Votre question

[Résolu] Infecté par un trojan dropper

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
3 Août 2009 16:05:34

bonjour,

je suis actuellement infecté par un trojan dropper.


Que dois-je faire ? Merci d'avance.

Autres pages sur : resolu infecte trojan dropper

a c 333 8 Sécurité
3 Août 2009 16:35:57

Bonjour,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    3 Août 2009 18:04:43

    je vous poste les rapports :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by denis at 2009-08-03 17:53:29
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 5 GB (4%) free of 131 GB
    Total RAM: 1023 MB (37% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:53:36, on 03/08/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\denis\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\denis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
    O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKCU\..\Run: [E06FXLRD_92935046] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [symws] C:\WINDOWS\defragnt.exe
    O4 - HKLM\..\Policies\Explorer\Run: [Joomlab] C:\WINDOWS\defragnt.exe
    O4 - HKCU\..\Policies\Explorer\Run: [Joomlab] C:\WINDOWS\defragnt.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\denis\Application Data\Dealio\kb127\res\DealioSearch.html
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
    O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CS2\Services\Tcpip\..\{02FA14D5-68BF-4D7A-AF4A-98C27BBF4CF9}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS3\Services\Tcpip\..\{02FA14D5-68BF-4D7A-AF4A-98C27BBF4CF9}: NameServer = 192.168.1.1
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 8693 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\HPpromotions journeysoftware.job
    C:\WINDOWS\tasks\Microsoft_Hardware_Launch_LifeExp_exe.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
    DealioBHO Class - C:\Program Files\Dealio\kb127\Dealio.dll [2008-05-26 3170144]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{955BE0B8-BC85-4CAF-856E-8E0D8B610560}]
    BHO pour Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-04 228048]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
    SearchSettings Class - C:\Program Files\Search Settings\kb127\SearchSettings.dll [2008-06-12 1111904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {147D6308-0614-4112-89B1-31402F9B82C4} - Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-04 228048]

    {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Dealio - C:\Program Files\Dealio\kb127\Dealio.dll [2008-05-26 3170144]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
    "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-12-13 919016]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-18 13574144]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
    "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "Joomlab"=C:\WINDOWS\defragnt.exe []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
    "MsgCenterExe"=C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe -osboot []
    "E06FXLRD_92935046"=C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "symws"=C:\WINDOWS\defragnt.exe []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "Joomlab"=C:\WINDOWS\defragnt.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
    C:\Program Files\Dealio\DealioAU.exe [2008-05-26 595296]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_1024515]
    C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_34222078]
    C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_366718]
    C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_456015]
    C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_51534937]
    C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_6466781]
    -m []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_7249859]
    C:\Program Files\Microsoft Encarta\Microsoft Encarta Junior 2006\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_812437]
    C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HiYo]
    C:\Program Files\HiYo\bin\HiYo.exe [2009-01-11 300336]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-02-16 81920]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
    C:\Program Files\Microsoft LifeCam\LifeExp.exe [2008-08-04 160800]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    C:\DOCUME~1\denis\MENUDM~1\PROGRA~1\NEROBA~1\NBJ.exe [2005-06-02 1957888]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    C:\WINDOWS\system32\NvCpl.dll [2008-09-18 13574144]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    C:\WINDOWS\system32\NvMcTray.dll [2008-09-18 86016]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
    C:\WINDOWS\system32\nvraidservice.exe [2008-08-18 203296]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
    C:\Program Files\Search Settings\SearchSettings.exe [2008-06-12 991584]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    C:\Program Files\Steam\Steam.exe [2008-10-08 1410296]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Store 'n' Go]
    C:\Documents and Settings\denis\Application Data\Verbatim Software\V-Key.exe [2005-11-29 2297856]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2005-10-27 139264]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [2006-06-06 40960]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    C:\Program Files\Unlocker\UnlockerAssistant.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
    C:\WINDOWS\vVX3000.exe [2008-08-04 721936]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
    C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-11-04 53248]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^denis^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
    C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-09-12 384000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-10-09 79408]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=149
    "EditLevel"=0
    "NoRun"=0
    "NoClose"=0
    "NoCommonGroups"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\CodeRED Alien Arena\crx.exe"="C:\CodeRED Alien Arena\crx.exe:*:D isabled:crx"
    "C:\nexuiz\nexuiz.exe"="C:\nexuiz\nexuiz.exe:*:Enabled:D arkPlaces Game Engine"
    "C:\Sauerbraten\sauerbraten\bin\sauerbraten.exe"="C:\Sauerbraten\sauerbraten\bin\sauerbraten.exe:*:Enabled:sauerbraten"
    "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
    "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
    "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
    "C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
    "C:\Program Files\Sierra\FEARCombat\fpupdate.exe"="C:\Program Files\Sierra\FEARCombat\fpupdate.exe:*:D isabled:fpupdate"
    "C:\Program Files\Sierra\FEARCombat\FEARMP.exe"="C:\Program Files\Sierra\FEARCombat\FEARMP.exe:*:Enabled:FEAR Combat"
    "C:\Program Files\GameSpy\Comrade\Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade"
    "C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
    "C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
    "C:\Program Files\Microsoft LifeCam\LifeEnC2.exe"="C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe"
    "C:\Program Files\Microsoft LifeCam\LifeTray.exe"="C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a26c6c7-c5f6-11dd-a8e5-00148524342d}]
    shell\AutoRun\command - I:\setupSNK.exe


    ======List of files/folders created in the last 1 months======

    2009-08-03 17:53:29 ----D---- C:\rsit
    2009-07-30 02:57:37 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
    2009-07-21 21:36:27 ----D---- C:\Program Files\QuickMediaConverter
    2009-07-21 00:27:49 ----A---- C:\version.txt
    2009-07-16 09:03:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
    2009-07-16 09:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
    2009-07-16 03:01:12 ----A---- C:\WINDOWS\imsins.BAK
    2009-07-16 03:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

    ======List of files/folders modified in the last 1 months======

    2009-08-03 17:53:37 ----D---- C:\WINDOWS\Prefetch
    2009-08-03 16:00:12 ----D---- C:\WINDOWS\Internet Logs
    2009-08-03 15:57:51 ----D---- C:\WINDOWS\Temp
    2009-08-03 15:19:02 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-08-03 15:18:21 ----D---- C:\WINDOWS
    2009-08-03 14:58:13 ----D---- C:\Program Files\Mozilla Firefox
    2009-08-03 14:54:21 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-07-31 19:05:05 ----D---- C:\Program Files\Microsoft Silverlight
    2009-07-31 18:58:35 ----SHD---- C:\WINDOWS\Installer
    2009-07-31 18:58:34 ----HD---- C:\Config.Msi
    2009-07-30 12:53:23 ----D---- C:\WINDOWS\system32
    2009-07-30 02:57:49 ----HD---- C:\WINDOWS\inf
    2009-07-30 02:57:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-07-30 02:56:53 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-07-29 11:57:33 ----HD---- C:\WINDOWS\$hf_mig$
    2009-07-22 23:55:13 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-07-22 15:13:54 ----D---- C:\Documents and Settings\denis\Application Data\AdobeUM
    2009-07-21 22:12:33 ----D---- C:\Documents and Settings\denis\Application Data\uTorrent
    2009-07-21 21:36:27 ----AD---- C:\Program Files
    2009-07-18 18:03:49 ----A---- C:\WINDOWS\system32\shdocvw.dll
    2009-07-18 18:03:49 ----A---- C:\WINDOWS\system32\mshtml.dll
    2009-07-16 09:30:48 ----D---- C:\WINDOWS\system32\LogFiles
    2009-07-16 09:02:58 ----D---- C:\WINDOWS\Debug
    2009-07-16 08:58:57 ----D---- C:\WINDOWS\system32\drivers
    2009-07-11 01:55:13 ----D---- C:\Documents and Settings\denis\Application Data\Vso
    2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-07-04 04:01:23 ----RSD---- C:\WINDOWS\Fonts

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 43008]
    R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
    R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-05 3968]
    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-27 75096]
    R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
    R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-10-02 5632]
    R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2007-12-13 394952]
    R2 irda;Protocole IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
    R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [1996-12-12 64512]
    R2 X4HSX32;X4HSX32; \??\C:\Program Files\Player Metaboli\X4HSX32.Sys []
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 irsir;Pilote série infrarouge Microsoft; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-18 6132576]
    R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
    R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
    R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-14 47360]
    R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
    R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
    R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2008-08-04 1964816]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2002-05-06 24511]
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
    S3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
    S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-24 12288]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-11-11 9856]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
    S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
    S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
    R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-10-09 312880]
    R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
    R2 Irmon;Moniteur infrarouge; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
    R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
    R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2008-08-04 164896]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-18 163908]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
    R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-10-12 66872]
    R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
    R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2007-12-13 75304]
    R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-10-25 72704]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
    S3 InstallShield Licensing Service;InstallShield Licensing Service; C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe [2006-02-28 69632]
    S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
    S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-12-19 195752]
    S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

    -----------------EOF-----------------











    info.txt logfile of random's system information tool 1.06 2009-08-03 17:53:44

    ======Uninstall list======

    skins ALMS Mod Prototypes 1998-2008 SCC v2.41 for GTR2-->C:\GTR2\Uninstall_ALMS_skins_Mod_Prototypes_1998-2008_SCC_v2.41_for_GTR2.exe
    skins Le Mans Mod Prototypes 1998-2008 SCC v2.41 for GTR2-->C:\GTR2\Uninstall_LeMans_skins_Mod_Prototypes_1998-2008_SCC_v2.41_for_GTR2.exe
    skins LMES Mod Prototypes 1998-2008 SCC v2.41 for GTR2-->C:\GTR2\Uninstall_ skins_LMES_Mod_Prototypes_1998-2008_SCC_v2.41_for_GTR2.exe
    -->C:\WINDOWS\unin040c.exe -fC:\ADLM\DeIsL1.isu
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    3D-WinBrick2001-->C:\WINDOWS\s&f_UnIn.exe -uC:\Program Files\3D-WinBrick2001\UnInst.inf
    ACDSee 10 Photo Manager-->MsiExec.exe /I{F8B98EB6-FC06-45BF-87D4-9784E0408611}
    Ad-aware SE - Traduction FR-->C:\Program Files\Lavasoft\Ad-Aware SE Personal\uninst-trad.exe
    Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
    Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
    Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
    Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
    Adobe Illustrator CS2 Version d'évaluation-->msiexec /I {7F9A0582-482D-4F0B-B85C-C1418418077F}
    Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
    Adobe Reader 6.0.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A00000000001}
    Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
    Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
    Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
    Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
    Alien Arena 2006-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A376CC14-A32D-4D4D-889E-5546BCC4B595}\setup.exe" -l0x9
    Apple Software Update-->MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
    Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c
    Audacity 1.3.2 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
    AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    BMW M3 Challenge-->"C:\BMW M3 Challenge\Support\unins000.exe"
    Canon Camera Access Library-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
    Canon Camera Support Core Library-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
    Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
    Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
    Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
    Canon G.726 WMP-Decoder-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
    CANON iMAGE GATEWAY Task-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
    Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
    Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
    Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
    Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
    Canon Utilities EOS Utility-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
    Canon Utilities PhotoStitch-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
    Canon Utilities ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Collection Microsoft Encarta 2006 DVD-->MsiExec.exe /I{06180081-3E21-46D6-9A91-D927BA08F41D}
    Companion wizard-->C:\Program Files\Common Files\Companion Wizard\compwiz.exe -u
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
    ConvertXtoDVD 3.3.4.107-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
    Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Dance eJay 7 Demo-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D74C204-0451-463E-8B8E-F2E11504A675}\setup.exe" -l0x40c -removeonly
    Dealio Toolbar 3.4-->MsiExec.exe /X{6105648C-0C3C-481D-8C11-1F4952D6FB53}
    DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    Driver Detective-->C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
    EVEREST Ultimate Edition v4.60-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
    Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
    F1 2007 pour GTR2 v1.15-->C:\GTR2\Uninstal mod F1 2007 pour GTR2.exe
    FEARCombat-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75E607CF-7BAE-4B88-84B3-97F3DF44BA28}\setup.exe" -l0x9 /zU -removeonly
    Free Mp3 Wma Converter V 1.7.2-->"C:\Program Files\Free Audio Pack\unins000.exe"
    GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
    GLtron version 0.70-->"C:\Program Files\GLtron\unins000.exe"
    GTR 2 1.0.0.0-->"C:\GTR2\Support\unins000.exe"
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    HiYo -->MsiExec.exe /X{8F3A13FC-DFDA-4001-A6C3-030495A1E66E} ARPVAL="UnInst" /qf /L*V "%temp%\HiYoUninstallLog.log"
    HiYo-->MsiExec.exe /X{8F3A13FC-DFDA-4001-A6C3-030495A1E66E}
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    HP Extended Capabilities 4.7-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
    HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
    HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
    HP Scanjet 3770-->C:\Program Files\HP\Digital Imaging\{7CFD1028-F6C9-4b3c-BD20-51D56E7C7C8D}\setup\hpzscr01.exe -datfile hpgscr01.dat
    HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
    IFOEdit 0.971 Fr-->C:\Program Files\IfoEdit\UnInstall_IfoEdit.exe
    InstallScript-->"C:\Program Files\Octatec\InstallScript\uninstall\unsetup.exe" "C:\Program Files\Octatec\InstallScript\uninstall"
    iTunes-->MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
    J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
    J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
    Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
    Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
    Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    JkDefrag 3.34a-->"C:\Program Files\JkDefrag\unins000.exe"
    Kit de Connexion Alice ADSL-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A0221AD-D30B-4320-8F9B-1D0F0E6C6843}\setup.exe" -l0x40c ControlPanel
    K-Lite Codec Pack 2.89 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
    KnC-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71C554B9-79B7-4B5A-8AF0-C6E5CBE108CC}\setup.exe" -l0x40c -removeonly
    L&H TTS3000 Français-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSFRF.inf, Uninstall
    Leadfoot-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA7632CD-454A-11D5-B5D0-0010B543C735}\Setup.exe"
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Light Driver-->C:\WINDOWS\UNWISE.EXE C:\WINDOWS\LightDriver.LOG
    Ma-Config.com-->MsiExec.exe /X{EC7FE2ED-F305-41B7-90B8-3DAE9E35307A}
    Macrogaming SweetIM 1.2a-->MsiExec.exe /X{5827C8C9-A3C6-4E7C-AA70-F6AFAB52F981}
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    MediaCoder 0.6.1-->C:\Program Files\MediaCoder\uninst.exe
    Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
    Micro Application - Kit CD-DVD MC-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6589821-39D7-4A4F-8CF7-B3CCB3717829}\SETUP.EXE" -l0x40c
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
    Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Corporation-->MsiExec.exe /I{7B08D306-7266-4647-A926-2F78817ED1E0}
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft LifeCam-->MsiExec.exe /X{6BCB7EAA-598C-4836-B7EA-3642E41AA222}
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office 2000 CD-ROM 2-->MsiExec.exe /I{0004040C-78E1-11D2-B60F-006097C998E7}
    Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
    Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Mod Prototypes 1998-2008 SCC v2.41 for GTR2 - Cars-->C:\GTR2\Uninstall_Mod_Prototypes_1998-2008_SCC_v2.41_for_GTR2.exe
    MoTeC i2 Pro-->MsiExec.exe /I{D416059B-C21B-4405-ACC0-010C481E0FDA}
    Mozilla Firefox (3.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
    Multimedia Card Reader-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{07B02BD4-E799-4945-B240-166CA9A9BE2D} /l1036
    My DSC-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD>
    Nero OEM-->C:\Documents and Settings\denis\Menu Démarrer\Programmes\Démarrage\nero\uninstall\UNNERO.exe /UNINSTALL
    Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\Setup.exe /uninstall ExtraUninstallID=""
    Nuance Palm Voice Recorder-->MsiExec.exe /I{57DB3FC4-FB4F-48F8-A290-1C22FB349277}
    NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
    oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe
    OpenAL-->"C:\Program Files\OpenAL\OalinstGridRelease.exe" /U
    OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Pangya_Eu (GOA)-->C:\Program Files\GOA\Pangya_Eu\uninstall.exe
    PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
    PKR-->"C:\Program Files\PKR\uninstall-pkr.exe"
    Plane Arcade-->C:\Program Files\Plane Arcade\uninstall.exe
    Player Metaboli-->"C:\Program Files\Player Metaboli\Uninstall.exe"
    QuickTime-->MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
    RAD Video Tools-->"C:\Program Files\RADVideo\uninstall.exe"
    Radio Fr Solo 2.1-->C:\Program Files\Radio Fr Solo\Uninstall.exe
    Readiris Pro 9-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CA9D105-113C-11D8-AB3E-000102B0F79A}\setup.exe" -l0x40c
    Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly
    Reparer MSN-->C:\WINDOWS\Désinstaller reparermsn.exe
    rFactor (remove only)-->"C:\Program Files\rFactor\Uninstall.exe"
    Richard Burns Rally-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92C7D009-A464-4948-A980-7A3E28CB2F49}\setup.exe" -l0x40c
    RSRBR2009-->"C:\Program Files\SCi Games\Richard Burns Rally\unins000.exe"
    SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
    Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
    SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
    SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
    Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
    Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe
    Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
    System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
    Taleban Attack-->C:\WINDOWS\system32\duninstall.exe "C:\Program Files\Brodaroda\Taleban Attack\\install.log"
    TrackMania Nations ESWC 1.7.9-->"C:\Program Files\TrackMania Nations ESWC\unins000.exe"
    True Combat: Elite 0.49-->C:\PROGRA~1\WOLFEN~1\tcetest\uninst.exe
    Uniblue DriverScanner 2009-->"C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
    Uniblue DriverScanner 2009-->C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
    VobEdit 0.6 Fr-->C:\Program Files\IfoEdit\UnInstall_VobEdit.exe
    WarRock-->C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
    Web Media Player 0.63b-->"C:\Program Files\Web Media Player\unins000.exe"
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
    Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
    Windows Live Sync-->MsiExec.exe /X{67D0313C-4F15-437D-9A2D-C1564088A26A}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    Wolfenstein - Enemy Territory-->C:\PROGRA~1\WOLFEN~1\Uninstall\Unwise.exe /u C:\PROGRA~1\WOLFEN~1\Uninstall\Install.log
    XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
    ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

    ======Security center information======

    AV: Avira AntiVir PersonalEdition
    FW: ZoneAlarm Firewall

    ======System event log======

    Computer Name: DENIS-QIOX3BIL7
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).

    Record Number: 651440
    Source Name: Service Control Manager
    Time Written: 20090526174739.000000+120
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: DENIS-QIOX3BIL7
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.

    Record Number: 651439
    Source Name: Service Control Manager
    Time Written: 20090526174739.000000+120
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: DENIS-QIOX3BIL7
    Event Code: 7036
    Message: Le service Téléphonie est entré dans l'état : en cours d'exécution.

    Record Number: 651438
    Source Name: Service Control Manager
    Time Written: 20090526174739.000000+120
    Event Type: Informations
    User:

    Computer Name: DENIS-QIOX3BIL7
    Event Code: 7036
    Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.

    Record Number: 651437
    Source Name: Service Control Manager
    Time Written: 20090526174739.000000+120
    Event Type: Informations
    User:

    Computer Name: DENIS-QIOX3BIL7
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.

    Record Number: 651436
    Source Name: Service Control Manager
    Time Written: 20090526174739.000000+120
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    =====Application event log=====

    Computer Name: DENIS-QIOX3BIL7
    Event Code: 102
    Message: MsnMsgr (864) \\.\C:\Documents and Settings\denis\Local Settings\Application Data\Microsoft\Messenger\denislucie@live.fr\SharingMetadata\Working\database_A4A0_2AB_A002_83D0\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

    Record Number: 24284
    Source Name: ESENT
    Time Written: 20090501122532.000000+120
    Event Type: Informations
    User:

    Computer Name: DENIS-QIOX3BIL7
    Event Code: 100
    Message: MsnMsgr (864) Le moteur de base de données 5.01.2600.5512 est démarré.

    Record Number: 24283
    Source Name: ESENT
    Time Written: 20090501122532.000000+120
    Event Type: Informations
    User:

    Computer Name: DENIS-QIOX3BIL7
    Event Code: 101
    Message: MsnMsgr (864) Le moteur de base de données est arrêté.

    Record Number: 24282
    Source Name: ESENT
    Time Written: 20090501122521.000000+120
    Event Type: Informations
    User:

    Computer Name: DENIS-QIOX3BIL7
    Event Code: 103
    Message: MsnMsgr (864) \\.\C:\Documents and Settings\denis\Local Settings\Application Data\Microsoft\Messenger\denislucie@live.fr\SharingMetadata\Working\database_A4A0_2AB_A002_83D0\dfsr.db: Le moteur de base de données a arrêté une instance (0).

    Record Number: 24281
    Source Name: ESENT
    Time Written: 20090501122521.000000+120
    Event Type: Informations
    User:

    Computer Name: DENIS-QIOX3BIL7
    Event Code: 102
    Message: MsnMsgr (864) \\.\C:\Documents and Settings\denis\Local Settings\Application Data\Microsoft\Messenger\denislucie@live.fr\SharingMetadata\Working\database_A4A0_2AB_A002_83D0\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

    Record Number: 24280
    Source Name: ESENT
    Time Written: 20090501121905.000000+120
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\FICHIE~1\AUTODE~1;C:\Program Files\QuickTime\QTSystem\;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\Fichiers communs\Adobe\AGL;C:\Program Files\Samsung\Samsung PC Studio 3\
    "windir"=%SystemRoot%
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
    "PROCESSOR_REVISION"=2f02
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "FP_NO_HOST_CHECK"=NO
    "CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
    "tvdumpflags"=8

    -----------------EOF-----------------



    Contenus similaires
    a c 333 8 Sécurité
    3 Août 2009 19:05:20

  • Désinstalle Dealio Toolbar et Search Settings.

    AVG Anti-Spyware st obsolète :
    http://gratuit.avg.fr/telecharger-avg-anti-spyware-et-a...

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    3 Août 2009 19:38:57

    voila mon rapport :


    Malwarebytes' Anti-Malware 1.08
    Version de la base de données: 475

    Type de recherche: Examen rapide
    Eléments examinés: 31761
    Temps écoulé: 7 minute(s), 51 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    a c 333 8 Sécurité
    3 Août 2009 19:55:48

    Malwarebytes' Anti-Malware n'est pas du tout à jour. Mets-le à jour et refais un scan rapide.
    3 Août 2009 20:38:07

    voila mon nouveau rapport, en effet c'est pas la même chose :


    Malwarebytes' Anti-Malware 1.39
    Version de la base de données: 2551
    Windows 5.1.2600 Service Pack 3

    03/08/2009 20:37:12
    mbam-log-2009-08-03 (20-37-12).txt

    Type de recherche: Examen rapide
    Eléments examinés: 98757
    Temps écoulé: 5 minute(s), 59 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 4
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{n0ksq317-x610-4u04-4u51-6ug553325747} (Generic.Bot.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b5141620-c2b2-4d95-9f0f-134d99c87ab0} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    a c 333 8 Sécurité
    3 Août 2009 20:47:11

  • Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

    /!\ Déconnecte-toi et ferme toutes applications en cours /!\

  • Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
  • Double-clique sur le raccourci d'Ad-Remover situé sur ton Bureau pour le lancer.
    (Sous Vista, il faut cliquer droit sur le raccourci d'Ad-Remover et choisir Exécuter en tant qu'administrateur)
  • Choisis la langue F pour français.
  • Au menu principal, choisis l'option S.

    /!\ Laisse travailler l'outil /!\

  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-SCAN.log).

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    Note : "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    3 Août 2009 22:19:22

    voila mon rapport :


    ======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
    .
    Mit à jour par C_XX le 24/06/2009 à 7:10 PM
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 21:15:48, 03/08/2009 | Mode Normal | Option: SCAN
    Exécuté de: C:\Program Files\Ad-remover\
    Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
    Nom du PC: DENIS-QIOX3BIL7 | Utilisateur actuel: denis
    .
    Administrateur: Administrateur
    N'est pas administrateur: ASPNET
    Administrateur: denis
    N'est pas administrateur: HelpAssistant *Desactive*
    N'est pas administrateur: Invité
    N'est pas administrateur: SUPPORT_388945a0 *Desactive*
    .
    ============== ÉLÉMENT(S) TROUVÉ(S) ==============
    .
    .
    HKCR\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}
    HKCR\Interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
    HKCR\SearchSettings.BHO
    HKCR\SearchSettings.BHO.1
    HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
    HKCU\Software\SWEETIE
    HKLM\Software\Classes\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}
    HKLM\Software\Classes\Interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
    HKLM\Software\Classes\SearchSettings.BHO
    HKLM\Software\Classes\SearchSettings.BHO.1
    HKLM\Software\Classes\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
    HKLM\Software\Dealio
    HKLM\Software\Macrogaming
    HKLM\Software\Microsoft\ESENT\Process\SweetIM
    HKLM\Software\Microsoft\Internet Explorer\Extensions\{E908B145-C847-4e85-B315-07E2E70DECF8}
    HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
    HKLM\Software\Search Settings
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
    HKCR\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082}
    HKLM\Software\Classes\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}
    HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\35F8F48CFBC340946AF151B8E2105C1B
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\430B9074095998B438236F5FB1ED75CB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\80719E8EA720305459C0EE8389E9CAFB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A8B8696B937B0D04B8796ADECB6EC106
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B084A05F467835D4394CCF76723438C1
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E6E39982D5828024DA11899256779137
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F1B496B301445D115AA4000972A8B18B
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
    .
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
    C:\DOCUME~1\denis\APPLIC~1\Dealio
    C:\DOCUME~1\denis\APPLIC~1\Search Settings
    C:\Program Files\Dealio
    C:\Program Files\Macrogaming
    C:\Program Files\Search Settings
    C:\WINDOWS\Installer\15759a.msi
    C:\WINDOWS\Installer\1e87a21.msi
    C:\WINDOWS\Installer\1e87a27.msi
    .
    ============== Scan additionnel ==============
    .

    * Mozilla FireFox Version 3.0.12 *

    Nom du profil: fqaghp26.default (denis)
    .
    (Prefs.js) user_pref("browser.search.defaultenginename", "Google");
    (Prefs.js) user_pref("browser.search.selectedEngine", "Live Search");
    (Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
    (Prefs.js) user_pref("browser.startup.homepage", "hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:o fficial");
    (Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.12");
    .
    .

    * Internet Explorer Version 6.0.2900.5512 *

    [HKEY_CURRENT_USER\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchAssistant: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    Search bar: hxxp://www.google.com/ie
    Search Page: hxxp://www.google.com
    Start Page: hxxp://www.msn.fr/

    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.google.com/ie
    SearchAssistant: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://www.google.com

    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]


    .
    ============== Processus Caches/Bloque ==============
    .
    PID: 1468 [LOCKED] vsmon.exe
    PID: 516 [LOCKED] zlclient.exe
    .

    ============== Suspect (Cracks, Serials ... ) ==============

    .
    C:\Documents and Settings\denis\Bureau\a trier bureau\ET_Patch_2_60.exe
    C:\Documents and Settings\denis\Bureau\a trier bureau\nerovision-express_patch_francais_3.1.0.25_francais_10914.exe
    C:\Documents and Settings\denis\Bureau\JEUX divers\Grid\#readme#\GRIDPatch2.exe
    C:\Documents and Settings\denis\Mes documents\Fichiers p2p\FILMS\GTR.2-RELOADED\Crack\GTR2 v1.1 no-cd.rar
    C:\Documents and Settings\denis\Mes documents\Fichiers p2p\FILMS\GTR.2-RELOADED\Crack\GTR2.exe
    C:\Documents and Settings\denis\Mes documents\Fichiers p2p\Lavalys.EVEREST.Ultimate.Edition.v4.60.1500.Multilingual.Incl.Keygen-BRD\brd.nfo
    C:\Documents and Settings\denis\Mes documents\Fichiers p2p\Lavalys.EVEREST.Ultimate.Edition.v4.60.1500.Multilingual.Incl.Keygen-BRD\Lavalys.EVEREST.Ultimate.Edition.v4.60.1500.Multilingual.Incl.Keygen-BRD.rar
    C:\Documents and Settings\denis\Mes documents\Fichiers p2p\Uniblue.DriverScanner 2009 2.0.0.47.Inc Keygen-lz0{DEMONOID}{JOHNCANADUDE}\driverscanner.exe
    C:\Documents and Settings\denis\Mes documents\Fichiers p2p\Uniblue.DriverScanner 2009 2.0.0.47.Inc Keygen-lz0{DEMONOID}{JOHNCANADUDE}\Universal Keygen.BRD.rar
    C:\Documents and Settings\denis\Mes documents\fichiers torrent trackers\Architecte 3D (Plan Maison Architecture) Crack.zip.rar.torrent
    C:\Documents and Settings\denis\Mes documents\fichiers torrent trackers\Dragon.Naturally.Speaking.9.51.Professional(French+all.English).setup+Readme.Serial.torrent
    C:\Documents and Settings\denis\Mes documents\fichiers torrent trackers\Lavalys.EVEREST.Ultimate.Edition.v4.60.1500.Multilingual.Incl.Keygen-BRD.torrent
    C:\Documents and Settings\denis\Mes documents\fichiers torrent trackers\Need.For.Speed.Pro.Street.CRACK-ONLY-RELOADED.torrent
    C:\Documents and Settings\denis\Mes documents\fichiers torrent trackers\Uniblue.DriverScanner 2009 2.0.0.47.Inc Keygen-lz0{DEMONOID}{JOHNCANADUDE}.torrent
    C:\Documents and Settings\denis\Mes documents\fichiers torrent trackers\VSO ConvertXtoDVD 3.3.4.107+keygen.torrent
    .
    ===================================
    .
    10529 Octet(s) - C:\Ad-Report-SCAN.log
    .
    127 Fichier(s) - C:\DOCUME~1\denis\LOCALS~1\Temp
    41 Fichier(s) - C:\WINDOWS\Temp
    .
    1 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
    0 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
    .
    Fin à: 21:58:26 | 03/08/2009
    .
    ============== E.O.F ==============
    .
    a c 333 8 Sécurité
    3 Août 2009 22:27:20

    Tu peux faire l'option L et poster le rapport.
    4 Août 2009 01:21:59

    voila la rapport après nettoyage:


    ======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
    .
    Mit à jour par C_XX le 24/06/2009 à 7:10 PM
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 0:28:37, 04/08/2009 | Mode Normal | Option: CLEAN
    Exécuté de: C:\Program Files\Ad-remover\
    Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
    Nom du PC: DENIS-QIOX3BIL7 | Utilisateur actuel: denis
    .
    Administrateur: Administrateur
    N'est pas administrateur: ASPNET
    Administrateur: denis
    N'est pas administrateur: HelpAssistant *Desactive*
    N'est pas administrateur: Invité
    N'est pas administrateur: SUPPORT_388945a0 *Desactive*
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\35F8F48CFBC340946AF151B8E2105C1B
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\430B9074095998B438236F5FB1ED75CB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\80719E8EA720305459C0EE8389E9CAFB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A8B8696B937B0D04B8796ADECB6EC106
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B084A05F467835D4394CCF76723438C1
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E6E39982D5828024DA11899256779137
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F1B496B301445D115AA4000972A8B18B
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
    .
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio\Dealio Deskbar.lnk
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio\Help.url
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio\Uninstall.lnk
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio\What is Dealio.url
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\alerts.gif
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\alerts_over.gif
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\alerts_rec.gif
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\alerts_rec_over.gif
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\chevron-small.gif
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\DealioSearch.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\deals-leftcap.gif
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\deal_report.jpg
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\ebay_login.jpg
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\err_mainwindow.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\err_toolbar.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\global_scripts.js
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\headerbgthin.jpg
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\highlight-bg.png
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\logo.gif
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\logo_over.gif
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\man_toolbar.css
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\man_toolbar.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\man_toolbar.js
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\man_toolbarl.js
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\post-this-deal.gif
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\post-this-deal_over.gif
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\scripts.js
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\scroller.js
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\search-chevron.gif
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\search-chevron_over.gif
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\search_bg_blink.gif
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\separator.gif
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\settings.gif
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\settings_over.gif
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\res\yahoo-search.png
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\index.76.35
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.10.76
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.109.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.110.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.12.52
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.13.58
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.130.58
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.135.50
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.153.44
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.155.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.156.49
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.16.60
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.161.52
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.178.66
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.184.55
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.188.52
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.189.45
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.196.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.198.56
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.199.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.200.53
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.201.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.202.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.203.71
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.205.62
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.213.71
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.214.49
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.215.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.216.67
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.217.67
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.218.52
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.219.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.220.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.221.57
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.222.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.223.68
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.226.68
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.227.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.228.62
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.229.76
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.23.63
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.239.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.24.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.240.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.241.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.242.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.243.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.244.63
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.245.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.247.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.248.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.249.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.250.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.251.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.252.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.253.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.254.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.255.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.256.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.257.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.279.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.28.58
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.282.75
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.283.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.284.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.289.67
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.290.62
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.291.61
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.296.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.297.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.304.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.307.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.308.75
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.31.47
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.310.46
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.311.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.315.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.316.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.317.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.318.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.319.49
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.32.48
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.334.44
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.335.60
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.336.44
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.337.44
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.338.75
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.339.47
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.34.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.340.47
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.341.47
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.349.50
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.35.48
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.350.50
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.351.51
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.352.54
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.353.51
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.354.51
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.357.62
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.358.52
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.359.52
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.360.53
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.361.54
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.362.68
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.363.58
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.364.54
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.365.53
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.367.56
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.368.58
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.369.55
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.370.56
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.371.56
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.372.57
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.373.55
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.375.56
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.376.57
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.377.55
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.378.65
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.384.58
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.386.71
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.387.59
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.388.59
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.389.59
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.390.60
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.391.60
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.392.60
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.393.60
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.394.60
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.396.61
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.397.61
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.398.60
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.399.60
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.403.61
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.404.63
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.405.61
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.406.61
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.407.76
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.408.63
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.409.61
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.412.62
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.413.62
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.414.62
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.415.62
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.416.62
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.417.62
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.418.62
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.419.62
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.420.62
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.421.62
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.423.63
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.424.63
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.425.63
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.426.63
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.427.63
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.428.65
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.429.63
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.430.63
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.432.65
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.433.64
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.434.65
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.435.64
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.436.76
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.437.64
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.438.71
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.439.71
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.440.75
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.442.73
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.443.73
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.444.73
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.445.68
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.446.69
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.450.67
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.451.67
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.452.68
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.453.68
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.454.69
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.456.69
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.457.75
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.458.70
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.459.70
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.460.69
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.462.74
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.463.69
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.464.70
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.465.68
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.468.70
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.469.70
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.470.70
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.471.73
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.472.70
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.478.74
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.479.73
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.480.68
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.481.71
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.482.74
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.49.67
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.50.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.500.71
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.501.74
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.502.71
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.51.69
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.52.72
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.520.76
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.521.76
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.522.76
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.53.51
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.531.76
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.532.75
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.534.75
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.54.47
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.55.45
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.56.69
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.57.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.58.47
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.593.76
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.595.76
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.63.57
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.66.47
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.70.75
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\rules\rules.1.71.43
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\dealio-14459.log
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\dod_cache.xml
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1104_1112_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1332_908_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1384_3440_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2044_2120_5.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2064_3864_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2160_1944_6.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2160_2152_18.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2160_2300_12.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2160_2600_9.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2160_3364_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2160_3732_15.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2216_2284_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2268_2232_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2312_2836_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_1000_8.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_1120_45.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_2260_5.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_228_9.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_2808_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_3276_30.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_3416_24.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_3772_36.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_3788_15.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_3824_27.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_3848_48.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_3892_12.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_3956_42.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_4044_33.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_576_39.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_656_21.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2596_912_18.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2816_2568_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2832_2648_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2868_3536_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2868_3756_6.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3104_1272_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3124_3276_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3140_884_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3144_3140_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3180_1816_5.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3228_244_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3392_4088_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3408_1560_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3408_1880_27.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3408_1900_12.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3408_192_24.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3408_2472_11.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3408_2648_21.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3408_2996_30.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3408_3696_6.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3408_3788_15.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3408_548_18.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3416_1388_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3416_3448_6.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3680_692_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3708_812_5.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3808_3712_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3808_3848_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3808_896_8.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3880_1784_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3880_3416_6.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3900_3904_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4080_2140_9.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4080_2356_6.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4080_3064_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4080_3996_12.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4996_5000_5.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5364_2636_15.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5364_4260_18.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5364_4412_9.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5364_4900_6.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5364_5140_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5364_5876_12.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_620_288_6.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_620_864_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_624_3484_3.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_836_2016_5.html
    C:\DOCUME~1\denis\APPLIC~1\Dealio
    C:\DOCUME~1\denis\APPLIC~1\Search Settings\kb127
    C:\DOCUME~1\denis\APPLIC~1\Search Settings\kb127\res
    C:\DOCUME~1\denis\APPLIC~1\Search Settings\kb127\temp
    C:\DOCUME~1\denis\APPLIC~1\Search Settings\kb127\temp\ws-14459.log
    C:\DOCUME~1\denis\APPLIC~1\Search Settings
    C:\Program Files\Dealio\DealioAU.exe
    C:\Program Files\Dealio\kb127
    C:\Program Files\Dealio\SearchSettingsKit.exe
    C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
    C:\Program Files\Dealio\kb127\Dealio.dll
    C:\Program Files\Dealio\kb127\DealioRes409.dll
    C:\Program Files\Dealio\kb127\res
    C:\Program Files\Dealio\kb127\resDN
    C:\Program Files\Dealio\kb127\rules
    C:\Program Files\Dealio\kb127\temp
    C:\Program Files\Dealio\kb127\res\alerts.gif
    C:\Program Files\Dealio\kb127\res\alerts_over.gif
    C:\Program Files\Dealio\kb127\res\alerts_rec.gif
    C:\Program Files\Dealio\kb127\res\alerts_rec_over.gif
    C:\Program Files\Dealio\kb127\res\chevron-small.gif
    C:\Program Files\Dealio\kb127\res\DealioSearch.html
    C:\Program Files\Dealio\kb127\res\deals-leftcap.gif
    C:\Program Files\Dealio\kb127\res\deal_report.jpg
    C:\Program Files\Dealio\kb127\res\ebay_login.jpg
    C:\Program Files\Dealio\kb127\res\err_mainwindow.html
    C:\Program Files\Dealio\kb127\res\err_toolbar.html
    C:\Program Files\Dealio\kb127\res\global_scripts.js
    C:\Program Files\Dealio\kb127\res\headerbgthin.jpg
    C:\Program Files\Dealio\kb127\res\highlight-bg.png
    C:\Program Files\Dealio\kb127\res\logo.gif
    C:\Program Files\Dealio\kb127\res\logo_over.gif
    C:\Program Files\Dealio\kb127\res\man_toolbar.css
    C:\Program Files\Dealio\kb127\res\man_toolbar.html
    C:\Program Files\Dealio\kb127\res\man_toolbar.js
    C:\Program Files\Dealio\kb127\res\man_toolbarl.js
    C:\Program Files\Dealio\kb127\res\post-this-deal.gif
    C:\Program Files\Dealio\kb127\res\post-this-deal_over.gif
    C:\Program Files\Dealio\kb127\res\scripts.js
    C:\Program Files\Dealio\kb127\res\scroller.js
    C:\Program Files\Dealio\kb127\res\search-chevron.gif
    C:\Program Files\Dealio\kb127\res\search-chevron_over.gif
    C:\Program Files\Dealio\kb127\res\search_bg_blink.gif
    C:\Program Files\Dealio\kb127\res\separator.gif
    C:\Program Files\Dealio\kb127\res\settings.gif
    C:\Program Files\Dealio\kb127\res\settings_over.gif
    C:\Program Files\Dealio\kb127\res\yahoo-search.png
    C:\Program Files\Dealio\kb127\resDN\bottom.gif
    C:\Program Files\Dealio\kb127\resDN\chevron_down.gif
    C:\Program Files\Dealio\kb127\resDN\chevron_up.gif
    C:\Program Files\Dealio\kb127\resDN\close.gif
    C:\Program Files\Dealio\kb127\resDN\deskbar.css
    C:\Program Files\Dealio\kb127\resDN\deskbar.js
    C:\Program Files\Dealio\kb127\resDN\dispatch_helper.js
    C:\Program Files\Dealio\kb127\resDN\ebay_compatible.jpg
    C:\Program Files\Dealio\kb127\resDN\logo.gif
    C:\Program Files\Dealio\kb127\resDN\logo_chevron_bkg.gif
    C:\Program Files\Dealio\kb127\resDN\losing.gif
    C:\Program Files\Dealio\kb127\resDN\lost.gif
    C:\Program Files\Dealio\kb127\resDN\man_deskbar.html
    C:\Program Files\Dealio\kb127\resDN\menu_arrow.gif
    C:\Program Files\Dealio\kb127\resDN\menu_check.gif
    C:\Program Files\Dealio\kb127\resDN\no_image.gif
    C:\Program Files\Dealio\kb127\resDN\prod_img.gif
    C:\Program Files\Dealio\kb127\resDN\search_chevron.gif
    C:\Program Files\Dealio\kb127\resDN\spacer.gif
    C:\Program Files\Dealio\kb127\resDN\textfield_bkg.gif
    C:\Program Files\Dealio\kb127\resDN\top.gif
    C:\Program Files\Dealio\kb127\resDN\unknown.gif
    C:\Program Files\Dealio\kb127\resDN\winning.gif
    C:\Program Files\Dealio\kb127\resDN\won.gif
    C:\Program Files\Dealio\kb127\rules\index.76.35
    C:\Program Files\Dealio\kb127\rules\rules.1.10.76
    C:\Program Files\Dealio\kb127\rules\rules.1.109.43
    C:\Program Files\Dealio\kb127\rules\rules.1.110.43
    C:\Program Files\Dealio\kb127\rules\rules.1.12.52
    C:\Program Files\Dealio\kb127\rules\rules.1.13.58
    C:\Program Files\Dealio\kb127\rules\rules.1.130.58
    C:\Program Files\Dealio\kb127\rules\rules.1.135.50
    C:\Program Files\Dealio\kb127\rules\rules.1.153.44
    C:\Program Files\Dealio\kb127\rules\rules.1.155.43
    C:\Program Files\Dealio\kb127\rules\rules.1.156.49
    C:\Program Files\Dealio\kb127\rules\rules.1.16.60
    C:\Program Files\Dealio\kb127\rules\rules.1.161.52
    C:\Program Files\Dealio\kb127\rules\rules.1.178.66
    C:\Program Files\Dealio\kb127\rules\rules.1.184.55
    C:\Program Files\Dealio\kb127\rules\rules.1.188.52
    C:\Program Files\Dealio\kb127\rules\rules.1.189.45
    C:\Program Files\Dealio\kb127\rules\rules.1.196.43
    C:\Program Files\Dealio\kb127\rules\rules.1.198.56
    C:\Program Files\Dealio\kb127\rules\rules.1.199.43
    C:\Program Files\Dealio\kb127\rules\rules.1.200.53
    C:\Program Files\Dealio\kb127\rules\rules.1.201.43
    C:\Program Files\Dealio\kb127\rules\rules.1.202.43
    C:\Program Files\Dealio\kb127\rules\rules.1.203.71
    C:\Program Files\Dealio\kb127\rules\rules.1.205.62
    C:\Program Files\Dealio\kb127\rules\rules.1.213.71
    C:\Program Files\Dealio\kb127\rules\rules.1.214.49
    C:\Program Files\Dealio\kb127\rules\rules.1.215.43
    C:\Program Files\Dealio\kb127\rules\rules.1.216.67
    C:\Program Files\Dealio\kb127\rules\rules.1.217.67
    C:\Program Files\Dealio\kb127\rules\rules.1.218.52
    C:\Program Files\Dealio\kb127\rules\rules.1.219.43
    C:\Program Files\Dealio\kb127\rules\rules.1.220.43
    C:\Program Files\Dealio\kb127\rules\rules.1.221.57
    C:\Program Files\Dealio\kb127\rules\rules.1.222.43
    C:\Program Files\Dealio\kb127\rules\rules.1.223.68
    C:\Program Files\Dealio\kb127\rules\rules.1.226.68
    C:\Program Files\Dealio\kb127\rules\rules.1.227.43
    C:\Program Files\Dealio\kb127\rules\rules.1.228.62
    C:\Program Files\Dealio\kb127\rules\rules.1.229.76
    C:\Program Files\Dealio\kb127\rules\rules.1.23.63
    C:\Program Files\Dealio\kb127\rules\rules.1.239.43
    C:\Program Files\Dealio\kb127\rules\rules.1.24.43
    C:\Program Files\Dealio\kb127\rules\rules.1.240.43
    C:\Program Files\Dealio\kb127\rules\rules.1.241.43
    C:\Program Files\Dealio\kb127\rules\rules.1.242.43
    C:\Program Files\Dealio\kb127\rules\rules.1.243.43
    C:\Program Files\Dealio\kb127\rules\rules.1.244.63
    C:\Program Files\Dealio\kb127\rules\rules.1.245.43
    C:\Program Files\Dealio\kb127\rules\rules.1.247.43
    C:\Program Files\Dealio\kb127\rules\rules.1.248.43
    C:\Program Files\Dealio\kb127\rules\rules.1.249.43
    C:\Program Files\Dealio\kb127\rules\rules.1.250.43
    C:\Program Files\Dealio\kb127\rules\rules.1.251.43
    C:\Program Files\Dealio\kb127\rules\rules.1.252.43
    C:\Program Files\Dealio\kb127\rules\rules.1.253.43
    C:\Program Files\Dealio\kb127\rules\rules.1.254.43
    C:\Program Files\Dealio\kb127\rules\rules.1.255.43
    C:\Program Files\Dealio\kb127\rules\rules.1.256.43
    C:\Program Files\Dealio\kb127\rules\rules.1.257.43
    C:\Program Files\Dealio\kb127\rules\rules.1.279.43
    C:\Program Files\Dealio\kb127\rules\rules.1.28.58
    C:\Program Files\Dealio\kb127\rules\rules.1.282.75
    C:\Program Files\Dealio\kb127\rules\rules.1.283.43
    C:\Program Files\Dealio\kb127\rules\rules.1.284.43
    C:\Program Files\Dealio\kb127\rules\rules.1.289.67
    C:\Program Files\Dealio\kb127\rules\rules.1.290.62
    C:\Program Files\Dealio\kb127\rules\rules.1.291.61
    C:\Program Files\Dealio\kb127\rules\rules.1.296.43
    C:\Program Files\Dealio\kb127\rules\rules.1.297.43
    C:\Program Files\Dealio\kb127\rules\rules.1.304.43
    C:\Program Files\Dealio\kb127\rules\rules.1.307.43
    C:\Program Files\Dealio\kb127\rules\rules.1.308.75
    C:\Program Files\Dealio\kb127\rules\rules.1.31.47
    C:\Program Files\Dealio\kb127\rules\rules.1.310.46
    C:\Program Files\Dealio\kb127\rules\rules.1.311.43
    C:\Program Files\Dealio\kb127\rules\rules.1.315.43
    C:\Program Files\Dealio\kb127\rules\rules.1.316.43
    C:\Program Files\Dealio\kb127\rules\rules.1.317.43
    C:\Program Files\Dealio\kb127\rules\rules.1.318.43
    C:\Program Files\Dealio\kb127\rules\rules.1.319.49
    C:\Program Files\Dealio\kb127\rules\rules.1.32.48
    C:\Program Files\Dealio\kb127\rules\rules.1.334.44
    C:\Program Files\Dealio\kb127\rules\rules.1.335.60
    C:\Program Files\Dealio\kb127\rules\rules.1.336.44
    C:\Program Files\Dealio\kb127\rules\rules.1.337.44
    C:\Program Files\Dealio\kb127\rules\rules.1.338.75
    C:\Program Files\Dealio\kb127\rules\rules.1.339.47
    C:\Program Files\Dealio\kb127\rules\rules.1.34.43
    C:\Program Files\Dealio\kb127\rules\rules.1.340.47
    C:\Program Files\Dealio\kb127\rules\rules.1.341.47
    C:\Program Files\Dealio\kb127\rules\rules.1.349.50
    C:\Program Files\Dealio\kb127\rules\rules.1.35.48
    C:\Program Files\Dealio\kb127\rules\rules.1.350.50
    C:\Program Files\Dealio\kb127\rules\rules.1.351.51
    C:\Program Files\Dealio\kb127\rules\rules.1.352.54
    C:\Program Files\Dealio\kb127\rules\rules.1.353.51
    C:\Program Files\Dealio\kb127\rules\rules.1.354.51
    C:\Program Files\Dealio\kb127\rules\rules.1.357.62
    C:\Program Files\Dealio\kb127\rules\rules.1.358.52
    C:\Program Files\Dealio\kb127\rules\rules.1.359.52
    C:\Program Files\Dealio\kb127\rules\rules.1.360.53
    C:\Program Files\Dealio\kb127\rules\rules.1.361.54
    C:\Program Files\Dealio\kb127\rules\rules.1.362.68
    C:\Program Files\Dealio\kb127\rules\rules.1.363.58
    C:\Program Files\Dealio\kb127\rules\rules.1.364.54
    C:\Program Files\Dealio\kb127\rules\rules.1.365.53
    C:\Program Files\Dealio\kb127\rules\rules.1.367.56
    C:\Program Files\Dealio\kb127\rules\rules.1.368.58
    C:\Program Files\Dealio\kb127\rules\rules.1.369.55
    C:\Program Files\Dealio\kb127\rules\rules.1.370.56
    C:\Program Files\Dealio\kb127\rules\rules.1.371.56
    C:\Program Files\Dealio\kb127\rules\rules.1.372.57
    C:\Program Files\Dealio\kb127\rules\rules.1.373.55
    C:\Program Files\Dealio\kb127\rules\rules.1.375.56
    C:\Program Files\Dealio\kb127\rules\rules.1.376.57
    C:\Program Files\Dealio\kb127\rules\rules.1.377.55
    C:\Program Files\Dealio\kb127\rules\rules.1.378.65
    C:\Program Files\Dealio\kb127\rules\rules.1.384.58
    C:\Program Files\Dealio\kb127\rules\rules.1.386.71
    C:\Program Files\Dealio\kb127\rules\rules.1.387.59
    C:\Program Files\Dealio\kb127\rules\rules.1.388.59
    C:\Program Files\Dealio\kb127\rules\rules.1.389.59
    C:\Program Files\Dealio\kb127\rules\rules.1.390.60
    C:\Program Files\Dealio\kb127\rules\rules.1.391.60
    C:\Program Files\Dealio\kb127\rules\rules.1.392.60
    C:\Program Files\Dealio\kb127\rules\rules.1.393.60
    C:\Program Files\Dealio\kb127\rules\rules.1.394.60
    C:\Program Files\Dealio\kb127\rules\rules.1.396.61
    C:\Program Files\Dealio\kb127\rules\rules.1.397.61
    C:\Program Files\Dealio\kb127\rules\rules.1.398.60
    C:\Program Files\Dealio\kb127\rules\rules.1.399.60
    C:\Program Files\Dealio\kb127\rules\rules.1.403.61
    C:\Program Files\Dealio\kb127\rules\rules.1.404.63
    C:\Program Files\Dealio\kb127\rules\rules.1.405.61
    C:\Program Files\Dealio\kb127\rules\rules.1.406.61
    C:\Program Files\Dealio\kb127\rules\rules.1.407.76
    C:\Program Files\Dealio\kb127\rules\rules.1.408.63
    C:\Program Files\Dealio\kb127\rules\rules.1.409.61
    C:\Program Files\Dealio\kb127\rules\rules.1.412.62
    C:\Program Files\Dealio\kb127\rules\rules.1.413.62
    C:\Program Files\Dealio\kb127\rules\rules.1.414.62
    C:\Program Files\Dealio\kb127\rules\rules.1.415.62
    C:\Program Files\Dealio\kb127\rules\rules.1.416.62
    C:\Program Files\Dealio\kb127\rules\rules.1.417.62
    C:\Program Files\Dealio\kb127\rules\rules.1.418.62
    C:\Program Files\Dealio\kb127\rules\rules.1.419.62
    C:\Program Files\Dealio\kb127\rules\rules.1.420.62
    C:\Program Files\Dealio\kb127\rules\rules.1.421.62
    C:\Program Files\Dealio\kb127\rules\rules.1.423.63
    C:\Program Files\Dealio\kb127\rules\rules.1.424.63
    C:\Program Files\Dealio\kb127\rules\rules.1.425.63
    C:\Program Files\Dealio\kb127\rules\rules.1.426.63
    C:\Program Files\Dealio\kb127\rules\rules.1.427.63
    C:\Program Files\Dealio\kb127\rules\rules.1.428.65
    C:\Program Files\Dealio\kb127\rules\rules.1.429.63
    C:\Program Files\Dealio\kb127\rules\rules.1.430.63
    C:\Program Files\Dealio\kb127\rules\rules.1.432.65
    C:\Program Files\Dealio\kb127\rules\rules.1.433.64
    C:\Program Files\Dealio\kb127\rules\rules.1.434.65
    C:\Program Files\Dealio\kb127\rules\rules.1.435.64
    C:\Program Files\Dealio\kb127\rules\rules.1.436.76
    C:\Program Files\Dealio\kb127\rules\rules.1.437.64
    C:\Program Files\Dealio\kb127\rules\rules.1.438.71
    C:\Program Files\Dealio\kb127\rules\rules.1.439.71
    C:\Program Files\Dealio\kb127\rules\rules.1.440.75
    C:\Program Files\Dealio\kb127\rules\rules.1.442.73
    C:\Program Files\Dealio\kb127\rules\rules.1.443.73
    C:\Program Files\Dealio\kb127\rules\rules.1.444.73
    C:\Program Files\Dealio\kb127\rules\rules.1.445.68
    C:\Program Files\Dealio\kb127\rules\rules.1.446.69
    C:\Program Files\Dealio\kb127\rules\rules.1.450.67
    C:\Program Files\Dealio\kb127\rules\rules.1.451.67
    C:\Program Files\Dealio\kb127\rules\rules.1.452.68
    C:\Program Files\Dealio\kb127\rules\rules.1.453.68
    C:\Program Files\Dealio\kb127\rules\rules.1.454.69
    C:\Program Files\Dealio\kb127\rules\rules.1.456.69
    C:\Program Files\Dealio\kb127\rules\rules.1.457.75
    C:\Program Files\Dealio\kb127\rules\rules.1.458.70
    C:\Program Files\Dealio\kb127\rules\rules.1.459.70
    C:\Program Files\Dealio\kb127\rules\rules.1.460.69
    C:\Program Files\Dealio\kb127\rules\rules.1.462.74
    C:\Program Files\Dealio\kb127\rules\rules.1.463.69
    C:\Program Files\Dealio\kb127\rules\rules.1.464.70
    C:\Program Files\Dealio\kb127\rules\rules.1.465.68
    C:\Program Files\Dealio\kb127\rules\rules.1.468.70
    C:\Program Files\Dealio\kb127\rules\rules.1.469.70
    C:\Program Files\Dealio\kb127\rules\rules.1.470.70
    C:\Program Files\Dealio\kb127\rules\rules.1.471.73
    C:\Program Files\Dealio\kb127\rules\rules.1.472.70
    C:\Program Files\Dealio\kb127\rules\rules.1.478.74
    C:\Program Files\Dealio\kb127\rules\rules.1.479.73
    C:\Program Files\Dealio\kb127\rules\rules.1.480.68
    C:\Program Files\Dealio\kb127\rules\rules.1.481.71
    C:\Program Files\Dealio\kb127\rules\rules.1.482.74
    C:\Program Files\Dealio\kb127\rules\rules.1.49.67
    C:\Program Files\Dealio\kb127\rules\rules.1.50.43
    C:\Program Files\Dealio\kb127\rules\rules.1.500.71
    C:\Program Files\Dealio\kb127\rules\rules.1.501.74
    C:\Program Files\Dealio\kb127\rules\rules.1.502.71
    C:\Program Files\Dealio\kb127\rules\rules.1.51.69
    C:\Program Files\Dealio\kb127\rules\rules.1.52.72
    C:\Program Files\Dealio\kb127\rules\rules.1.520.76
    C:\Program Files\Dealio\kb127\rules\rules.1.521.76
    C:\Program Files\Dealio\kb127\rules\rules.1.522.76
    C:\Program Files\Dealio\kb127\rules\rules.1.53.51
    C:\Program Files\Dealio\kb127\rules\rules.1.531.76
    C:\Program Files\Dealio\kb127\rules\rules.1.532.75
    C:\Program Files\Dealio\kb127\rules\rules.1.534.75
    C:\Program Files\Dealio\kb127\rules\rules.1.54.47
    C:\Program Files\Dealio\kb127\rules\rules.1.55.45
    C:\Program Files\Dealio\kb127\rules\rules.1.56.69
    C:\Program Files\Dealio\kb127\rules\rules.1.57.43
    C:\Program Files\Dealio\kb127\rules\rules.1.58.47
    C:\Program Files\Dealio\kb127\rules\rules.1.593.76
    C:\Program Files\Dealio\kb127\rules\rules.1.595.76
    C:\Program Files\Dealio\kb127\rules\rules.1.63.57
    C:\Program Files\Dealio\kb127\rules\rules.1.66.47
    C:\Program Files\Dealio\kb127\rules\rules.1.70.75
    C:\Program Files\Dealio\kb127\rules\rules.1.71.43
    C:\Program Files\Dealio
    C:\Program Files\Macrogaming\SweetIM
    C:\Program Files\Macrogaming\SweetIM\conf
    C:\Program Files\Macrogaming\SweetIM\data
    C:\Program Files\Macrogaming\SweetIM\default.xml
    C:\Program Files\Macrogaming\SweetIM\logs
    C:\Program Files\Macrogaming\SweetIM\mgAdaptersProxy.dll
    C:\Program Files\Macrogaming\SweetIM\mgArchive.dll
    C:\Program Files\Macrogaming\SweetIM\mgcommon.dll
    C:\Program Files\Macrogaming\SweetIM\mgcommunication.dll
    C:\Program Files\Macrogaming\SweetIM\mgconfig.dll
    C:\Program Files\Macrogaming\SweetIM\mgFlashPlayer.dll
    C:\Program Files\Macrogaming\SweetIM\mghooking.dll
    C:\Program Files\Macrogaming\SweetIM\mgIEPlayer.dll
    C:\Program Files\Macrogaming\SweetIM\mglogger.dll
    C:\Program Files\Macrogaming\SweetIM\mgMsnAuto.dll
    C:\Program Files\Macrogaming\SweetIM\mgMsnMessengerAdapter.dll
    C:\Program Files\Macrogaming\SweetIM\mgMsnProt.dll
    C:\Program Files\Macrogaming\SweetIM\mgSweetIM.dll
    C:\Program Files\Macrogaming\SweetIM\mgUpdateSupport.dll
    C:\Program Files\Macrogaming\SweetIM\mgxml_wrapper.dll
    C:\Program Files\Macrogaming\SweetIM\resources
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Macrogaming\SweetIM\update
    C:\Program Files\Macrogaming\SweetIM\conf\adapter.xml
    C:\Program Files\Macrogaming\SweetIM\conf\logger.xml
    C:\Program Files\Macrogaming\SweetIM\conf\messages.xml
    C:\Program Files\Macrogaming\SweetIM\conf\sweetim.xml
    C:\Program Files\Macrogaming\SweetIM\conf\sweetimapp.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users
    C:\Program Files\Macrogaming\SweetIM\conf\users\denislucie@live.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\doune85@msn.com
    C:\Program Files\Macrogaming\SweetIM\conf\users\luluce85@msn.com
    C:\Program Files\Macrogaming\SweetIM\conf\users\main_user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\denislucie@live.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\denislucie@live.fr\lastuse_Winks.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\denislucie@live.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\doune85@msn.com\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\doune85@msn.com\lastuse_DisplayPictures.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\doune85@msn.com\lastuse_Emoticons.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\doune85@msn.com\lastuse_SoundFX.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\doune85@msn.com\lastuse_Winks.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\doune85@msn.com\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\luluce85@msn.com\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\luluce85@msn.com\lastuse_Audibles.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\luluce85@msn.com\lastuse_Emoticons.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\luluce85@msn.com\lastuse_Winks.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\luluce85@msn.com\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\data\contentdb
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100AA.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100AB.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100AC.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100AE.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100AF.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B1.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B2.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B3.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B4.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B5.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B6.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B7.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B9.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100BA.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100BE.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C0.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C1.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C4.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C5.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C6.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C7.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C8.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C9.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CB.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CC.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CF.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D0.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D1.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D2.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D3.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D4.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D5.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D8.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D9.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100DA.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100DD.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100DE.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100DF.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100E8.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100F7.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100F9.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100FA.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100FD.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100FE.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100FF.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010100.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010101.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010104.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010106.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010107.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010108.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010109.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001010F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010111.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010118.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010119.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001011B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001011D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001011E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001011F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010120.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010122.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010123.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010124.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010814.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010816.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010818.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001081A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001081B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001081C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001081D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001081E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001083F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010840.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010841.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010844.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010845.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010847.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001084A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001084B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001084C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001084D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001084E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010850.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010852.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010853.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010856.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010857.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010859.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001085C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001085D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001085E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001085F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010860.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010861.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010862.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010863.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010864.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010865.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010866.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010867.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010868.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010869.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001086B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001086C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001086D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001086E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001086F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010871.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010879.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010883.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010889.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010890.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010893.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010894.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010895.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010896.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010897.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010898.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A0.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A1.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A3.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A5.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A7.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A8.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A9.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108AA.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108AC.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002005C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020066.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020069.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020071.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020072.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020073.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020074.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020075.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020076.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020077.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020079.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020085.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002008A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002009C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200A9.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200B2.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200B8.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200C0.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200C6.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200D8.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020109.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002010E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020115.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020121.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020129.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020132.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020185.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020239.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000202BA.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000202C4.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002030B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030001.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030005.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030007.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003000D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003000F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030011.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030013.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030017.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030019.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003001B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003001F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030023.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030025.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030027.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003003B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030041.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030045.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003004F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030059.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040015.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004001F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040022.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040024.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040028.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040029.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004002B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040036.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040039.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004003E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004003F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004004F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040052.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040059.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004005E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040062.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040063.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040064.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040065.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040068.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004006A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004006B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004006C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004006D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040073.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040082.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400A3.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400B5.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400B6.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400C6.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400D2.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050002.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050005.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060030.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006006A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006006B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006006E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060075.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060076.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060078.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006007A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006007C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006007D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060084.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060087.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006008F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006009E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000600DA.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000601A6.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000601C3.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000601C6.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060235.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050001.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050002.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat
    C:\Program Files\Macrogaming\SweetIM\resources\gdiplus.dll
    C:\Program Files\Macrogaming\SweetIM\resources\ImageOle.dll
    C:\Program Files\Macrogaming\SweetIM\update\lastversioninfo.xml
    C:\Program Files\Macrogaming
    C:\Program Files\Search Settings\kb127
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\Search Settings\kb127\res
    C:\Program Files\Search Settings\kb127\SearchSettings.dll
    C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
    C:\Program Files\Search Settings\kb127\temp
    C:\Program Files\Search Settings
    C:\WINDOWS\Installer\15759a.msi
    C:\WINDOWS\Installer\1e87a21.msi
    C:\WINDOWS\Installer\1e87a27.msi

    (!) -- Fichiers temporaires supprimés.

    .
    ============== Scan additionnel ==============
    .

    * Mozilla FireFox Version 3.0.12 *

    Nom du profil: fqaghp26.default (denis)
    .
    (Prefs.js) user_pref("browser.search.defaultenginename", "Google");
    (Prefs.js) user_pref("browser.search.selectedEngine", "Live Search");
    (Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
    (Prefs.js) user_pref("browser.startup.homepage", "hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:o fficial");
    (Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.12");
    .
    .

    * Internet Explorer Version 6.0.2900.5512 *

    [HKEY_CURRENT_USER\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchAssistant: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Search Page: hxxp://www.google.com
    Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...

    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchAssistant: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/

    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

    Tabs: res://ieframe.dll/tabswelcome.htm

    .
    ============== Processus Caches/Bloque ==============
    .
    PID: 1464 [LOCKED] vsmon.exe
    PID: 500 [LOCKED] zlclient.exe
    .

    ============== Suspect (Cracks, Serials ... ) ==============

    .
    C:\Documents and Settings\denis\Bureau\a trier bureau\ET_Patch_2_60.exe
    C:\Documents and Settings\denis\Bureau\a trier bureau\nerovision-express_patch_francais_3.1.0.25_francais_10914.exe
    C:\Documents and Settings\denis\Bureau\JEUX divers\Grid\#readme#\GRIDPatch2.exe
    C:\Documents and Settings\denis\Mes documents\Fichiers p2p\FILMS\GTR.2-RELOADED\Crack\GTR2 v1.1 no-cd.rar
    C:\Documents and Settings\denis\Mes documents\Fichiers p2p\FILMS\GTR.2-RELOADED\Crack\GTR2.exe
    C:\Documents and Settings\denis\Mes documents\Fichiers p2p\Lavalys.EVEREST.Ultimate.Edition.v4.60.1500.Multilingual.Incl.Keygen-BRD\brd.nfo
    C:\Documents and Settings\denis\Mes documents\Fichiers p2p\Lavalys.EVEREST.Ultimate.Edition.v4.60.1500.Multilingual.Incl.Keygen-BRD\Lavalys.EVEREST.Ultimate.Edition.v4.60.1500.Multilingual.Incl.Keygen-BRD.rar
    C:\Documents and Settings\denis\Mes documents\Fichiers p2p\Uniblue.DriverScanner 2009 2.0.0.47.Inc Keygen-lz0{DEMONOID}{JOHNCANADUDE}\driverscanner.exe
    C:\Documents and Settings\denis\Mes documents\Fichiers p2p\Uniblue.DriverScanner 2009 2.0.0.47.Inc Keygen-lz0{DEMONOID}{JOHNCANADUDE}\Un
    a c 333 8 Sécurité
    4 Août 2009 01:26:22

    Bien, désinstalle Ad-Remover.

  • Refais un scan RSIT et poste le rapport log.
    4 Août 2009 01:35:40

    voila :


    Logfile of random's system information tool 1.06 (written by random/random)
    Run by denis at 2009-08-04 01:33:18
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 6 GB (4%) free of 131 GB
    Total RAM: 1023 MB (52% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:33:19, on 04/08/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\denis\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\denis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKCU\..\Run: [E06FXLRD_92935046] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [symws] C:\WINDOWS\defragnt.exe
    O4 - HKLM\..\Policies\Explorer\Run: [Joomlab] C:\WINDOWS\defragnt.exe
    O4 - HKCU\..\Policies\Explorer\Run: [Joomlab] C:\WINDOWS\defragnt.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\denis\Application Data\Dealio\kb127\res\DealioSearch.html
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CS2\Services\Tcpip\..\{02FA14D5-68BF-4D7A-AF4A-98C27BBF4CF9}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS3\Services\Tcpip\..\{02FA14D5-68BF-4D7A-AF4A-98C27BBF4CF9}: NameServer = 192.168.1.1
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 7944 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\HPpromotions journeysoftware.job
    C:\WINDOWS\tasks\Microsoft_Hardware_Launch_LifeExp_exe.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{955BE0B8-BC85-4CAF-856E-8E0D8B610560}]
    BHO pour Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-04 228048]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {147D6308-0614-4112-89B1-31402F9B82C4} - Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-04 228048]


    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
    "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-12-13 919016]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-18 13574144]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
    "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "Joomlab"=C:\WINDOWS\defragnt.exe []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
    "MsgCenterExe"=C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe -osboot []
    "E06FXLRD_92935046"=C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "symws"=C:\WINDOWS\defragnt.exe []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "Joomlab"=C:\WINDOWS\defragnt.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
    C:\Program Files\Dealio\DealioAU.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_1024515]
    C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_34222078]
    C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_366718]
    C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_456015]
    C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_51534937]
    C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_6466781]
    -m []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_7249859]
    C:\Program Files\Microsoft Encarta\Microsoft Encarta Junior 2006\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_812437]
    C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HiYo]
    C:\Program Files\HiYo\bin\HiYo.exe [2009-01-11 300336]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-02-16 81920]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
    C:\Program Files\Microsoft LifeCam\LifeExp.exe [2008-08-04 160800]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    C:\DOCUME~1\denis\MENUDM~1\PROGRA~1\NEROBA~1\NBJ.exe [2005-06-02 1957888]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    C:\WINDOWS\system32\NvCpl.dll [2008-09-18 13574144]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    C:\WINDOWS\system32\NvMcTray.dll [2008-09-18 86016]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
    C:\WINDOWS\system32\nvraidservice.exe [2008-08-18 203296]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
    C:\Program Files\Search Settings\SearchSettings.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    C:\Program Files\Steam\Steam.exe [2008-10-08 1410296]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Store 'n' Go]
    C:\Documents and Settings\denis\Application Data\Verbatim Software\V-Key.exe [2005-11-29 2297856]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2005-10-27 139264]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    C:\Program Files\Unlocker\UnlockerAssistant.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
    C:\WINDOWS\vVX3000.exe [2008-08-04 721936]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
    C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-11-04 53248]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^denis^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
    C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-09-12 384000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-10-09 79408]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=149
    "EditLevel"=0
    "NoRun"=0
    "NoClose"=0
    "NoCommonGroups"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\CodeRED Alien Arena\crx.exe"="C:\CodeRED Alien Arena\crx.exe:*:D isabled:crx"
    "C:\nexuiz\nexuiz.exe"="C:\nexuiz\nexuiz.exe:*:Enabled:D arkPlaces Game Engine"
    "C:\Sauerbraten\sauerbraten\bin\sauerbraten.exe"="C:\Sauerbraten\sauerbraten\bin\sauerbraten.exe:*:Enabled:sauerbraten"
    "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
    "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
    "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
    "C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
    "C:\Program Files\Sierra\FEARCombat\fpupdate.exe"="C:\Program Files\Sierra\FEARCombat\fpupdate.exe:*:D isabled:fpupdate"
    "C:\Program Files\Sierra\FEARCombat\FEARMP.exe"="C:\Program Files\Sierra\FEARCombat\FEARMP.exe:*:Enabled:FEAR Combat"
    "C:\Program Files\GameSpy\Comrade\Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade"
    "C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
    "C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
    "C:\Program Files\Microsoft LifeCam\LifeEnC2.exe"="C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe"
    "C:\Program Files\Microsoft LifeCam\LifeTray.exe"="C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a26c6c7-c5f6-11dd-a8e5-00148524342d}]
    shell\AutoRun\command - I:\setupSNK.exe


    ======List of files/folders created in the last 1 months======

    2009-08-03 21:02:21 ----D---- C:\Program Files\Ad-remover
    2009-08-03 17:53:29 ----D---- C:\rsit
    2009-07-30 02:57:37 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
    2009-07-21 21:36:27 ----D---- C:\Program Files\QuickMediaConverter
    2009-07-21 00:27:49 ----A---- C:\version.txt
    2009-07-16 09:03:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
    2009-07-16 09:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
    2009-07-16 03:01:12 ----A---- C:\WINDOWS\imsins.BAK
    2009-07-16 03:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

    ======List of files/folders modified in the last 1 months======

    2009-08-04 01:32:09 ----D---- C:\Program Files\Mozilla Firefox
    2009-08-04 01:31:37 ----D---- C:\WINDOWS\Temp
    2009-08-04 01:13:18 ----SHD---- C:\WINDOWS\Installer
    2009-08-04 01:11:12 ----AD---- C:\Program Files
    2009-08-04 01:09:18 ----D---- C:\WINDOWS\Prefetch
    2009-08-03 23:22:22 ----D---- C:\WINDOWS\Internet Logs
    2009-08-03 23:04:41 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-08-03 23:04:18 ----ASH---- C:\boot.ini
    2009-08-03 23:04:18 ----A---- C:\WINDOWS\win.ini
    2009-08-03 23:04:18 ----A---- C:\WINDOWS\system.ini
    2009-08-03 20:29:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-08-03 20:29:19 ----D---- C:\WINDOWS\system32\drivers
    2009-08-03 15:19:02 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-08-03 15:18:21 ----D---- C:\WINDOWS
    2009-07-31 19:05:05 ----D---- C:\Program Files\Microsoft Silverlight
    2009-07-31 18:58:34 ----HD---- C:\Config.Msi
    2009-07-30 12:53:23 ----D---- C:\WINDOWS\system32
    2009-07-30 02:57:49 ----HD---- C:\WINDOWS\inf
    2009-07-30 02:57:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-07-30 02:56:53 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-07-29 11:57:33 ----HD---- C:\WINDOWS\$hf_mig$
    2009-07-22 23:55:13 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-07-22 15:13:54 ----D---- C:\Documents and Settings\denis\Application Data\AdobeUM
    2009-07-21 22:12:33 ----D---- C:\Documents and Settings\denis\Application Data\uTorrent
    2009-07-18 18:03:49 ----A---- C:\WINDOWS\system32\shdocvw.dll
    2009-07-18 18:03:49 ----A---- C:\WINDOWS\system32\mshtml.dll
    2009-07-16 09:30:48 ----D---- C:\WINDOWS\system32\LogFiles
    2009-07-16 09:02:58 ----D---- C:\WINDOWS\Debug
    2009-07-11 01:55:13 ----D---- C:\Documents and Settings\denis\Application Data\Vso
    2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 43008]
    R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
    R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-05 3968]
    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-27 75096]
    R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
    R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-10-02 5632]
    R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2007-12-13 394952]
    R2 irda;Protocole IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
    R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [1996-12-12 64512]
    R2 X4HSX32;X4HSX32; \??\C:\Program Files\Player Metaboli\X4HSX32.Sys []
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 irsir;Pilote série infrarouge Microsoft; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-18 6132576]
    R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
    R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
    R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-14 47360]
    R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
    R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
    R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2008-08-04 1964816]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2002-05-06 24511]
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
    S3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
    S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-24 12288]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-11-11 9856]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
    S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
    S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
    R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-10-09 312880]
    R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
    R2 Irmon;Moniteur infrarouge; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
    R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
    R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2008-08-04 164896]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-18 163908]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
    R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-10-12 66872]
    R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
    R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2007-12-13 75304]
    R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-10-25 72704]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
    S3 InstallShield Licensing Service;InstallShield Licensing Service; C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe [2006-02-28 69632]
    S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
    S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-12-19 195752]
    S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

    -----------------EOF-----------------


    a c 333 8 Sécurité
    4 Août 2009 03:01:52

  • Télécharge OTM (OldTimer) sur ton Bureau.
  • Double-clique sur OTM.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "Joomlab"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "symws"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "Joomlab"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]

    :files
    C:\Program Files\Dealio
    C:\Program Files\Search Settings

    :commands
    [purity]
    [emptytemp]
    [reboot]

  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTM.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    4 Août 2009 18:03:07

    salut destrio,

    Déjà je voudrais te dire un grand merci pour hier et ta rapidité de réponse.

    Ce matin le trojan a été repéré par anbtivir en voulant installé un fichier sur mon pc.

    J'ai remarqué aussi que j'ai loupé une étape hier lors de ton deuxième message, c'est celui d'effacer les fichiers "dealio" et "search settings".
    J'ai essayé mais pas moyen de les supprimer ca me dit que le composant se trouve sur une ressource réseau non disponible.

    Le chemin d'accés est : C:\DOCUME~1\denis\LOCALS~1\Temp\_isCA\


    Que dois je faire ?
    a c 333 8 Sécurité
    4 Août 2009 18:07:39

    Ce n'est pas grave, fais la procédure avec OTM ;) 
    4 Août 2009 18:20:22

    voila le rapport OTM :



    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\Joomlab deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\symws deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\Joomlab deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings\ deleted successfully.
    ========== FILES ==========
    File/Folder C:\Program Files\Dealio not found.
    File/Folder C:\Program Files\Search Settings not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Chez Luluce

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 4538861 bytes

    User: denis
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 999424 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 53379406 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 2791940 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 28406230 bytes

    C:\NV31883724.TMP folder deleted successfully.
    %systemdrive% .tmp files removed: 1908736 bytes
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    %systemroot% .tmp files removed: 1258087 bytes
    %systemroot%\System32 .tmp files removed: 7803180 bytes
    File delete failed. C:\WINDOWS\temp\ZLT016a0.TMP scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\ZLT016a3.TMP scheduled to be deleted on reboot.
    Windows Temp folder emptied: 512 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 96,40 mb


    OTM by OldTimer - Version 3.0.0.5 log created on 08042009_181110

    Files moved on Reboot...
    File C:\WINDOWS\temp\ZLT016a0.TMP not found!
    File C:\WINDOWS\temp\ZLT016a3.TMP not found!

    Registry entries deleted on Reboot...
    a c 333 8 Sécurité
    4 Août 2009 18:43:39

  • Double-clique sur l'icône d'AntiVir (Parapluie) dans la barre des tâches.
  • Dans AntiVir, choisis Outils puis Configuration.
  • Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.
  • Fais un scan complet, clique sur Tout réparer si AntiVir trouve quelque chose et poste le rapport.

    Tutoriel : Scanner le(s) disque(s) dur(s)
    4 Août 2009 23:43:33

    voila le rapport (il m'a détecté un Dldr.WMA.wima.27) que j'ai mis en quarantaine car non réparable (grisé) :


    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\Joomlab deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\symws deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\Joomlab deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings\ deleted successfully.
    ========== FILES ==========
    File/Folder C:\Program Files\Dealio not found.
    File/Folder C:\Program Files\Search Settings not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Chez Luluce

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 4538861 bytes

    User: denis
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 999424 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 53379406 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 2791940 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 28406230 bytes

    C:\NV31883724.TMP folder deleted successfully.
    %systemdrive% .tmp files removed: 1908736 bytes
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    %systemroot% .tmp files removed: 1258087 bytes
    %systemroot%\System32 .tmp files removed: 7803180 bytes
    File delete failed. C:\WINDOWS\temp\ZLT016a0.TMP scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\ZLT016a3.TMP scheduled to be deleted on reboot.
    Windows Temp folder emptied: 512 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 96,40 mb


    OTM by OldTimer - Version 3.0.0.5 log created on 08042009_181110

    Files moved on Reboot...
    File C:\WINDOWS\temp\ZLT016a0.TMP not found!
    File C:\WINDOWS\temp\ZLT016a3.TMP not found!

    Registry entries deleted on Reboot...
    a c 333 8 Sécurité
    4 Août 2009 23:59:39

    Pourquoi m'as-tu reposté le rapport OTM ?
    5 Août 2009 01:24:05

    désolé j'ai pas fais gaffe voila :


    Avira AntiVir Personal
    Report file date: mardi 4 août 2009 19:26

    Scanning for 1586197 virus strains and unwanted programs.

    Licensed to: Avira AntiVir Personal - FREE Antivirus
    Serial number: 0000149996-ADJIE-0000001
    Platform: Windows XP
    Windows version: (Service Pack 3) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: DENIS-QIOX3BIL7

    Version information:
    BUILD.DAT : 8.2.0.353 17048 Bytes 15/05/2009 12:02:00
    AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 14:51:00
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 22:12:46
    ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 10:25:05
    ANTIVIR2.VDF : 7.1.4.253 1779200 Bytes 19/07/2009 11:14:01
    ANTIVIR3.VDF : 7.1.5.58 466432 Bytes 02/08/2009 19:01:55
    Engineversion : 8.2.0.238
    AEVDF.DLL : 8.1.1.1 106868 Bytes 01/05/2009 15:39:06
    AESCRIPT.DLL : 8.1.2.22 450938 Bytes 30/07/2009 21:13:06
    AESCN.DLL : 8.1.2.4 127348 Bytes 23/07/2009 11:14:00
    AERDL.DLL : 8.1.2.4 430452 Bytes 15/07/2009 10:55:29
    AEPACK.DLL : 8.1.3.18 401783 Bytes 27/05/2009 17:49:01
    AEOFFICE.DLL : 8.1.0.38 196987 Bytes 17/06/2009 18:23:43
    AEHEUR.DLL : 8.1.0.147 1884536 Bytes 28/07/2009 21:12:58
    AEHELP.DLL : 8.1.5.3 233846 Bytes 23/07/2009 11:13:59
    AEGEN.DLL : 8.1.1.53 356724 Bytes 02/08/2009 19:01:56
    AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 15:29:03
    AECORE.DLL : 8.1.7.6 184694 Bytes 23/07/2009 11:13:58
    AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 15:29:02
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.3 155688 Bytes 20/04/2009 17:49:52
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: on
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mardi 4 août 2009 19:26

    Starting search for hidden objects.
    '86980' objects were checked, '0' hidden objects were found.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'EDICT.EXE' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'soundman.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'zlclient.exe' - '0' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'notepad.exe' - '1' Module(s) have been scanned
    Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
    Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
    Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
    Scan process 'mdm.exe' - '1' Module(s) have been scanned
    Scan process 'jqs.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'vsmon.exe' - '0' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    41 processes with 41 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '46' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\denis\Mes documents\Mes fichiers reçus\prendre un enfant par la main.wma
    [DETECTION] Is the TR/Dldr.WMA.Wima.27 Trojan
    [NOTE] The file was moved to '4add7d2d.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!


    End of the scan: mardi 4 août 2009 21:38
    Used time: 2:12:12 Hour(s)

    The scan has been done completely.

    16737 Scanning directories
    678352 Files were scanned
    1 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    1 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    678349 Files not concerned
    4793 Archives were scanned
    6 Warnings
    1 Notes
    86980 Objects were scanned with rootkit scan
    0 Hidden objects were found

    7 Août 2009 16:47:50

    salut Destrio,

    Je t'envoie le rapport avec la nouvelle version antivir française :


    Avira AntiVir Personal
    Date de création du fichier de rapport : vendredi 7 août 2009 15:09

    La recherche porte sur 1618172 souches de virus.

    Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
    Numéro de série : 0000149996-ADJIE-0000001
    Plateforme : Windows XP
    Version de Windows : (Service Pack 3) [5.1.2600]
    Mode Boot : Démarré normalement
    Identifiant : SYSTEM
    Nom de l'ordinateur : DENIS-QIOX3BIL7

    Informations de version :
    BUILD.DAT : 9.0.0.66 17958 Bytes 17/06/2009 14:44:00
    AVSCAN.EXE : 9.0.3.6 466689 Bytes 17/06/2009 12:43:57
    AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
    LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
    LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
    ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 12:44:05
    ANTIVIR2.VDF : 7.1.5.60 2235904 Bytes 03/08/2009 12:45:06
    ANTIVIR3.VDF : 7.1.5.84 436224 Bytes 07/08/2009 12:45:17
    Version du moteur : 8.2.0.246
    AEVDF.DLL : 8.1.1.1 106868 Bytes 30/04/2009 10:52:04
    AESCRIPT.DLL : 8.1.2.23 455033 Bytes 07/08/2009 12:46:02
    AESCN.DLL : 8.1.2.4 127348 Bytes 07/08/2009 12:45:59
    AERDL.DLL : 8.1.2.4 430452 Bytes 07/08/2009 12:45:56
    AEPACK.DLL : 8.1.3.18 401783 Bytes 27/05/2009 15:07:20
    AEOFFICE.DLL : 8.1.0.38 196987 Bytes 07/08/2009 12:45:49
    AEHEUR.DLL : 8.1.0.153 1917303 Bytes 07/08/2009 12:45:46
    AEHELP.DLL : 8.1.5.3 233846 Bytes 07/08/2009 12:45:25
    AEGEN.DLL : 8.1.1.55 356723 Bytes 07/08/2009 12:45:23
    AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
    AECORE.DLL : 8.1.7.6 184694 Bytes 07/08/2009 12:45:20
    AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
    AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
    AVPREF.DLL : 9.0.0.1 43777 Bytes 03/12/2008 10:39:26
    AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
    AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42
    AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
    AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
    SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
    SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
    NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59
    RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17/06/2009 12:44:26
    RCTEXT.DLL : 9.0.37.0 88321 Bytes 15/04/2009 09:07:05

    Configuration pour la recherche actuelle :
    Nom de la tâche...............................: Contrôle intégral du système
    Fichier de configuration......................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
    Documentation.................................: bas
    Action principale.............................: interactif
    Action secondaire.............................: ignorer
    Recherche sur les secteurs d'amorçage maître..: marche
    Recherche sur les secteurs d'amorçage.........: marche
    Secteurs d'amorçage...........................: C:,
    Recherche dans les programmes actifs..........: marche
    Recherche en cours sur l'enregistrement.......: marche
    Recherche de Rootkits.........................: marche
    Contrôle d'intégrité de fichiers système......: arrêt
    Fichier mode de recherche.....................: Tous les fichiers
    Recherche sur les archives....................: marche
    Limiter la profondeur de récursivité..........: 20
    Archive Smart Extensions......................: marche
    Heuristique de macrovirus.....................: marche
    Heuristique fichier...........................: moyen
    Catégories de dangers divergentes.............: +PCK,+SPR,

    Début de la recherche : vendredi 7 août 2009 15:09

    La recherche d'objets cachés commence.
    '79066' objets ont été contrôlés, '0' objets cachés ont été trouvés.

    La recherche sur les processus démarrés commence :
    Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'CALMAIN.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'StarWindServiceAE.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'PnkBstrA.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'HPZipm12.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'nvsvc32.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'MSCamS32.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'mdm.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'guard.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'EDICT.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'soundman.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'zlclient.exe' - '0' module(s) sont contrôlés
    Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'vsmon.exe' - '0' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
    '38' processus ont été contrôlés avec '38' modules

    La recherche sur les secteurs d'amorçage maître commence :
    Secteur d'amorçage maître HD0
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage maître HD1
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage maître HD2
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage maître HD3
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage maître HD4
    [INFO] Aucun virus trouvé !

    La recherche sur les secteurs d'amorçage commence :
    Secteur d'amorçage 'C:\'
    [INFO] Aucun virus trouvé !

    La recherche sur les renvois aux fichiers exécutables (registre) commence :
    Le registre a été contrôlé ( '46' fichiers).


    La recherche sur les fichiers sélectionnés commence :

    Recherche débutant dans 'C:\'
    C:\pagefile.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    [REMARQUE] Ce fichier est un fichier système Windows.
    [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
    C:\Documents and Settings\denis\Bureau\suppression spywares\clean\clean.zip
    [0] Type d'archive: ZIP
    --> clean/pskill.exe
    [1] Type d'archive: RSRC
    --> Object
    [RESULTAT] Contient le modèle de détection du programme SPR/Remote.CR
    C:\Documents and Settings\denis\Bureau\suppression spywares\clean\pskill.exe
    [0] Type d'archive: RSRC
    --> Object
    [RESULTAT] Contient le modèle de détection du programme SPR/Remote.CR
    C:\Program Files\IfoEdit\IfoEdit_0.971_Fr.exe
    [RESULTAT] Contient le modèle de détection du logiciel espion ou publicitaire ADSPY/Rabio.ES
    C:\WINDOWS\system32\drivers\sptd.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !

    Début de la désinfection :
    C:\Documents and Settings\denis\Bureau\suppression spywares\clean\clean.zip
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4ae13cb9.qua' !
    C:\Documents and Settings\denis\Bureau\suppression spywares\clean\pskill.exe
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4ae73cc1.qua' !
    C:\Program Files\IfoEdit\IfoEdit_0.971_Fr.exe
    [RESULTAT] Contient le modèle de détection du logiciel espion ou publicitaire ADSPY/Rabio.ES
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4aeb3cb4.qua' !


    Fin de la recherche : vendredi 7 août 2009 16:38
    Temps nécessaire: 1:28:24 Heure(s)

    La recherche a été effectuée intégralement

    16919 Les répertoires ont été contrôlés
    682856 Des fichiers ont été contrôlés
    3 Des virus ou programmes indésirables ont été trouvés
    0 Des fichiers ont été classés comme suspects
    0 Des fichiers ont été supprimés
    0 Des virus ou programmes indésirables ont été réparés
    3 Les fichiers ont été déplacés dans la quarantaine
    0 Les fichiers ont été renommés
    2 Impossible de contrôler des fichiers
    682851 Fichiers non infectés
    4809 Les archives ont été contrôlées
    2 Avertissements
    4 Consignes
    79066 Des objets ont été contrôlés lors du Rootkitscan
    0 Des objets cachés ont été trouvés

    a c 333 8 Sécurité
    7 Août 2009 17:16:37

  • Désinstalle les programmes suivants :
    - J2SE Runtime Environment 5.0 Update 11
    - J2SE Runtime Environment 5.0 Update 9
    - Java 2 Runtime Environment, SE v1.4.2_05
    - Java 6 Update 13
    - Java 6 Update 2
    - Java 6 Update 3
    - Java 6 Update 5
    - Java 6 Update 7
    - Java SE Runtime Environment 6 Update 1

  • Mets à jour Java.

  • Mets à jour Adobe Reader.

  • Mets à jour Internet Explorer.

  • Refais un scan RSIT et poste le rapport log.
    7 Août 2009 20:03:50

    voila le rapport log :


    Logfile of random's system information tool 1.06 (written by random/random)
    Run by denis at 2009-08-07 20:00:31
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 6 GB (5%) free of 131 GB
    Total RAM: 1023 MB (46% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:00:36, on 07/08/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\denis\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\denis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKCU\..\Run: [E06FXLRD_92935046] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\denis\Application Data\Dealio\kb127\res\DealioSearch.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CS2\Services\Tcpip\..\{02FA14D5-68BF-4D7A-AF4A-98C27BBF4CF9}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS3\Services\Tcpip\..\{02FA14D5-68BF-4D7A-AF4A-98C27BBF4CF9}: NameServer = 192.168.1.1
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 8515 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\HPpromotions journeysoftware.job
    C:\WINDOWS\tasks\Microsoft_Hardware_Launch_LifeExp_exe.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-07-25 321312]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{955BE0B8-BC85-4CAF-856E-8E0D8B610560}]
    BHO pour Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-04 228048]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {147D6308-0614-4112-89B1-31402F9B82C4} - Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-04 228048]


    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-12-13 919016]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-18 13574144]
    "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
    "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
    "MsgCenterExe"=C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe -osboot []
    "E06FXLRD_92935046"=C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_1024515]
    C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_34222078]
    C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_366718]
    C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_456015]
    C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_51534937]
    C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_6466781]
    -m []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_7249859]
    C:\Program Files\Microsoft Encarta\Microsoft Encarta Junior 2006\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FXLRD_812437]
    C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HiYo]
    C:\Program Files\HiYo\bin\HiYo.exe [2009-01-11 300336]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-02-16 81920]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
    C:\Program Files\Microsoft LifeCam\LifeExp.exe [2008-08-04 160800]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    C:\DOCUME~1\denis\MENUDM~1\PROGRA~1\NEROBA~1\NBJ.exe [2005-06-02 1957888]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    C:\WINDOWS\system32\NvCpl.dll [2008-09-18 13574144]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    C:\WINDOWS\system32\NvMcTray.dll [2008-09-18 86016]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
    C:\WINDOWS\system32\nvraidservice.exe [2008-08-18 203296]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    C:\Program Files\Steam\Steam.exe [2008-10-08 1410296]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Store 'n' Go]
    C:\Documents and Settings\denis\Application Data\Verbatim Software\V-Key.exe [2005-11-29 2297856]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2005-10-27 139264]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    C:\Program Files\Unlocker\UnlockerAssistant.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
    C:\WINDOWS\vVX3000.exe [2008-08-04 721936]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
    C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-11-04 53248]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^denis^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
    C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-09-12 384000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-10-09 79408]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=149
    "EditLevel"=0
    "NoRun"=0
    "NoClose"=0
    "NoCommonGroups"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\CodeRED Alien Arena\crx.exe"="C:\CodeRED Alien Arena\crx.exe:*:D isabled:crx"
    "C:\nexuiz\nexuiz.exe"="C:\nexuiz\nexuiz.exe:*:Enabled:D arkPlaces Game Engine"
    "C:\Sauerbraten\sauerbraten\bin\sauerbraten.exe"="C:\Sauerbraten\sauerbraten\bin\sauerbraten.exe:*:Enabled:sauerbraten"
    "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
    "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
    "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
    "C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
    "C:\Program Files\Sierra\FEARCombat\fpupdate.exe"="C:\Program Files\Sierra\FEARCombat\fpupdate.exe:*:D isabled:fpupdate"
    "C:\Program Files\Sierra\FEARCombat\FEARMP.exe"="C:\Program Files\Sierra\FEARCombat\FEARMP.exe:*:Enabled:FEAR Combat"
    "C:\Program Files\GameSpy\Comrade\Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade"
    "C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
    "C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
    "C:\Program Files\Microsoft LifeCam\LifeEnC2.exe"="C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe"
    "C:\Program Files\Microsoft LifeCam\LifeTray.exe"="C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a26c6c7-c5f6-11dd-a8e5-00148524342d}]
    shell\AutoRun\command - I:\setupSNK.exe


    ======List of files/folders created in the last 1 months======

    2009-08-07 19:54:00 ----D---- C:\WINDOWS\ie8updates
    2009-08-07 19:52:51 ----A---- C:\WINDOWS\imsins.BAK
    2009-08-07 19:50:35 ----HDC---- C:\WINDOWS\ie8
    2009-08-07 14:33:29 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
    2009-08-06 12:42:49 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-08-06 12:42:49 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-08-06 12:42:49 ----A---- C:\WINDOWS\system32\java.exe
    2009-08-04 18:11:10 ----D---- C:\_OTM
    2009-08-03 21:02:21 ----D---- C:\Program Files\Ad-remover
    2009-08-03 17:53:29 ----D---- C:\rsit
    2009-07-30 02:57:37 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
    2009-07-21 21:36:27 ----D---- C:\Program Files\QuickMediaConverter
    2009-07-21 00:27:49 ----A---- C:\version.txt
    2009-07-16 09:03:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
    2009-07-16 09:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
    2009-07-16 03:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

    ======List of files/folders modified in the last 1 months======

    2009-08-07 20:00:37 ----D---- C:\WINDOWS\Prefetch
    2009-08-07 20:00:23 ----D---- C:\WINDOWS\Internet Logs
    2009-08-07 19:58:58 ----D---- C:\Program Files\Mozilla Firefox
    2009-08-07 19:57:08 ----D---- C:\WINDOWS\Temp
    2009-08-07 19:57:06 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-08-07 19:56:57 ----D---- C:\WINDOWS
    2009-08-07 19:56:53 ----D---- C:\WINDOWS\system32
    2009-08-07 19:56:02 ----D---- C:\WINDOWS\system32\fr-fr
    2009-08-07 19:56:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-08-07 19:56:01 ----D---- C:\WINDOWS\Help
    2009-08-07 19:56:01 ----D---- C:\Program Files\Internet Explorer
    2009-08-07 19:55:12 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-08-07 19:54:32 ----HD---- C:\WINDOWS\inf
    2009-08-07 19:54:13 ----HD---- C:\WINDOWS\$hf_mig$
    2009-08-07 19:52:43 ----D---- C:\WINDOWS\WBEM
    2009-08-07 19:52:36 ----D---- C:\WINDOWS\Media
    2009-08-07 19:49:00 ----D---- C:\WINDOWS\Debug
    2009-08-07 19:41:14 ----SHD---- C:\WINDOWS\Installer
    2009-08-07 19:39:12 ----HD---- C:\Config.Msi
    2009-08-07 19:39:12 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2009-08-07 19:38:50 ----D---- C:\Program Files\Fichiers communs\Adobe
    2009-08-07 19:38:35 ----D---- C:\Program Files\Adobe
    2009-08-07 18:35:28 ----D---- C:\Program Files\Java
    2009-08-07 18:35:27 ----D---- C:\Program Files\Fichiers communs
    2009-08-07 16:38:37 ----D---- C:\Documents and Settings\denis\Application Data\AdobeUM
    2009-08-07 16:38:07 ----D---- C:\Program Files\IfoEdit
    2009-08-07 14:33:38 ----D---- C:\WINDOWS\system32\drivers
    2009-08-07 14:33:29 ----D---- C:\Program Files\Avira
    2009-08-07 14:31:59 ----D---- C:\WINDOWS\WinSxS
    2009-08-07 14:31:59 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
    2009-08-06 15:33:31 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-08-04 18:12:37 ----D---- C:\WINDOWS\system32\LogFiles
    2009-08-04 01:11:12 ----AD---- C:\Program Files
    2009-08-03 23:04:18 ----ASH---- C:\boot.ini
    2009-08-03 23:04:18 ----A---- C:\WINDOWS\win.ini
    2009-08-03 23:04:18 ----A---- C:\WINDOWS\system.ini
    2009-08-03 20:29:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-08-03 15:19:02 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-07-31 19:05:05 ----D---- C:\Program Files\Microsoft Silverlight
    2009-07-25 05:23:00 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-07-21 22:12:33 ----D---- C:\Documents and Settings\denis\Application Data\uTorrent
    2009-07-19 18:45:00 ----A---- C:\WINDOWS\system32\ieframe.dll
    2009-07-19 15:15:02 ----A---- C:\WINDOWS\system32\mshtml.dll
    2009-07-18 18:03:49 ----A---- C:\WINDOWS\system32\shdocvw.dll
    2009-07-11 01:55:13 ----D---- C:\Documents and Settings\denis\Application Data\Vso

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 43008]
    R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
    R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-05 3968]
    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
    R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
    R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-10-02 5632]
    R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2007-12-13 394952]
    R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
    R2 irda;Protocole IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
    R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [1996-12-12 64512]
    R2 X4HSX32;X4HSX32; \??\C:\Program Files\Player Metaboli\X4HSX32.Sys []
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
    R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
    R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
    R3 irsir;Pilote série infrarouge Microsoft; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-18 6132576]
    R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
    R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
    R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-14 47360]
    R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
    R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
    R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2008-08-04 1964816]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2002-05-06 24511]
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
    S3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
    S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-24 12288]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-11-11 9856]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
    S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
    S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
    R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
    R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-10-09 312880]
    R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
    R2 Irmon;Moniteur infrarouge; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
    R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
    R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2008-08-04 164896]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-18 163908]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
    R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-10-12 66872]
    R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
    R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2007-12-13 75304]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-10-25 72704]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
    S3 InstallShield Licensing Service;InstallShield Licensing Service; C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe [2006-02-28 69632]
    S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
    S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-12-19 195752]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

    -----------------EOF-----------------
    a c 333 8 Sécurité
    7 Août 2009 20:17:30

    Plus de souci ?
    7 Août 2009 20:38:54

    Je suis encore actuellement infecté mon antivirus Antivir me détecte un :

    ADSPY/Rabio.ES
    a c 333 8 Sécurité
    7 Août 2009 20:42:12

    A quel endroit se trouve l'infection ?
    7 Août 2009 20:53:53

    dans le rapport j'ai trouvé ces lignes :

    C:\Program Files\IfoEdit\IfoEdit_0.971_Fr.exe
    [RESULTAT] Contient le modèle de détection du logiciel espion ou publicitaire ADSPY/Rabio.ES
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4aeb3cb4.qua' !

    a c 333 8 Sécurité
    7 Août 2009 20:56:19

    Oui mais c'est en quarantaine maintenant.
    7 Août 2009 21:05:24

    oui c vrai c'est qu'il me la détecté deux fois mais apparemment c'est pas le même :

    premier Adware :

    'C:\System Volume Information\_restore{CBCDB27E-2EC5-48C8-864C-43C44EED9EE9}\RP621\A0157770.exe'



    et le deuxième :

    'C:\System Volume Information\_restore{CBCDB27E-2EC5-48C8-864C-43C44EED9EE9}\RP621\A0157771.exe'

    je pense qu'il va peut être m'en trouver d'autres je suppose ?
    a c 333 8 Sécurité
    7 Août 2009 23:55:50

    1/

  • Désinstalle HijackThis.

  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


    2/

  • Télécharge et installe CCleaner Slim.
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyser. Une fois terminé, lance le nettoyage.


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


    ==Prévention==

    Pour supprimer les popups d'AntiVir : Lien

    Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

    Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, onglet Mises à jour automatiques).

    Par rapport au P2P : Lien

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    --> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Ajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    Sois plus vigilant(e) sur Internet ;) 
    8 Août 2009 11:02:02

    salut Destrio,

    je te poste le rapport toolscleaner et celui d'antivir apparemment ça n'a pas l'air trop mal.


    [ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ]

    --> Recherche:

    C:\TB.txt: trouvé !
    C:\_OTM: trouvé !
    C:\Toolbar SD: trouvé !
    C:\Rsit: trouvé !
    C:\Documents and Settings\denis\Bureau\OTM.exe: trouvé !
    C:\Documents and Settings\denis\Bureau\Rsit.exe: trouvé !
    C:\Documents and Settings\denis\Bureau\JEUX divers\hijackthis.log: trouvé !
    C:\Documents and Settings\denis\Bureau\suppression spywares\Dss.exe: trouvé !
    C:\Documents and Settings\denis\Bureau\suppression spywares\ToolBarSD.exe: trouvé !
    C:\Documents and Settings\denis\Bureau\suppression spywares\TB.txt: trouvé !
    C:\Documents and Settings\denis\Bureau\suppression spywares\navilog\Navilog1.bat: trouvé !
    C:\Program Files\Btfix: trouvé !
    C:\Program Files\Ad-remover: trouvé !
    C:\Program Files\BTFix\BTFix.txt: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HJTInstall.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

    ---------------------------------
    --> Suppression:

    C:\Documents and Settings\denis\Bureau\OTM.exe: supprimé !
    C:\Documents and Settings\denis\Bureau\suppression spywares\Dss.exe: supprimé !
    C:\Documents and Settings\denis\Bureau\suppression spywares\ToolBarSD.exe: supprimé !
    C:\Documents and Settings\denis\Bureau\suppression spywares\navilog\Navilog1.bat: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HJTInstall.exe: supprimé !
    C:\TB.txt: supprimé !
    C:\Documents and Settings\denis\Bureau\Rsit.exe: supprimé !
    C:\Documents and Settings\denis\Bureau\JEUX divers\hijackthis.log: supprimé !
    C:\Documents and Settings\denis\Bureau\suppression spywares\TB.txt: supprimé !
    C:\Program Files\BTFix\BTFix.txt: supprimé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
    C:\_OTM: supprimé !
    C:\Toolbar SD: supprimé !
    C:\Rsit: supprimé !
    C:\Program Files\Btfix: supprimé !
    C:\Program Files\Ad-remover: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !

    Corbeille vidée!
    Fichiers temporaires nettoyés !






    Avira AntiVir Personal
    Date de création du fichier de rapport : samedi 8 août 2009 02:21

    La recherche porte sur 1618172 souches de virus.

    Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
    Numéro de série : 0000149996-ADJIE-0000001
    Plateforme : Windows XP
    Version de Windows : (Service Pack 3) [5.1.2600]
    Mode Boot : Démarré normalement
    Identifiant : SYSTEM
    Nom de l'ordinateur : DENIS-QIOX3BIL7

    Informations de version :
    BUILD.DAT : 9.0.0.66 17958 Bytes 17/06/2009 14:44:00
    AVSCAN.EXE : 9.0.3.6 466689 Bytes 17/06/2009 12:43:57
    AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
    LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
    LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
    ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 12:44:05
    ANTIVIR2.VDF : 7.1.5.60 2235904 Bytes 03/08/2009 12:45:06
    ANTIVIR3.VDF : 7.1.5.84 436224 Bytes 07/08/2009 12:45:17
    Version du moteur : 8.2.0.246
    AEVDF.DLL : 8.1.1.1 106868 Bytes 30/04/2009 10:52:04
    AESCRIPT.DLL : 8.1.2.23 455033 Bytes 07/08/2009 12:46:02
    AESCN.DLL : 8.1.2.4 127348 Bytes 07/08/2009 12:45:59
    AERDL.DLL : 8.1.2.4 430452 Bytes 07/08/2009 12:45:56
    AEPACK.DLL : 8.1.3.18 401783 Bytes 27/05/2009 15:07:20
    AEOFFICE.DLL : 8.1.0.38 196987 Bytes 07/08/2009 12:45:49
    AEHEUR.DLL : 8.1.0.153 1917303 Bytes 07/08/2009 12:45:46
    AEHELP.DLL : 8.1.5.3 233846 Bytes 07/08/2009 12:45:25
    AEGEN.DLL : 8.1.1.55 356723 Bytes 07/08/2009 12:45:23
    AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
    AECORE.DLL : 8.1.7.6 184694 Bytes 07/08/2009 12:45:20
    AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
    AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
    AVPREF.DLL : 9.0.0.1 43777 Bytes 03/12/2008 10:39:26
    AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
    AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42
    AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
    AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
    SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
    SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
    NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59
    RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17/06/2009 12:44:26
    RCTEXT.DLL : 9.0.37.0 88321 Bytes 15/04/2009 09:07:05

    Configuration pour la recherche actuelle :
    Nom de la tâche...............................: Contrôle intégral du système
    Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp
    Documentation.................................: bas
    Action principale.............................: interactif
    Action secondaire.............................: ignorer
    Recherche sur les secteurs d'amorçage maître..: marche
    Recherche sur les secteurs d'amorçage.........: marche
    Secteurs d'amorçage...........................: C:,
    Recherche dans les programmes actifs..........: marche
    Recherche en cours sur l'enregistrement.......: marche
    Recherche de Rootkits.........................: marche
    Contrôle d'intégrité de fichiers système......: arrêt
    Fichier mode de recherche.....................: Tous les fichiers
    Recherche sur les archives....................: marche
    Limiter la profondeur de récursivité..........: 20
    Archive Smart Extensions......................: marche
    Heuristique de macrovirus.....................: marche
    Heuristique fichier...........................: moyen
    Catégories de dangers divergentes.............: +PCK,+SPR,

    Début de la recherche : samedi 8 août 2009 02:21

    La recherche d'objets cachés commence.
    '79223' objets ont été contrôlés, '0' objets cachés ont été trouvés.

    La recherche sur les processus démarrés commence :
    Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'wmiprvse.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'CALMAIN.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'StarWindServiceAE.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'PnkBstrA.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'HPZipm12.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'nvsvc32.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'MSCamS32.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'mdm.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'guard.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'EDICT.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'reader_sl.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'soundman.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'zlclient.exe' - '0' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'vsmon.exe' - '0' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
    '39' processus ont été contrôlés avec '39' modules

    La recherche sur les secteurs d'amorçage maître commence :
    Secteur d'amorçage maître HD0
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage maître HD1
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage maître HD2
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage maître HD3
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage maître HD4
    [INFO] Aucun virus trouvé !

    La recherche sur les secteurs d'amorçage commence :
    Secteur d'amorçage 'C:\'
    [INFO] Aucun virus trouvé !

    La recherche sur les renvois aux fichiers exécutables (registre) commence :
    Le registre a été contrôlé ( '48' fichiers).


    La recherche sur les fichiers sélectionnés commence :

    Recherche débutant dans 'C:\'
    C:\pagefile.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    [REMARQUE] Ce fichier est un fichier système Windows.
    [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
    C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    C:\WINDOWS\system32\drivers\sptd.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !


    Fin de la recherche : samedi 8 août 2009 03:38
    Temps nécessaire: 1:17:32 Heure(s)

    La recherche a été effectuée intégralement

    16174 Les répertoires ont été contrôlés
    514471 Des fichiers ont été contrôlés
    0 Des virus ou programmes indésirables ont été trouvés
    0 Des fichiers ont été classés comme suspects
    0 Des fichiers ont été supprimés
    0 Des virus ou programmes indésirables ont été réparés
    0 Les fichiers ont été déplacés dans la quarantaine
    0 Les fichiers ont été renommés
    3 Impossible de contrôler des fichiers
    514468 Fichiers non infectés
    4196 Les archives ont été contrôlées
    3 Avertissements
    1 Consignes
    79223 Des objets ont été contrôlés lors du Rootkitscan
    0 Des objets cachés ont été trouvés



    a c 333 8 Sécurité
    8 Août 2009 16:33:02

    Tu peux supprimer ToolsCleaner.
    8 Août 2009 20:04:33

    ok c'est fait,

    je te remercie Destrio pour ton aide à mon pb, et la rapidité pour tes réponses à mes questions.

    a c 333 8 Sécurité
    8 Août 2009 20:13:11

    Bonne soirée ;) 
    8 Août 2009 20:17:21

    Bonne soirée a toi ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS