Votre question

Pc infecté par Win32:Agent-FJO [Trj]

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
5 Avril 2009 13:07:49

Bonjour
je suis infecté par le cheval de troie suivant :
Win32:Agent-FJO [Trj]
Et je n'arrive pas à le supprimer avec avast.
J'ai effectué un scan hijackthis mais j'ai maintenant besoin de votre aide, voici le log:
Logfile of HijackThis v1.99.1
Scan saved at 07:04:50, on 03/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Updater (mmupdate) - Unknown owner - C:\WINDOWS\TEMP\9.tmp".exe (file missing)

Merci d'avance

Autres pages sur : infecte win32 agent fjo trj

a c 296 8 Sécurité
a b 9 Windows
5 Avril 2009 13:12:24

Salut,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    5 Avril 2009 13:23:09

    J'ai bien téléchargé RSIT mais quand je veus le lancer j'ai un message d'erreur: Line -1 Error: Variable used without being declared.
    Merci d'avoir répondu aussi vite
    Je ne sais pas si tu peus m'aider d'avantage??
    Contenus similaires
    a c 296 8 Sécurité
    a b 9 Windows
    5 Avril 2009 13:25:16

  • Télécharge OTViewIt sur ton Bureau.
  • Ferme toutes les fenêtres et applications.
  • Double-clique sur l'icône d'OTviewIT pour le lancer.
  • Clique sur le bouton Run Scan et laisse le programme travailler sans l'interrompre.
  • Il va produire deux rapports, l'un nommé OTViewIt.txt, et un autre nommé Extras qui sera sauvegardé sur ton Bureau. Merci de me poster les deux rapports dans ta prochaine réponse.
    5 Avril 2009 13:31:31

    J'ai oublié de dire que ça faisait plus d'un an que j'avais attrapé ce virus!!!
    RSIT liste les fichier récement installé (3 mois maxi) c'est peu être ça le problème??
    a c 296 8 Sécurité
    a b 9 Windows
    5 Avril 2009 13:39:47

    Non.
    5 Avril 2009 13:40:26

    Voici les rapports:
    _OTViewIt.txt:

    OTViewIt logfile created on: 03/03/2009 07:38:53 - Run 3
    OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Propriétaire\Bureau
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    510,48 Mb Total Physical Memory | 238,72 Mb Available Physical Memory | 46,76% Memory free
    1,22 Gb Paging File | 0,85 Gb Available in Paging File | 69,72% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74,52 Gb Total Space | 66,18 Gb Free Space | 88,81% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: HP
    Current User Name: Propriétaire
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Whitelist: On
    File Age = All Days

    ========== Processes ==========

    [2006/07/25 21:44:12 | 00,401,408 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
    [2006/07/25 21:44:12 | 00,401,408 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
    [2007/01/15 18:18:23 | 00,059,008 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    [2006/09/28 15:13:20 | 00,204,800 | ---- | M] (Anti-Malware Development a.s.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    [2006/10/26 13:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
    [2005/06/06 23:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    [2004/08/19 16:10:04 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
    [2006/07/29 19:34:08 | 05,354,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe
    [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/19 16:09:56 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
    [2009/03/03 07:36:17 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Propriétaire\Bureau\OTViewIt.exe

    ========== (O23) Win32 Services ==========

    [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
    [2007/01/15 18:18:23 | 00,059,008 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
    [2006/07/25 21:44:12 | 00,401,408 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
    [2007/02/12 21:41:19 | 00,077,944 | ---- | M] (Autodesk) -- C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Disabled | Stopped])
    [2007/01/15 18:28:51 | 00,132,736 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Disabled | Stopped])
    [2007/01/15 18:28:32 | 00,255,616 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [Disabled | Stopped])
    [2007/01/15 18:27:51 | 00,370,304 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [Disabled | Stopped])
    [2006/09/28 15:13:20 | 00,204,800 | ---- | M] (Anti-Malware Development a.s.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard [Auto | Running])
    [2006/10/26 13:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM [Auto | Running])
    File not found -- -- (mmupdate [Auto | Stopped])
    [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
    [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
    [2009/03/03 06:39:06 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

    ========== Driver Services ==========

    [2004/08/03 23:10:12 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883 [On_Demand | Stopped])
    [2006/12/21 00:51:58 | 00,031,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
    [2006/12/21 00:56:00 | 00,094,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
    [2007/01/15 18:26:08 | 00,023,352 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Stopped])
    [2007/01/15 18:25:24 | 00,043,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
    [2006/07/25 21:51:58 | 01,681,408 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
    [2004/08/03 23:10:12 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc [On_Demand | Stopped])
    [2006/09/28 15:13:34 | 00,004,096 | ---- | M] () -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver [System | Running])
    [2006/09/05 17:03:16 | 00,003,968 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln [System | Running])
    [2005/09/28 16:00:22 | 00,376,320 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
    [2004/08/03 23:10:40 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys -- (BthEnum [On_Demand | Stopped])
    [2004/08/03 23:10:40 | 00,038,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthmodem.sys -- (BTHMODEM [On_Demand | Stopped])
    [2004/08/03 22:58:40 | 00,100,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan [On_Demand | Stopped])
    [2004/08/19 15:55:32 | 00,274,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
    [2004/08/03 23:10:36 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys -- (BTHUSB [On_Demand | Stopped])
    [2004/11/17 10:17:14 | 00,293,120 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD [On_Demand | Running])
    [2004/11/17 10:17:58 | 00,280,192 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA [On_Demand | Running])
    [2004/06/22 10:16:46 | 00,051,088 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412 [On_Demand | Stopped])
    [2004/06/22 10:16:46 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
    [2004/06/22 10:16:46 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
    [2004/10/28 15:33:08 | 00,200,576 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
    [2004/10/28 15:29:48 | 01,041,664 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
    [2004/03/17 11:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
    [2004/08/03 23:10:00 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV [On_Demand | Stopped])
    [2003/04/24 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
    [2005/06/29 01:38:00 | 00,015,172 | ---- | M] (Prassi Technology) -- C:\WINDOWS\system32\drivers\PzWDM.sys -- (PzWDM [Boot | Running])
    [2004/08/03 23:10:40 | 00,059,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
    [2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139 [On_Demand | Running])
    [2004/08/03 23:07:48 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
    [2007/09/05 18:48:09 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
    [2001/08/17 20:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
    [2005/06/23 09:16:08 | 00,162,176 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
    [2004/10/28 15:30:36 | 00,685,184 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
    [2004/08/03 23:07:42 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

    ========== (R ) Internet Explorer ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&...
    "Default_Search_URL"=http://www.google.com/ie
    "Local Page"=C:\windows\system32\blank.htm
    "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
    "Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
    "CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    "Default_Search_URL"=http://www.google.com/ie
    "SearchAssistant"=http://www.google.com/ie

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
    "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
    "Local Page"=C:\windows\system32\blank.htm
    "Search Page"=http://www.google.com
    "Start Page"=http://www.orange.fr/

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
    "SearchAssistant"=http://www.google.com/ie

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
    ""=http://www.google.com/search?q=%s
    "provider"=gogl

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable" = 0

    ========== (O1) Hosts File ==========

    HOSTS File = (0 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
    First 25 entries...

    ========== (O2) BHO's ==========

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
    {02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    {AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
    {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (HKLM) -- C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)

    ========== (O3) Toolbars ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

    ========== (O4) Run Keys ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" (Adobe Systems Incorporated)
    "BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized ()

    ========== (O4) RunOnce Keys ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe (Adobe Systems, Inc.)

    ========== (O4) Startup Folders ==========


    ========== (O6 & O7) Current Version Policies ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
    "DisableRegistryTools"=0

    ========== (O12) Internet Explorer Plugins ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
    PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&m...
    PluginsPageFriendlyName: "" = Bibliothèque de contrôles ActiveX Microsoft

    ========== (O13) Default Prefixes ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
    ""=http://

    ========== (O16) DPF ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
    {AB86CE53-AC9F-449F-9399-D8ABCA09EC09}: https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl... -- Get_ActiveX Control

    ========== (O17) DNS Name Servers ==========

    {14AB4201-9A32-44B0-B972-8495BC84E118} (Servers: | Description: )
    {55E60E2C-7E77-48E4-9927-282F9BA9C6D8} (Servers: | Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family)
    {5F383145-9AC0-40D5-8C6A-F211A18F752A} (Servers: | Description: Broadcom 802.11b/g WLAN)
    {69328AB2-02DE-4DF5-B1D4-A16CB56D7AFC} (Servers: | Description: )
    {D8ED3171-0247-4387-91CA-EE7CBC78BF22} (Servers: | Description: Carte réseau 1394)
    {F472B998-9F25-46D5-91E4-864D2B2DA993} (Servers: | Description: )

    ========== Shell Execute Hooks ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" (HKLM) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

    ========== Safeboot Options ==========

    "AlternateShell"=cmd.exe

    ========== CDRom AutoRun Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
    "AutoRun" = 1

    ========== Autorun Files on Drives ==========

    AUTOEXEC.BAT []
    [2007/02/10 23:53:15 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


    ========== MountPoints2 ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05904624-07b4-11de-9788-00c09f918a9c}\Shell\AutoRun\command]
    ""=E:\t.com -- File not found


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05904624-07b4-11de-9788-00c09f918a9c}\Shell\explore\Command]
    ""=E:\t.com -- File not found


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05904624-07b4-11de-9788-00c09f918a9c}\Shell\open\Command]
    ""=E:\t.com -- File not found


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2dc79003-60a3-11dc-976d-00c09f918a9c}\Shell\Auto\command]
    ""=AdobeR.exe e


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2dc79003-60a3-11dc-976d-00c09f918a9c}\Shell\AutoRun\command]
    ""=C:\WINDOWS\system32\shell32.dll -- [2006/12/19 22:49:47 | 08,509,952 | ---- | M] (Microsoft Corporation)

    ========== Files/Folders - Created Within All Days ==========

    [1 C:\WINDOWS\System32\*.tmp files]
    [3 C:\WINDOWS\*.tmp files]
    [2009/03/03 07:36:05 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Propriétaire\Bureau\OTViewIt.exe
    [2009/03/03 07:21:12 | 00,000,000 | ---D | C] -- C:\rsit
    [2009/03/03 07:20:27 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Bureau\RSIT.exe
    [2007/10/19 19:02:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Bureau\Université des Sciences et Technologies de Lille, Master Sciences et Technologies (U_S_T_L_)_fichiers
    [2007/10/19 19:02:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Bureau\CuisineAZ - Cuisinez comme un Chef_fichiers
    [2007/10/19 19:02:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Bureau\Tutorat
    [2007/10/19 19:02:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Bureau\Raccourcis Bureau non utilisés
    [2007/10/19 19:02:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Bureau\Carrière
    [2007/10/19 19:01:50 | 00,000,000 | ---D | C] -- C:\Program Files\ONES Trial (F)
    [2007/10/11 18:41:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Mes documents\Mes fichiers reçus
    [2007/09/27 18:24:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2007/09/19 01:01:56 | 87,944,192 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Bureau\football_manager_2007_patch_v7.0.2_version_windows_multi-langues_32667.exe
    [2007/09/05 18:50:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Application Data\Sports Interactive
    [2007/09/05 18:50:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Sports Interactive
    [2007/09/05 17:55:36 | 00,001,659 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Football Manager 2007.lnk
    [2007/09/05 17:54:57 | 00,000,000 | ---D | C] -- C:\Program Files\Sports Interactive
    [2007/08/09 20:07:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Application Data\vlc
    [2007/08/09 20:05:50 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
    [2007/08/05 22:06:28 | 00,000,000 | ---D | C] -- C:\Program Files\Blip Blop
    [2007/07/24 17:48:19 | 00,221,184 | ---- | C] (Prassi Software) -- C:\WINDOWS\InZU31.exe
    [2007/07/24 17:47:57 | 00,015,172 | ---- | C] (Prassi Technology) -- C:\WINDOWS\System32\drivers\PzWDM.sys
    [2007/07/20 15:48:11 | 00,000,014 | ---- | C] () -- C:\WINDOWS\System32\SystemInfo32.sys
    [2007/07/20 15:48:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD X Studios
    [2007/06/21 13:57:52 | 00,030,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
    [2007/06/20 01:25:36 | 00,038,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
    [2007/06/20 01:25:36 | 00,030,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
    [2007/06/20 01:25:36 | 00,030,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
    [2007/06/20 01:25:36 | 00,021,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
    [2007/06/13 14:22:28 | 01,037,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\explorer.exe
    [2007/06/13 10:10:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Application Data\Leadertech
    [2007/05/20 13:54:04 | 00,000,000 | -H-D | C] -- C:\Config.Msi
    [2007/05/17 12:29:50 | 00,549,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll
    [2007/05/13 08:37:17 | 00,000,000 | ---D | C] -- C:\Program Files\eMule
    [2007/05/08 14:03:04 | 01,275,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4.dll
    [2007/04/25 15:22:35 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
    [2007/04/23 11:32:54 | 00,364,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\update.sys
    [2007/03/17 14:44:47 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll
    [2007/03/08 16:37:50 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
    [2007/03/08 16:37:50 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll
    [2007/03/08 16:37:50 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mf3216.dll
    [2007/03/08 16:33:58 | 01,843,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
    [2007/02/19 20:39:06 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt19.sqm
    [2007/02/19 20:39:06 | 00,000,232 | -H-- | C] () -- C:\sqmdata19.sqm
    [2007/02/19 20:36:09 | 00,000,268 | -H-- | C] () -- C:\sqmdata18.sqm
    [2007/02/19 20:36:09 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt18.sqm
    [2007/02/19 20:35:27 | 00,002,054 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
    [2007/02/19 20:33:33 | 00,000,268 | -H-- | C] () -- C:\sqmdata17.sqm
    [2007/02/19 20:33:33 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt17.sqm
    [2007/02/19 20:32:45 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
    [2007/02/19 20:32:45 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
    [2007/02/19 20:32:45 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
    [2007/02/19 20:32:45 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
    [2007/02/19 20:32:45 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
    [2007/02/19 20:32:45 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
    [2007/02/19 20:31:00 | 00,000,268 | -H-- | C] () -- C:\sqmdata16.sqm
    [2007/02/19 20:31:00 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt16.sqm
    [2007/02/19 19:36:07 | 00,000,268 | -H-- | C] () -- C:\sqmdata15.sqm
    [2007/02/19 19:36:07 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt15.sqm
    [2007/02/19 19:30:41 | 00,000,268 | -H-- | C] () -- C:\sqmdata14.sqm
    [2007/02/19 19:30:41 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt14.sqm
    [2007/02/19 19:08:00 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt13.sqm
    [2007/02/19 19:08:00 | 00,000,232 | -H-- | C] () -- C:\sqmdata13.sqm
    [2007/02/19 19:06:07 | 00,000,268 | -H-- | C] () -- C:\sqmdata12.sqm
    [2007/02/19 19:06:07 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt12.sqm
    [2007/02/18 15:35:56 | 00,000,268 | -H-- | C] () -- C:\sqmdata11.sqm
    [2007/02/18 15:35:56 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt11.sqm
    [2007/02/18 14:38:14 | 00,000,268 | -H-- | C] () -- C:\sqmdata10.sqm
    [2007/02/18 14:38:14 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt10.sqm
    [2007/02/18 14:35:22 | 00,000,268 | -H-- | C] () -- C:\sqmdata09.sqm
    [2007/02/18 14:35:22 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt09.sqm
    [2007/02/18 14:32:46 | 00,000,268 | -H-- | C] () -- C:\sqmdata08.sqm
    [2007/02/18 14:32:46 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt08.sqm
    [2007/02/18 14:29:47 | 00,000,268 | -H-- | C] () -- C:\sqmdata07.sqm
    [2007/02/18 14:29:47 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt07.sqm
    [2007/02/18 10:59:14 | 00,000,268 | -H-- | C] () -- C:\sqmdata06.sqm
    [2007/02/18 10:59:14 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt06.sqm
    [2007/02/18 10:54:10 | 00,000,268 | -H-- | C] () -- C:\sqmdata05.sqm
    [2007/02/18 10:54:10 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt05.sqm
    [2007/02/18 10:51:17 | 00,000,268 | -H-- | C] () -- C:\sqmdata04.sqm
    [2007/02/18 10:51:17 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt04.sqm
    [2007/02/15 20:28:59 | 00,000,268 | -H-- | C] () -- C:\sqmdata03.sqm
    [2007/02/15 20:28:59 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt03.sqm
    [2007/02/15 20:27:47 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
    [2007/02/15 20:27:47 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
    [2007/02/15 18:49:24 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys
    [2007/02/15 18:49:24 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
    [2007/02/15 18:14:26 | 00,002,422 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
    [2007/02/15 17:48:43 | 00,002,483 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.tim
    [2007/02/15 17:47:30 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\kr_done1
    [2007/02/15 17:47:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\sdfdsf
    [2007/02/15 17:47:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\asfds
    [2007/02/15 17:45:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\inet20002
    [2007/02/15 17:44:45 | 00,037,721 | ---- | C] () -- C:\WINDOWS\System32\pp.exe.exe
    [2007/02/15 17:44:42 | 00,057,689 | ---- | C] () -- C:\WINDOWS\System32\ma.exe.exe
    [2007/02/15 17:44:41 | 00,000,099 | ---- | C] () -- C:\WINDOWS\System32\svcp.csv
    [2007/02/15 17:44:41 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\winsub.xml
    [2007/02/15 17:43:41 | 00,000,002 | ---- | C] () -- C:\149163016
    [2007/02/13 15:43:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Application Data\Macromedia
    [2007/02/13 15:30:54 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmc.exe
    [2007/02/13 15:30:54 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltlib.dll
    [2007/02/13 15:30:53 | 00,128,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys
    [2007/02/13 01:01:20 | 00,000,268 | -H-- | C] () -- C:\sqmdata02.sqm
    [2007/02/13 01:01:20 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt02.sqm
    [2007/02/12 21:40:33 | 00,000,000 | ---D | C] -- C:\Program Files\AnswerWorks 4.0
    [2007/02/12 21:37:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Autodesk
    [2007/02/12 21:37:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Application Data\Autodesk
    [2007/02/12 21:37:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autodesk
    [2007/02/12 21:08:52 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Autodesk Shared
    [2007/02/12 21:08:48 | 00,000,000 | ---D | C] -- C:\Program Files\Autodesk
    [2007/02/12 21:07:19 | 00,000,135 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\fusioncache.dat
    [2007/02/12 21:07:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\ApplicationHistory
    [2007/02/12 21:05:48 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
    [2007/02/12 21:05:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
    [2007/02/12 21:05:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
    [2007/02/12 20:56:41 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\avast! Antivirus.lnk
    [2007/02/12 20:56:40 | 00,043,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2007/02/12 20:56:40 | 00,023,352 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2007/02/12 20:56:39 | 00,031,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2007/02/12 20:56:35 | 00,094,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2007/02/12 20:56:35 | 00,085,952 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2007/02/12 20:56:23 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
    [2007/02/12 20:56:23 | 00,689,280 | ---- | C] () -- C:\WINDOWS\System32\aswBoot.exe
    [2007/02/12 20:56:23 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCP71.dll
    [2007/02/12 20:56:23 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
    [2007/02/12 20:56:23 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCR71.dll
    [2007/02/12 20:56:23 | 00,090,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AVASTSS.scr
    [2007/02/12 20:56:18 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2007/02/12 20:46:25 | 00,271,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
    [2007/02/12 20:46:25 | 00,207,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
    [2007/02/11 23:37:57 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 8.lnk
    [2007/02/11 23:36:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Application Data\AdobeUM
    [2007/02/11 23:36:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Application Data\AdobeAUM
    [2007/02/11 23:36:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Application Data\Adobe
    [2007/02/11 23:36:22 | 00,002,067 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Photoshop Album Starter Edition 3.0.lnk
    [2007/02/11 23:36:18 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2007/02/11 23:36:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
    [2007/02/11 23:36:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
    [2007/02/11 23:29:23 | 00,000,000 | ---D | C] -- C:\Temp
    [2007/02/11 23:29:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Adobe
    [2007/02/11 23:29:22 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Adobe
    [2007/02/11 15:35:37 | 00,000,268 | -H-- | C] () -- C:\sqmdata01.sqm
    [2007/02/11 15:35:37 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt01.sqm
    [2007/02/11 14:11:44 | 00,000,268 | -H-- | C] () -- C:\sqmdata00.sqm
    [2007/02/11 14:11:44 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
    [2007/02/11 12:42:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
    [2007/02/11 12:42:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
    [2007/02/11 12:42:18 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
    [2007/02/11 12:40:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
    [2007/02/11 12:40:10 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Messenger
    [2007/02/11 12:13:59 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Propriétaire\Mes documents\Mes images
    [2007/02/11 12:12:31 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
    [2007/02/11 12:12:31 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
    [2007/02/11 12:12:27 | 00,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBSTOR.SYS
    [2007/02/11 12:12:27 | 00,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
    [2007/02/11 12:12:23 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
    [2007/02/11 12:12:23 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
    [2007/02/11 06:22:26 | 00,002,701 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Bureau\Microsoft Office Outlook 2007.lnk
    [2007/02/11 06:22:26 | 00,002,589 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Bureau\Microsoft Office Publisher 2007.lnk
    [2007/02/11 06:22:25 | 00,030,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll
    [2007/02/11 06:21:26 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
    [2007/02/11 06:21:14 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
    [2007/02/11 06:20:50 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
    [2007/02/11 06:20:50 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DESIGNER
    [2007/02/11 06:15:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
    [2007/02/11 06:14:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft Help
    [2007/02/11 06:14:11 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2007/02/11 06:14:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    [2007/02/11 06:13:13 | 00,000,000 | RH-D | C] -- C:\MSOCache
    [2007/02/11 06:12:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
    [2007/02/11 06:11:38 | 00,101,888 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2007/02/11 06:10:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
    [2007/02/11 06:10:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2007/02/11 00:28:47 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
    [2007/02/11 00:28:12 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logman.exe
    [2007/02/11 00:28:12 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proxycfg.exe
    [2007/02/11 00:28:06 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
    [2007/02/11 00:28:06 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
    [2007/02/11 00:28:06 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
    [2007/02/11 00:28:05 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
    [2007/02/11 00:28:04 | 00,262,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\http.sys
    [2007/02/11 00:28:04 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
    [2007/02/11 00:28:04 | 00,128,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fltmgr.sys
    [2007/02/11 00:28:04 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
    [2007/02/11 00:28:04 | 00,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelppm.sys
    [2007/02/11 00:28:04 | 00,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
    [2007/02/11 00:28:04 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ip6fw.sys
    [2007/02/11 00:28:04 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
    [2007/02/11 00:28:04 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
    [2007/02/11 00:28:04 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
    [2007/02/11 00:28:04 | 00,015,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mssmbios.sys
    [2007/02/11 00:28:04 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
    [2007/02/11 00:28:03 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
    [2007/02/11 00:28:03 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sdbus.sys
    [2007/02/11 00:28:03 | 00,059,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
    [2007/02/11 00:28:03 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
    [2007/02/11 00:28:03 | 00,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
    [2007/02/11 00:28:03 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffdisk.sys
    [2007/02/11 00:28:03 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_sd.sys
    [2007/02/11 00:28:03 | 00,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
    [2007/02/11 00:28:02 | 00,078,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
    [2007/02/11 00:28:02 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\blastcln.exe
    [2007/02/11 00:28:02 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
    [2007/02/11 00:28:02 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bthserv.dll
    [2007/02/11 00:28:02 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bthci.dll
    [2007/02/11 00:28:02 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\auditusr.exe
    [2007/02/11 00:28:02 | 00,013,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
    [2007/02/11 00:28:02 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
    [2007/02/11 00:28:02 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
    [2007/02/11 00:28:02 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
    [2007/02/11 00:28:01 | 02,113,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdiagn.dll
    [2007/02/11 00:28:01 | 01,689,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d9.dll
    [2007/02/11 00:28:01 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fsquirt.exe
    [2007/02/11 00:28:01 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\firewall.cpl
    [2007/02/11 00:28:01 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\extmgr.dll
    [2007/02/11 00:28:01 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\btpanui.dll
    [2007/02/11 00:28:01 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe
    [2007/02/11 00:28:01 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltlib.dll
    [2007/02/11 00:28:01 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmsetacl.dll
    [2007/02/11 00:28:00 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
    [2007/02/11 00:28:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
    [2007/02/11 00:28:00 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fwcfg.dll
    [2007/02/11 00:28:00 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\httpapi.dll
    [2007/02/11 00:27:59 | 00,384,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mp4sdmod.dll
    [2007/02/11 00:27:59 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irprops.cpl
    [2007/02/11 00:27:59 | 00,310,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mp43dmod.dll
    [2007/02/11 00:27:59 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdadiag.dll
    [2007/02/11 00:27:59 | 00,118,272 | ---- | C] () -- C:\WINDOWS\System32\mpeg2data.ax
    [2007/02/11 00:27:59 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsmsno.dll
    [2007/02/11 00:27:59 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsmsfi.dll
    [2007/02/11 00:27:59 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdukx.dll
    [2007/02/11 00:27:59 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdno1.dll
    [2007/02/11 00:27:59 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdfi1.dll
    [2007/02/11 00:27:59 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinmal.dll
    [2007/02/11 00:27:59 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinben.dll
    [2007/02/11 00:27:59 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmlt48.dll
    [2007/02/11 00:27:59 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmlt47.dll
    [2007/02/11 00:27:59 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinbe1.dll
    [2007/02/11 00:27:59 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmaori.dll
    [2007/02/11 00:27:58 | 00,445,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpob2res.dll
    [2007/02/11 00:27:58 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspmsnsv.dll
    [2007/02/11 00:27:58 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netsetup.cpl
    [2007/02/11 00:27:57 | 00,526,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2psvc.dll
    [2007/02/11 00:27:57 | 00,312,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pgraph.dll
    [2007/02/11 00:27:57 | 00,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2p.dll
    [2007/02/11 00:27:57 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pnetsh.dll
    [2007/02/11 00:27:57 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pgasvc.dll
    [2007/02/11 00:27:57 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\powercfg.exe
    [2007/02/11 00:27:57 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pnrpnsp.dll
    [2007/02/11 00:27:57 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sdhcinst.dll
    [2007/02/11 00:27:56 | 02,986,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp2res.dll
    [2007/02/11 00:27:56 | 00,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\strmfilt.dll
    [2007/02/11 00:27:56 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\twext.dll
    [2007/02/11 00:27:56 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
    [2007/02/11 00:27:56 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w3ssl.dll
    [2007/02/11 00:27:56 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smbinst.exe
    [2007/02/11 00:27:55 | 04,734,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmp.dll
    [2007/02/11 00:27:55 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpdxm.dll
    [2007/02/11 00:27:55 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmerror.dll
    [2007/02/11 00:27:55 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmidx.dll
    [2007/02/11 00:27:55 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpasf.dll
    [2007/02/11 00:27:55 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winshfhc.dll
    [2007/02/11 00:27:54 | 01,119,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmsdmoe2.dll
    [2007/02/11 00:27:54 | 01,001,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvdmoe2.dll
    [2007/02/11 00:27:54 | 00,896,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmspdmoe.dll
    [2007/02/11 00:27:54 | 00,549,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
    [2007/02/11 00:27:54 | 00,549,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
    [2007/02/11 00:27:54 | 00,484,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmspdmod.dll
    [2007/02/11 00:27:54 | 00,216,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
    [2007/02/11 00:27:54 | 00,216,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
    [2007/02/11 00:27:54 | 00,195,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
    [2007/02/11 00:27:54 | 00,195,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng1.dll
    [2007/02/11 00:27:54 | 00,175,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
    [2007/02/11 00:27:54 | 00,175,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt1.exe
    [2007/02/11 00:27:54 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wscui.cpl
    [2007/02/11 00:27:54 | 00,108,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshbth.dll
    [2007/02/11 00:27:54 | 00,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wscsvc.dll
    [2007/02/11 00:27:54 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
    [2007/02/11 00:27:53 | 00,325,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
    [2007/02/11 00:27:53 | 00,325,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
    [2007/02/11 00:27:53 | 00,203,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuweb.dll
    [2007/02/11 00:27:53 | 00,203,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
    [2007/02/11 00:27:53 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmlprov.dll
    [2007/02/11 00:27:53 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmlprovi.dll
    [2007/02/11 00:27:53 | 00,033,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
    [2007/02/11 00:27:53 | 00,033,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
    [2007/02/11 00:27:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\peernet
    [2007/02/11 00:27:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\provisioning
    [2007/02/11 00:25:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
    [2007/02/11 00:21:35 | 00,015,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
    [2007/02/11 00:21:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
    [2007/02/11 00:21:10 | 00,022,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
    [2007/02/11 00:18:29 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
    [2007/02/11 00:18:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
    [2007/02/11 00:12:24 | 05,334,810 | -H-- | C] () -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\IconCache.db
    [2007/02/11 00:11:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\tiinst
    [2007/02/11 00:10:45 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
    [2007/02/11 00:09:33 | 00,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
    [2007/02/11 00:09:31 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
    [2007/02/11 00:08:11 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\InstallShield
    [2007/02/11 00:06:57 | 00,000,000 | -HSD | C] -- C:\RECYCLER
    [2007/02/11 00:06:53 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
    [2007/02/11 00:05:51 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFProf.cty
    [2007/02/11 00:05:44 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
    [2007/02/11 00:05:42 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys
    [2007/02/11 00:05:40 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dmusic.sys
    [2007/02/11 00:05:39 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys
    [2007/02/11 00:05:39 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
    [2007/02/11 00:05:37 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys
    [2007/02/11 00:05:35 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys
    [2007/02/11 00:05:34 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys
    [2007/02/11 00:05:28 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys
    [2007/02/11 00:05:17 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mskssrv.sys
    [2007/02/11 00:05:16 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspqm.sys
    [2007/02/11 00:05:13 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspclock.sys
    [2007/02/11 00:05:05 | 00,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
    [2007/02/11 00:05:05 | 00,140,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
    [2007/02/11 00:05:05 | 00,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
    [2007/02/11 00:05:05 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
    [2007/02/11 00:05:05 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdmaud.drv
    [2007/02/11 00:05:05 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
    [2007/02/11 00:05:04 | 00,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
    [2007/02/11 00:04:59 | 00,000,000 | ---D | C] -- C:\swsetup
    [2007/02/10 23:58:34 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
    [2007/02/10 23:58:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Application Data\Identities
    [2007/02/10 23:58:24 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
    [2007/02/10 23:58:22 | 00,000,164 | -HS- | C] () -- C:\Documents and Settings\Propriétaire\Mes documents\desktop.ini
    [2007/02/10 23:58:22 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Propriétaire\Mes documents\Ma musique
    [2007/02/10 23:58:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft
    [2007/02/10 23:58:18 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Propriétaire\Application Data\desktop.ini
    [2007/02/10 23:58:17 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\desktop.ini
    [2007/02/10 23:58:17 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft
    [2007/02/10 23:58:09 | 00,000,000 | -HSD | C] -- C:\System Volume Information
    [2007/02/10 23:56:01 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
    [2007/02/10 23:55:09 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2007/02/10 23:54:59 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
    [2007/02/10 23:54:59 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
    [2007/02/10 23:54:59 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
    [2007/02/10 23:54:59 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
    [2007/02/10 23:54:59 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
    [2007/02/10 23:54:58 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
    [2007/02/10 23:54:58 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
    [2007/02/10 23:54:58 | 00,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
    [2007/02/10 23:54:56 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
    [2007/02/10 23:54:56 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
    [2007/02/10 23:54:56 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
    [2007/02/10 23:54:55 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
    [2007/02/10 23:54:55 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
    [2007/02/10 23:54:54 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
    [2007/02/10 23:54:53 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
    [2007/02/10 23:54:53 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
    [2007/02/10 23:54:53 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
    [2007/02/10 23:54:53 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
    [2007/02/10 23:54:53 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
    [2007/02/10 23:54:52 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
    [2007/02/10 23:54:52 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
    [2007/02/10 23:54:52 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
    [2007/02/10 23:54:51 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
    [2007/02/10 23:54:50 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
    [2007/02/10 23:54:49 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
    [2007/02/10 23:54:49 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
    [2007/02/10 23:54:48 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
    [2007/02/10 23:54:48 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
    [2007/02/10 23:54:48 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpapi.dll
    [2007/02/10 23:54:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
    [2007/02/10 23:54:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
    [2007/02/10 23:54:47 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
    [2007/02/10 23:54:47 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
    [2007/02/10 23:54:47 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
    [2007/02/10 23:54:47 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
    [2007/02/10 23:54:47 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
    [2007/02/10 23:54:47 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
    [2007/02/10 23:54:47 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
    [2007/02/10 23:54:47 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
    [2007/02/10 23:54:47 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
    [2007/02/10 23:54:47 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
    [2007/02/10 23:54:47 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
    [2007/02/10 23:54:47 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
    [2007/02/10 23:54:47 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
    [2007/02/10 23:54:46 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
    [2007/02/10 23:54:44 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seo.dll
    [2007/02/10 23:54:44 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
    [2007/02/10 23:54:43 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
    [2007/02/10 23:54:42 | 00,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
    [2007/02/10 23:54:42 | 00,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
    [2007/02/10 23:54:42 | 00,026,624 | ---- | C] (RICOH Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
    [2007/02/10 23:54:42 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
    [2007/02/10 23:54:42 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_rwnh.dll
    [2007/02/10 23:54:41 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
    [2007/02/10 23:54:41 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
    [2007/02/10 23:54:41 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
    [2007/02/10 23:54:40 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
    [2007/02/10 23:54:39 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
    [2007/02/10 23:54:39 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
    [2007/02/10 23:54:38 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
    [2007/02/10 23:54:38 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
    [2007/02/10 23:54:38 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
    [2007/02/10 23:54:38 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
    [2007/02/10 23:54:38 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
    [2007/02/10 23:54:38 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
    [2007/02/10 23:54:38 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
    [2007/02/10 23:54:37 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
    [2007/02/10 23:54:37 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
    [2007/02/10 23:54:37 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
    [2007/02/10 23:54:37 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
    [2007/02/10 23:54:37 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
    [2007/02/10 23:54:37 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
    [2007/02/10 23:54:36 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
    [2007/02/10 23:54:32 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
    [2007/02/10 23:54:32 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
    [2007/02/10 23:54:29 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
    [2007/02/10 23:54:29 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
    [2007/02/10 23:54:24 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
    [2007/02/10 23:54:24 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
    [2007/02/10 23:54:23 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
    [2007/02/10 23:54:22 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
    [2007/02/10 23:54:22 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
    [2007/02/10 23:54:21 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
    [2007/02/10 23:54:21 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
    [2007/02/10 23:54:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
    [2007/02/10 23:54:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
    [2007/02/10 23:54:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
    [2007/02/10 23:54:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
    [2007/02/10 23:54:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
    [2007/02/10 23:54:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
    [2007/02/10 23:54:20 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
    [2007/02/10 23:54:20 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
    [2007/02/10 23:54:20 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
    [2007/02/10 23:54:20 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
    [2007/02/10 23:54:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
    [2007/02/10 23:54:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
    [2007/02/10 23:54:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
    [2007/02/10 23:54:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
    [2007/02/10 23:54:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
    [2007/02/10 23:54:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
    [2007/02/10 23:54:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
    [2007/02/10 23:54:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
    [2007/02/10 23:54:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
    [2007/02/10 23:54:19 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
    [2007/02/10 23:54:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
    [2007/02/10 23:54:19 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
    [2007/02/10 23:54:19 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
    [2007/02/10 23:54:19 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
    [2007/02/10 23:54:19 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
    [2007/02/10 23:54:19 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
    [2007/02/10 23:54:19 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
    [2007/02/10 23:54:19 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
    [2007/02/10 23:54:19 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
    [2007/02/10 23:54:18 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
    [2007/02/10 23:54:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
    [2007/02/10 23:54:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
    [2007/02/10 23:54:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
    [2007/02/10 23:54:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
    [2007/02/10 23:54:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
    [2007/02/10 23:54:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
    [2007/02/10 23:54:16 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
    [2007/02/10 23:54:16 | 00,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
    [2007/02/10 23:54:16 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
    [2007/02/10 23:54:16 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
    [2007/02/10 23:54:16 | 00,233,527 | ---- | C] (M
    5 Avril 2009 13:41:43

    _le second rapport, Extras.Txt:

    OTViewIt Extras logfile created on: 03/03/2009 07:38:53 - Run 3
    OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Propriétaire\Bureau
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    510,48 Mb Total Physical Memory | 238,72 Mb Available Physical Memory | 46,76% Memory free
    1,22 Gb Paging File | 0,85 Gb Available in Paging File | 69,72% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74,52 Gb Total Space | 66,18 Gb Free Space | 88,81% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: HP
    Current User Name: Propriétaire
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Whitelist: On
    File Age = All Days

    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
    .cpl [@ = cplfile] -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\WINDOWS\system32\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\WINDOWS\system32\mshta.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf [@ = inffile] -- C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
    .ini [@ = inifile] -- C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
    .js [@ = JSFile] -- C:\WINDOWS\system32\wscript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\WINDOWS\system32\wscript.exe (Microsoft Corporation)
    .reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
    .txt [@ = txtfile] -- C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\WINDOWS\system32\wscript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\WINDOWS\system32\wscript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\WINDOWS\system32\wscript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\WINDOWS\system32\wscript.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify"=0
    "FirewallDisableNotify"=0
    "UpdatesDisableNotify"=0
    "AntiVirusOverride"=1
    "FirewallOverride"=1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    "EnableFirewall"=1
    "DoNotAllowExceptions"=0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    [2004/08/19 16:10:04 | 00,142,336 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    [2006/07/29 19:34:08 | 05,354,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
    [2006/07/29 18:16:08 | 01,002,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    [2004/08/19 16:10:04 | 00,142,336 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    [2007/05/25 19:09:50 | 12,831,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
    [2006/07/29 19:34:08 | 05,354,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
    [2006/07/29 18:16:08 | 01,002,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
    File not found -- c:\windows\system32\colorids0.exe:*:Enabled:colorids0
    [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
    [2006/09/14 15:15:24 | 05,001,216 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe:*:Enabled:eMule
    [2006/10/17 17:12:58 | 18,898,944 | ---- | M] (Sports Interactive) -- C:\Program Files\Sports Interactive\Football Manager 2007\fm.exe:*:Enabled:Football Manager 2007
    [2006/09/25 18:50:02 | 20,053,544 | ---- | M] () -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

    ========== (O10) Winsock2 Catalogs ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
    NameSpace_Catalog5\Catalog_Entries\000000000004 [Espace de noms Bluetooth] -- C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)

    ========== (O18) Protocol Handlers ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
    ipp: [HKLM - No CLSID value]
    [2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
    msdaipp: [HKLM - No CLSID value]
    [2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
    [2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
    [2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

    ========== (O18) Protocol Filters ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
    [2006/10/26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=Panneau de contrôle ATI
    "{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}"=Windows Live Sign-in Assistant
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
    "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
    "{36CDA33B-909B-4719-97D1-C4B99309BDC7}"=ATI Parental Control & Encoder
    "{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}"=Google Earth
    "{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}"=Adobe® Photoshop® Album Starter Edition 3.0
    "{5783F2D7-4001-0409-0002-0060B0CE6BBA}"=AutoCAD 2006 - English
    "{90120000-0010-040C-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (French) 12
    "{90120000-0011-0000-0000-0000000FF1CE}"=Microsoft Office Professional Plus 2007
    "{90120000-0015-040C-0000-0000000FF1CE}"=Microsoft Office Access MUI (French) 2007
    "{90120000-0016-040C-0000-0000000FF1CE}"=Microsoft Office Excel MUI (French) 2007
    "{90120000-0018-040C-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (French) 2007
    "{90120000-0019-040C-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (French) 2007
    "{90120000-001A-040C-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (French) 2007
    "{90120000-001B-040C-0000-0000000FF1CE}"=Microsoft Office Word MUI (French) 2007
    "{90120000-001F-0401-0000-0000000FF1CE}"=Microsoft Office Proof (Arabic) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}"=Microsoft Office Proof (German) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
    "{90120000-001F-0413-0000-0000000FF1CE}"=Microsoft Office Proof (Dutch) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-040C-0000-0000000FF1CE}"=Microsoft Office Proofing (French) 2007
    "{90120000-0044-040C-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (French) 2007
    "{90120000-006E-040C-0000-0000000FF1CE}"=Microsoft Office Shared MUI (French) 2007
    "{A1062847-0846-427A-92A1-BB8251A91E91}"=HP PSC & OfficeJet 4.2
    "{AC76BA86-7AD7-1033-7B44-A80000000002}"=Adobe Reader 8
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
    "{E22885AB-B503-46E2-8437-73BBC6BC5487}"=Windows Live Messenger
    "{FF6F491D-BC82-4DCC-A72F-1824957C6466}"=TIxx21
    "All ATI Software"=ATI - Utilitaire de désinstallation du logiciel
    "ATI Display Driver"=ATI Display Driver
    "Autodesk DWF Viewer"=Autodesk DWF Viewer
    "avast!"=avast! Antivirus
    "AVGAntiSpyware75"=AVG Anti-Spyware 7.5
    "Blip Blop"=Blip Blop (remove only)
    "Broadcom 802.11b Network Adapter"=Broadcom 802.11 Wireless LAN Adapter
    "c474c3891a130b8bd0297680e91988cd308463113"=Football Manager 2007
    "CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3082103C"=Conexant Data Fax Modem with SmartCP
    "Conexant PCI Audio"=Conexant AC-97 Audio
    "eMule"=eMule
    "HijackThis"=HijackThis 1.99.1
    "Hijackthis Version Française_is1"=Hijackthis Version Française
    "InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}"=Texas Instruments PCIxx21/x515 drivers.
    "Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
    "MOTIX"=MOTIX
    "ONES(F)"=ONES Trial (F)
    "PROPLUS"=Microsoft Office Professional Plus 2007
    "ShockwaveFlash"=Adobe Flash Player 9
    "Skype_is1"=Skype 2.5
    "SLD Codec Pack"=SLD Codec Pack
    "VLC media player"=VideoLAN VLC media player 0.8.6c
    "Windows XP Service Pack"=Windows XP Service Pack 2
    "Yahoo! Companion"=Yahoo! Toolbar
    "Yahoo! Toolbar"=Yahoo! Toolbar

    ========== Last 10 Event Log Errors ==========

    [ Antivirus Events ]
    Error - 15/01/2007 21:49:02 | Computer Name = HP | Source = avast! | ID = 33554522
    Description = aswChestInterface - Program error description: CChestListView::o nCreate()
    !m_strErrorWnd.IsEmpty().

    Error - 03/03/2009 01:51:59 | Computer Name = HP | Source = avast! | ID = 33554522
    Description = Error in aswChestC: chestAddFile Error 1753.

    Error - 03/03/2009 01:53:21 | Computer Name = HP | Source = avast! | ID = 33554522
    Description = Error in aswChestC: chestAddFile Error 1753.

    Error - 03/03/2009 01:54:00 | Computer Name = HP | Source = avast! | ID = 33554522
    Description = Error in aswChestC: chestAddFile Error 1753.

    Error - 03/03/2009 02:28:08 | Computer Name = HP | Source = avast! | ID = 33554522
    Description = Error in aswChestC: chestAddFile Error 1753.

    Error - 03/03/2009 02:28:09 | Computer Name = HP | Source = avast! | ID = 33554522
    Description = Error in aswChestC: chestAddFile Error 1753.

    Error - 03/03/2009 02:28:09 | Computer Name = HP | Source = avast! | ID = 33554522
    Description = Error in aswChestC: chestAddFile Error 1753.

    Error - 03/03/2009 02:28:10 | Computer Name = HP | Source = avast! | ID = 33554522
    Description = Error in aswChestC: chestAddFile Error 1753.

    Error - 03/03/2009 02:29:52 | Computer Name = HP | Source = avast! | ID = 33554522
    Description = Error in aswChestC: chestOpenList Error 1753.

    Error - 03/03/2009 02:29:52 | Computer Name = HP | Source = avast! | ID = 33554522
    Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
    chestOpenList() failed: 2147422219.

    [ Application Events ]
    Error - 21/06/2007 21:51:43 | Computer Name = HP | Source = Application Error | ID = 1000
    Description = Application défaillante , version 0.0.0.0, module défaillant unknown,
    version 0.0.0.0, adresse de défaillance 0x00000000.

    Error - 25/06/2007 00:33:23 | Computer Name = HP | Source = Application Error | ID = 1000
    Description = Application défaillante svchost.exe, version 5.1.2600.2180, module
    défaillant set32.dll, version 0.0.0.0, adresse de défaillance 0x0000200c.

    Error - 04/07/2007 04:58:42 | Computer Name = HP | Source = Application Hang | ID = 1002
    Description = Application bloquée iexplore.exe, version 6.0.2900.2180, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 07/07/2007 14:16:32 | Computer Name = HP | Source = Application Error | ID = 1000
    Description = Application défaillante svchost.exe, version 5.1.2600.2180, module
    défaillant set32.dll, version 0.0.0.0, adresse de défaillance 0x0000200c.

    Error - 07/07/2007 08:46:14 | Computer Name = HP | Source = Application Error | ID = 1000
    Description = Application défaillante wmplayer.exe, version 9.0.0.3250, module défaillant
    xvidcore.dll, version 0.0.0.0, adresse de défaillance 0x000495c8.

    Error - 20/07/2007 10:06:04 | Computer Name = HP | Source = Application Error | ID = 1000
    Description = Application défaillante svchost.exe, version 5.1.2600.2180, module
    défaillant set32.dll, version 0.0.0.0, adresse de défaillance 0x0000200c.

    Error - 24/07/2007 12:29:08 | Computer Name = HP | Source = Application Error | ID = 1000
    Description = Application défaillante svchost.exe, version 5.1.2600.2180, module
    défaillant set32.dll, version 0.0.0.0, adresse de défaillance 0x0000200c.

    Error - 24/07/2007 12:49:52 | Computer Name = HP | Source = Application Error | ID = 1000
    Description = Application défaillante svchost.exe, version 5.1.2600.2180, module
    défaillant set32.dll, version 0.0.0.0, adresse de défaillance 0x0000200c.

    Error - 24/07/2007 13:00:04 | Computer Name = HP | Source = Application Error | ID = 1000
    Description = Application défaillante dvdxplayer.exe, version 4.0.0.1, module défaillant
    unknown, version 0.0.0.0, adresse de défaillance 0x0124000b.

    Error - 24/07/2007 18:15:57 | Computer Name = HP | Source = Application Error | ID = 1000
    Description = Application défaillante svchost.exe, version 5.1.2600.2180, module
    défaillant set32.dll, version 0.0.0.0, adresse de défaillance 0x0000200c.

    [ OSession Events ]
    Error - 09/01/2007 03:34:43 | Computer Name = HP | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18029
    seconds with 4920 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 21/12/2008 17:29:27 | Computer Name = HP | Source = Service Control Manager | ID = 7000
    Description = Le service wincom32 n'a pas pu démarrer en raison de l'erreur : %%2

    Error - 21/12/2008 17:29:40 | Computer Name = HP | Source = Service Control Manager | ID = 7000
    Description = Le service Services Terminal Server n'a pas pu démarrer en raison
    de l'erreur : %%230

    Error - 21/12/2008 17:29:40 | Computer Name = HP | Source = Service Control Manager | ID = 7001
    Description = Le service Compatibilité avec le Changement rapide d'utilisateur dépend
    du service Services Terminal Server qui n'a pas pu démarrer en raison de l'erreur :
    %%230

    Error - 21/12/2008 17:29:40 | Computer Name = HP | Source = Service Control Manager | ID = 7031
    Description = Le service Lanceur de processus serveur DCOM s'est terminé de manière
    inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée
    dans 60000 millisecondes : Redémarrer l'ordinateur.

    Error - 21/12/2008 17:33:23 | Computer Name = HP | Source = Service Control Manager | ID = 7000
    Description = Le service wincom32 n'a pas pu démarrer en raison de l'erreur : %%2

    Error - 21/12/2008 17:33:36 | Computer Name = HP | Source = Service Control Manager | ID = 7000
    Description = Le service Services Terminal Server n'a pas pu démarrer en raison
    de l'erreur : %%230

    Error - 21/12/2008 17:33:36 | Computer Name = HP | Source = Service Control Manager | ID = 7001
    Description = Le service Compatibilité avec le Changement rapide d'utilisateur dépend
    du service Services Terminal Server qui n'a pas pu démarrer en raison de l'erreur :
    %%230

    Error - 21/12/2008 17:33:36 | Computer Name = HP | Source = Service Control Manager | ID = 7031
    Description = Le service Lanceur de processus serveur DCOM s'est terminé de manière
    inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée
    dans 60000 millisecondes : Redémarrer l'ordinateur.

    Error - 03/04/2009 13:17:33 | Computer Name = HP | Source = Service Control Manager | ID = 7000
    Description = Le service wincom32 n'a pas pu démarrer en raison de l'erreur : %%2

    Error - 03/04/2009 13:17:36 | Computer Name = HP | Source = Service Control Manager | ID = 7031
    Description = Le service Lanceur de processus serveur DCOM s'est terminé de manière
    inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée
    dans 60000 millisecondes : Redémarrer l'ordinateur.


    < End of report >
    a c 296 8 Sécurité
    a b 9 Windows
    5 Avril 2009 14:44:06

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    5 Avril 2009 15:16:29

    Voila le rapport et je te remercie de prendre de ton temps pour résoudre mon probléme.

    Malwarebytes' Anti-Malware 1.35
    Version de la base de données: 1940
    Windows 5.1.2600 Service Pack 2

    02/03/2009 23:18:21
    mbam-log-2009-03-02 (23-18-21).txt

    Type de recherche: Examen rapide
    Eléments examinés: 68026
    Temps écoulé: 17 minute(s), 15 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 5
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 3
    Fichier(s) infecté(s): 11

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{73364d99-1240-4dff-b12a-67e448373148} (Spyware.Bzub) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc (Spyware.LDPinch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AdfGHost.Cli (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\BprintingHost.Serv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\WINDOWS\inet20002 (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\inet20002\www.google.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\inet20002\www.google.com\Google_files (Trojan.Agent) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\inet20002\tmp.req (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\inet20002\www.google.com\favicon.ico (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\inet20002\www.google.com\index.html (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\inet20002\www.google.com\thank.html (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\inet20002\www.google.com\Google_files\hp0.gif (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\inet20002\www.google.com\Google_files\hp1.gif (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\inet20002\www.google.com\Google_files\hp2.gif (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\inet20002\www.google.com\Google_files\hp3.gif (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winsub.xml (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\svcp.csv (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
    a c 296 8 Sécurité
    a b 9 Windows
    5 Avril 2009 15:34:46

  • Télécharge SDFix (créé par AndyManchesta) sur ton Bureau.
  • Double-clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
  • Redémarre ton ordinateur en Mode sans échec.

    Pour redémarrer en mode sans échec :
  • Redémarre ton PC.
  • Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
  • Dans le menu d'options avancées, choisis Mode sans échec.
  • Choisis ta session.

    Déroule la liste des instructions ci-dessous :
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse.
    5 Avril 2009 22:26:22

    voila le rapport de SDFIX:

    SDFix: Version 1.240
    Run by Propri‚taire on 02/03/2009 at 14:12

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :

    Name :
    wincom32

    Path :
    \??\C:\WINDOWS\system32\wincom32.sys

    wincom32 - Deleted



    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\149163~1 - Deleted
    C:\WINDOWS\system32\ma.exe.exe - Deleted
    C:\WINDOWS\system32\pp.exe.exe - Deleted
    C:\WINDOWS\system32\drivers\etc\hosts.tim - Deleted
    C:\WINDOWS\system32\set32.dll - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-02 14:42:51
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd1082ed]
    "00188d2e2b60"=hex:30,67,bd,e8,34,c0,fe,97,81,79,54,97,b7,64,b8,61
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd1082ed]
    "00188d2e2b60"=hex:30,67,bd,e8,34,c0,fe,97,81,79,54,97,b7,64,b8,61

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    "DLLName"="Ati2evxx.dll"
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000001
    "Lock"="AtiLockEvent"
    "Logoff"="AtiLogoffEvent"
    "Logon"="AtiLogonEvent"
    "Disconnect"="AtiDisConnectEvent"
    "Reconnect"="AtiReConnectEvent"
    "Safe"=dword:00000000
    "Shutdown"="AtiShutdownEvent"
    "StartScreenSaver"="AtiStartScreenSaverEvent"
    "StartShell"="AtiStartShellEvent"
    "Startup"="AtiStartupEvent"
    "StopScreenSaver"="AtiStopScreenSaverEvent"
    "Unlock"="AtiUnLockEvent"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=str(2):"crypt32.dll"
    "Logoff"="ChainWlxLogoffEvent"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=str(2):"cryptnet.dll"
    "Logoff"="CryptnetWlxLogoffEvent"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\origami]
    "a"="3259259644838940"
    "b"=dword:0000000f
    "DllName"="C:\WINDOWS\system32\set32.dll"
    "Startup"="DllName"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=str(2):"wlnotify.dll"
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=str(2):"sclgntfy.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=str(2):"wlnotify.dll"
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "c:\\windows\\system32\\colorids0.exe"="c:\\windows\\system32\\colorids0.exe:*:Enabled:colorids0"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\Sports Interactive\\Football Manager 2007\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2007\\fm.exe:*:Enabled:Football Manager 2007"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Wed 22 Dec 2004 76,568 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
    Thu 13 Jan 2005 11,360 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"

    Finished!
    6 Avril 2009 16:45:25

    Je te remercie pour ton aide précieuse!! Je viens de rallumer mon pc je n'ai plus de virus apparement....
    a c 296 8 Sécurité
    a b 9 Windows
    6 Avril 2009 16:50:55

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Refais un scan OTViewIt et poste le rapport.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS