510 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 39112129 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 4699375 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 256,00 mb


    OTL by OldTimer - Version 3.2.7.0 log created on 06272010_105930

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\françoise\Local Settings\Temp\Perflib_Perfdata_c70.dat not found!

    Registry entries deleted on Reboot...
    a c 267 8 Sécurité
    27 Juin 2010 12:03:51

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    27 Juin 2010 16:48:38

    J'ai téléchargé Combofix, j'ai lancé l'application, j'ai installé la console de récupération, le scan semble s'être bien effectué, par contre, je n'ai ni vu ni trouvé de rapport combofix.txt !
    J'ai refait 3 fois la démaeche sans meilleur résultat ! :??: 
    a c 267 8 Sécurité
    27 Juin 2010 16:56:55

    Des changements ?
    27 Juin 2010 17:23:09

    Rien de probant... toujours de pages parasites et surtout une lenteur d'internet que je n'avais pas.
    Par exemple, il y a un période "tampon" de 5 secondes entre la saisie de mon message sur le clavier et son apparition sur l'écran !
    a c 267 8 Sécurité
    27 Juin 2010 17:26:26

    Et si tu désactives l'antivirus, ça change quelque chose ?
    27 Juin 2010 17:56:43

    J'ai laissé l'antivirus et le pare feu désactivés pour ne pas qu'il interfère, justement !
    28 Juin 2010 12:06:05

    Bo,jour,

    Ce matin, j'ai réactivé BitDefender et, oh surprise, un message d'alerte :cry:  :cry :

    Rootkit.Patched.TDSS.GEN.

    Que puis-je faire ?
    J'ai lancé une analyse par mon antivirus résultat négatif !!
    C'est trop injuste !! :D 
    Cordialement
    a c 267 8 Sécurité
    30 Juin 2010 17:51:19

    Il détecte quel fichier précisément ?
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS