SVP fenetres intempestives
Fermé
diabolo
-
17 janv. 2009 à 16:28
toptitbal Messages postés 25709 Date d'inscription samedi 8 juillet 2006 Statut Contributeur sécurité Dernière intervention 4 mars 2010 - 17 janv. 2009 à 18:52
toptitbal Messages postés 25709 Date d'inscription samedi 8 juillet 2006 Statut Contributeur sécurité Dernière intervention 4 mars 2010 - 17 janv. 2009 à 18:52
A voir également:
- SVP fenetres intempestives
- Afficher toutes les fenetres ouvertes - Guide
- Mon pc ouvre des fenetres tout seul ✓ - Forum Virus
- Clavier qui ouvre des fenetres ✓ - Forum Clavier
- Restaurer les fenetres chrome - Guide
- Gestionnaire de fenêtres du bureau sature la mémoire ✓ - Forum Windows 10
12 réponses
toptitbal
Messages postés
25709
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
2 228
17 janv. 2009 à 16:30
17 janv. 2009 à 16:30
Bonjour
Télécharge le fichier d’installation d’Hijackthis en cliquant sur ce lien
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
* Enregistre HJTInstall.exe sur ton bureau.
* Double-clique sur HJTInstall.exe pour lancer le programme
Tuto : https://www.malekal.com/tutoriel-hijackthis/
http://pagesperso-orange.fr/rginformatique/section%20virus/Hijenr.gif
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
* Accepte la license en cliquant sur le bouton "I Accept"
* Choisis l'option "Do a system scan and save a log file"
* Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
* Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
* Colle le rapport que tu viens de copier sur ce forum
Télécharge le fichier d’installation d’Hijackthis en cliquant sur ce lien
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
* Enregistre HJTInstall.exe sur ton bureau.
* Double-clique sur HJTInstall.exe pour lancer le programme
Tuto : https://www.malekal.com/tutoriel-hijackthis/
http://pagesperso-orange.fr/rginformatique/section%20virus/Hijenr.gif
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
* Accepte la license en cliquant sur le bouton "I Accept"
* Choisis l'option "Do a system scan and save a log file"
* Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
* Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
* Colle le rapport que tu viens de copier sur ce forum
toptitbal
Messages postés
25709
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
2 228
17 janv. 2009 à 16:36
17 janv. 2009 à 16:36
Désactive le contrôle des comptes utilisateurs
(tu le réactiveras après ta désinfection):
* Va dans démarrer puis panneau de configuration
* Double Clique sur l'icône "Comptes d'utilisateurs"
* Clique ensuite sur désactiver et valide.
Tuto : https://forum.malekal.com/viewtopic.php?f=59&t=6517
https://forum.pcastuces.com/navilog_de_il_mafioso_pour_vista-f31s12.htm
Télécharge maintenant Navilog1 depuis-ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
* Enregistre la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée :
* Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis
"Exécuter en tant qu'administrateur".
* Au menu principal, fais le choix 1
Laisse toi guider et patiente.
Patiente jusqu'au message :
*** Analyse Terminée le ..... ***
* Appuie sur une touche le blocnote va s'ouvrir.
Copie-colle l'intégralité du rapport dans une réponse.
* Referme le blocnote
Le rapport fixnavi.txt est en outre sauvegardé dans %systemdrive%.
(tu le réactiveras après ta désinfection):
* Va dans démarrer puis panneau de configuration
* Double Clique sur l'icône "Comptes d'utilisateurs"
* Clique ensuite sur désactiver et valide.
Tuto : https://forum.malekal.com/viewtopic.php?f=59&t=6517
https://forum.pcastuces.com/navilog_de_il_mafioso_pour_vista-f31s12.htm
Télécharge maintenant Navilog1 depuis-ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
* Enregistre la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée :
* Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis
"Exécuter en tant qu'administrateur".
* Au menu principal, fais le choix 1
Laisse toi guider et patiente.
Patiente jusqu'au message :
*** Analyse Terminée le ..... ***
* Appuie sur une touche le blocnote va s'ouvrir.
Copie-colle l'intégralité du rapport dans une réponse.
* Referme le blocnote
Le rapport fixnavi.txt est en outre sauvegardé dans %systemdrive%.
voici le rapport
Search Navipromo version 3.7.1 commencé le 17/01/2009 à 16:40:55,60
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz )
BIOS : Default System BIOS
USER : Audrey ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:31 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go)
E:\ (CD or DVD)
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\Windows" ***
*** Recherche dossiers dans "C:\Program Files" ***
...\MessengerSkinner trouvé !
*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***
...\MessengerSkinner trouvé !
*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***
*** Recherche dossiers dans "C:\ProgramData" ***
*** Recherche dossiers dans "c:\users\audrey\appdata\roaming\micros~1\windows\startm~1\programs" ***
*** Recherche dossiers dans "C:\Users\Audrey\AppData\Local\virtualstore\Program Files" ***
*** Recherche dossiers dans "C:\Users\Audrey\AppData\Local" ***
*** Recherche dossiers dans "C:\Users\Audrey\AppData\Roaming" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\Windows\system32" *
* Recherche dans "C:\Users\Audrey\AppData\Local\Microsoft" *
* Recherche dans "C:\Users\Audrey\AppData\Local\virtualstore\windows\system32" *
* Recherche dans "C:\Users\Audrey\AppData\Local" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!
HKEY_CURRENT_USER\Software\Lanconfig
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"oyygugs"="\"c:\\users\\audrey\\appdata\\local\\oyygugs.exe\" oyygugs"
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\Windows\system32" :
* Dans "C:\Users\Audrey\AppData\Local\Microsoft" :
* Dans "C:\Users\Audrey\AppData\Local\virtualstore\windows\system32" :
* Dans "C:\Users\Audrey\AppData\Local" :
oyygugs.exe trouvé !
oyygugs.dat trouvé !
oyygugs_nav.dat trouvé !
oyygugs_navps.dat trouvé !
3)Recherche Certificats :
Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche autres dossiers et fichiers connus :
*** Analyse terminée le 17/01/2009 à 16:51:46,67 ***
Search Navipromo version 3.7.1 commencé le 17/01/2009 à 16:40:55,60
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz )
BIOS : Default System BIOS
USER : Audrey ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:31 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go)
E:\ (CD or DVD)
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\Windows" ***
*** Recherche dossiers dans "C:\Program Files" ***
...\MessengerSkinner trouvé !
*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***
...\MessengerSkinner trouvé !
*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***
*** Recherche dossiers dans "C:\ProgramData" ***
*** Recherche dossiers dans "c:\users\audrey\appdata\roaming\micros~1\windows\startm~1\programs" ***
*** Recherche dossiers dans "C:\Users\Audrey\AppData\Local\virtualstore\Program Files" ***
*** Recherche dossiers dans "C:\Users\Audrey\AppData\Local" ***
*** Recherche dossiers dans "C:\Users\Audrey\AppData\Roaming" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\Windows\system32" *
* Recherche dans "C:\Users\Audrey\AppData\Local\Microsoft" *
* Recherche dans "C:\Users\Audrey\AppData\Local\virtualstore\windows\system32" *
* Recherche dans "C:\Users\Audrey\AppData\Local" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!
HKEY_CURRENT_USER\Software\Lanconfig
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"oyygugs"="\"c:\\users\\audrey\\appdata\\local\\oyygugs.exe\" oyygugs"
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\Windows\system32" :
* Dans "C:\Users\Audrey\AppData\Local\Microsoft" :
* Dans "C:\Users\Audrey\AppData\Local\virtualstore\windows\system32" :
* Dans "C:\Users\Audrey\AppData\Local" :
oyygugs.exe trouvé !
oyygugs.dat trouvé !
oyygugs_nav.dat trouvé !
oyygugs_navps.dat trouvé !
3)Recherche Certificats :
Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche autres dossiers et fichiers connus :
*** Analyse terminée le 17/01/2009 à 16:51:46,67 ***
toptitbal
Messages postés
25709
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
2 228
17 janv. 2009 à 16:55
17 janv. 2009 à 16:55
Assure-toi que l'UAC-User Account Control -contrôle des comptes utilisateurs est bien désactivé.
Clique-droit sur le raccourci Navilog1 sur le Bureau et choisis "Exécuter en tant qu' Administrateur".
* Sur le menu principal, choisis 2.
* Suis les instructions et patiente.
* L'outil va t'informer qu'il redémarrera ton ordinateur.
* Sauvegarde les documents ouverts, s'il y en a, puis ferme toutes les fenêtres.
* Appuie sur une touche ainsi que demandé.
* Si ton ordinateur ne redémarre pas automatiquement, fais le manuellement.
* Choisis ta session habituelle si nécessaire.
Patiente jusqu'au message *** Nettoyage terminé le ….*** (il se peut que ça prenne un certain temps).
Un document du Bloc-notes est créé. Sauvegarde le rapport de manière à le retrouver.
* Copie/colle le contenu de ce compte-rendu dans ta prochaine réponse.
Referme le Bloc-notes.
Ton Bureau va réapparaître.
Note : Si ton Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Onglet "Processus" > Fichier (menu) > Nouvelle tâche (Exécuter...) > tape explorer et clique sur OK.
Clique-droit sur le raccourci Navilog1 sur le Bureau et choisis "Exécuter en tant qu' Administrateur".
* Sur le menu principal, choisis 2.
* Suis les instructions et patiente.
* L'outil va t'informer qu'il redémarrera ton ordinateur.
* Sauvegarde les documents ouverts, s'il y en a, puis ferme toutes les fenêtres.
* Appuie sur une touche ainsi que demandé.
* Si ton ordinateur ne redémarre pas automatiquement, fais le manuellement.
* Choisis ta session habituelle si nécessaire.
Patiente jusqu'au message *** Nettoyage terminé le ….*** (il se peut que ça prenne un certain temps).
Un document du Bloc-notes est créé. Sauvegarde le rapport de manière à le retrouver.
* Copie/colle le contenu de ce compte-rendu dans ta prochaine réponse.
Referme le Bloc-notes.
Ton Bureau va réapparaître.
Note : Si ton Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Onglet "Processus" > Fichier (menu) > Nouvelle tâche (Exécuter...) > tape explorer et clique sur OK.
voici le rapport
Clean Navipromo version 3.7.1 commencé le 17/01/2009 à 17:01:00,98
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz )
BIOS : Default System BIOS
USER : Audrey ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:31 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go)
E:\ (CD or DVD)
Mode suppression automatique
avec prise en charge résultats Catchme et GNS
Nettoyage exécuté au redémarrage de l'ordinateur
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans "C:\Windows\System32" *
* Suppression dans "C:\Users\Audrey\AppData\Local\Microsoft" *
* Suppression dans "C:\Users\Audrey\AppData\Local\virtualstore\windows\system32" *
* Suppression dans "C:\Users\Audrey\AppData\Local" *
*** Suppression dossiers dans "C:\Windows" ***
*** Suppression dossiers dans "C:\Program Files" ***
...\MessengerSkinner ...suppression...
...\MessengerSkinner supprimé !
*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***
...\MessengerSkinner ...suppression...
...\MessengerSkinner supprimé !
*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***
*** Suppression dossiers dans "C:\ProgramData" ***
*** Suppression dossiers dans c:\users\audrey\appdata\roaming\micros~1\windows\startm~1\programs ***
*** Suppression dossiers dans "C:\Users\Audrey\AppData\Local\virtualstore\Program Files" ***
*** Suppression dossiers dans "C:\Users\Audrey\AppData\Local" ***
*** Suppression dossiers dans "C:\Users\Audrey\AppData\Roaming" ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\Audrey\AppData\Local\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans "C:\Windows\system32" *
* Dans "C:\Users\Audrey\AppData\Local\Microsoft" *
* Dans "C:\Users\Audrey\AppData\Local\virtualstore\windows\system32" *
* Dans "C:\Users\Audrey\AppData\Local" *
oyygugs.exe trouvé !
Copie oyygugs.exe réalisée avec succès !
oyygugs.exe supprimé !
oyygugs.dat trouvé !
Copie oyygugs.dat réalisée avec succès !
oyygugs.dat supprimé !
oyygugs_nav.dat trouvé !
Copie oyygugs_nav.dat réalisée avec succès !
oyygugs_nav.dat supprimé !
oyygugs_navps.dat trouvé !
Copie oyygugs_navps.dat réalisée avec succès !
oyygugs_navps.dat supprimé !
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !
*** Recherche autres dossiers et fichiers connus ***
*** Nettoyage terminé le 17/01/2009 à 17:06:37,87 ***
Clean Navipromo version 3.7.1 commencé le 17/01/2009 à 17:01:00,98
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz )
BIOS : Default System BIOS
USER : Audrey ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:31 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go)
E:\ (CD or DVD)
Mode suppression automatique
avec prise en charge résultats Catchme et GNS
Nettoyage exécuté au redémarrage de l'ordinateur
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans "C:\Windows\System32" *
* Suppression dans "C:\Users\Audrey\AppData\Local\Microsoft" *
* Suppression dans "C:\Users\Audrey\AppData\Local\virtualstore\windows\system32" *
* Suppression dans "C:\Users\Audrey\AppData\Local" *
*** Suppression dossiers dans "C:\Windows" ***
*** Suppression dossiers dans "C:\Program Files" ***
...\MessengerSkinner ...suppression...
...\MessengerSkinner supprimé !
*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***
...\MessengerSkinner ...suppression...
...\MessengerSkinner supprimé !
*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***
*** Suppression dossiers dans "C:\ProgramData" ***
*** Suppression dossiers dans c:\users\audrey\appdata\roaming\micros~1\windows\startm~1\programs ***
*** Suppression dossiers dans "C:\Users\Audrey\AppData\Local\virtualstore\Program Files" ***
*** Suppression dossiers dans "C:\Users\Audrey\AppData\Local" ***
*** Suppression dossiers dans "C:\Users\Audrey\AppData\Roaming" ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\Audrey\AppData\Local\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans "C:\Windows\system32" *
* Dans "C:\Users\Audrey\AppData\Local\Microsoft" *
* Dans "C:\Users\Audrey\AppData\Local\virtualstore\windows\system32" *
* Dans "C:\Users\Audrey\AppData\Local" *
oyygugs.exe trouvé !
Copie oyygugs.exe réalisée avec succès !
oyygugs.exe supprimé !
oyygugs.dat trouvé !
Copie oyygugs.dat réalisée avec succès !
oyygugs.dat supprimé !
oyygugs_nav.dat trouvé !
Copie oyygugs_nav.dat réalisée avec succès !
oyygugs_nav.dat supprimé !
oyygugs_navps.dat trouvé !
Copie oyygugs_navps.dat réalisée avec succès !
oyygugs_navps.dat supprimé !
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !
*** Recherche autres dossiers et fichiers connus ***
*** Nettoyage terminé le 17/01/2009 à 17:06:37,87 ***
toptitbal
Messages postés
25709
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
2 228
17 janv. 2009 à 17:11
17 janv. 2009 à 17:11
OK
Fais un nouvel Hijackthis stp.
Fais un nouvel Hijackthis stp.
voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:33, on 17/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\BR040286.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Users\Audrey\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SweetIM Toolbar Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [NBCore] "C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:33, on 17/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\BR040286.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Users\Audrey\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SweetIM Toolbar Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [NBCore] "C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
toptitbal
Messages postés
25709
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
2 228
17 janv. 2009 à 17:15
17 janv. 2009 à 17:15
C'est bon pour navipromo, on attaque le reste :
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
voici le rapport
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz )
BIOS : Default System BIOS
USER : Audrey ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:33 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go)
E:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 17/01/2009|17:16 )
[ UAC => 0 ]
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar
C:\Program Files\AskTBar\SrchAstt
C:\Program Files\AskTBar\bar\1.bin
C:\Program Files\AskTBar\bar\Cache
C:\Program Files\AskTBar\bar\History
C:\Program Files\AskTBar\bar\Settings
C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL
C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
C:\Program Files\AskTBar\bar\Cache\00021054
C:\Program Files\AskTBar\bar\Cache\000212D4
C:\Program Files\AskTBar\bar\Cache\0002146A.bin
C:\Program Files\AskTBar\bar\Cache\0002163E.bin
C:\Program Files\AskTBar\bar\Cache\00048F63.bin
C:\Program Files\AskTBar\bar\Cache\00049156.bin
C:\Program Files\AskTBar\bar\Cache\files.ini
C:\Program Files\AskTBar\bar\History\search2
C:\Program Files\AskTBar\bar\Settings\prevcfg2.htm
C:\Program Files\AskTBar\SrchAstt\1.bin
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
C:\Users\Audrey\AppData\Roaming\MICROS~1\Windows\Cookies\audrey@mysearch[2].txt
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"SEARCH PAGE"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr/"
"Url"="https://www.msn.com/fr-fr/actualite/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://lo.st"
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
--------------------\\ Recherche d'autres infections
--------------------\\ ROGUES ..
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Spyware-Secure
[ UAC => 1 ]
1 - "C:\ToolBar SD\TB_1.txt" - 17/01/2009|17:16 - Option : [1]
-----------\\ Fin du rapport a 17:16:38,19
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz )
BIOS : Default System BIOS
USER : Audrey ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:33 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go)
E:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 17/01/2009|17:16 )
[ UAC => 0 ]
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar
C:\Program Files\AskTBar\SrchAstt
C:\Program Files\AskTBar\bar\1.bin
C:\Program Files\AskTBar\bar\Cache
C:\Program Files\AskTBar\bar\History
C:\Program Files\AskTBar\bar\Settings
C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL
C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
C:\Program Files\AskTBar\bar\Cache\00021054
C:\Program Files\AskTBar\bar\Cache\000212D4
C:\Program Files\AskTBar\bar\Cache\0002146A.bin
C:\Program Files\AskTBar\bar\Cache\0002163E.bin
C:\Program Files\AskTBar\bar\Cache\00048F63.bin
C:\Program Files\AskTBar\bar\Cache\00049156.bin
C:\Program Files\AskTBar\bar\Cache\files.ini
C:\Program Files\AskTBar\bar\History\search2
C:\Program Files\AskTBar\bar\Settings\prevcfg2.htm
C:\Program Files\AskTBar\SrchAstt\1.bin
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
C:\Users\Audrey\AppData\Roaming\MICROS~1\Windows\Cookies\audrey@mysearch[2].txt
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"SEARCH PAGE"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr/"
"Url"="https://www.msn.com/fr-fr/actualite/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://lo.st"
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
--------------------\\ Recherche d'autres infections
--------------------\\ ROGUES ..
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Spyware-Secure
[ UAC => 1 ]
1 - "C:\ToolBar SD\TB_1.txt" - 17/01/2009|17:16 - Option : [1]
-----------\\ Fin du rapport a 17:16:38,19
toptitbal
Messages postés
25709
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
2 228
17 janv. 2009 à 17:26
17 janv. 2009 à 17:26
Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
voici le rapport
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz )
BIOS : Default System BIOS
USER : Audrey ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:33 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go)
E:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 17/01/2009|17:27 )
[ UAC => 1 ]
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\AskTBar\bar
Supprime! - C:\Program Files\AskTBar\SrchAstt
Supprime! - C:\Users\Audrey\AppData\Roaming\MICROS~1\Windows\Cookies\audrey@mysearch[2].txt
Supprime! - C:\Program Files\AskTBar
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"SEARCH PAGE"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr/"
"Url"="https://www.msn.com/fr-fr/actualite/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
--------------------\\ Recherche d'autres infections
--------------------\\ ROGUES ..
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Spyware-Secure
[ UAC => 1 ]
1 - "C:\ToolBar SD\TB_1.txt" - 17/01/2009|17:16 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 17/01/2009|17:28 - Option : [2]
-----------\\ Fin du rapport a 17:28:31,71
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz )
BIOS : Default System BIOS
USER : Audrey ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:33 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go)
E:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 17/01/2009|17:27 )
[ UAC => 1 ]
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\AskTBar\bar
Supprime! - C:\Program Files\AskTBar\SrchAstt
Supprime! - C:\Users\Audrey\AppData\Roaming\MICROS~1\Windows\Cookies\audrey@mysearch[2].txt
Supprime! - C:\Program Files\AskTBar
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"SEARCH PAGE"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr/"
"Url"="https://www.msn.com/fr-fr/actualite/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
--------------------\\ Recherche d'autres infections
--------------------\\ ROGUES ..
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Spyware-Secure
[ UAC => 1 ]
1 - "C:\ToolBar SD\TB_1.txt" - 17/01/2009|17:16 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 17/01/2009|17:28 - Option : [2]
-----------\\ Fin du rapport a 17:28:31,71
toptitbal
Messages postés
25709
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
2 228
17 janv. 2009 à 17:33
17 janv. 2009 à 17:33
Fais un nouvel Hijackthis stp.
voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:35:28, on 17/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\BR040286.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Users\Audrey\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SweetIM Toolbar Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [NBCore] "C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:35:28, on 17/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\BR040286.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Users\Audrey\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SweetIM Toolbar Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [NBCore] "C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
toptitbal
Messages postés
25709
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
2 228
17 janv. 2009 à 17:39
17 janv. 2009 à 17:39
Télécharge de AD-Remover de Cyrildu17 / C_XX) sur ton Bureau.
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
- Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
- Double-clique sur l'icône Ad-remover située sur ton Bureau.
- Au menu principal, choisis l'option "A".
- Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Note :
"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
- Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
- Double-clique sur l'icône Ad-remover située sur ton Bureau.
- Au menu principal, choisis l'option "A".
- Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Note :
"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
voila je sais pas si c le bon rapport
------- LOGFILE OF AD-REMOVER 1.0.9.3 | ONLY XP/VISTA -------
Updated by C_XX on 17/01/2009 at 12:00
Start at: 17:44:56 | Sat 17/01/2009 | Microsoft® Windows Vista™ Home Premium SP1 (V6.0.6001)
Boot mode: Normal
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: LH-IQ0TM2YJ0X91 | User: Audrey ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\Windows\
System Directory: C:\Windows\System32\
--- Running Processes: 84
+--------------------| Boonty/Boonty Games Elements Found :
.
.
+--------------------| Eorezo Elements Found :
.
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\EOENGINE
.
C:\Program Files\EoRezo
C:\Program Files\EoRezo\EoAdv
C:\Program Files\EoRezo\EoAdv\eoAdv.url
C:\Program Files\EoRezo\EoAdv\EoRezoBho.old
C:\Program Files\EoRezo\EoAdv\tmp
C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.5905
C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.8430
C:\Users\Audrey\AppData\Roaming\EoRezo
C:\Users\Audrey\AppData\Roaming\EoRezo\cmhost.cyp
C:\Users\Audrey\AppData\Roaming\EoRezo\ConfMedia.cyp
C:\Users\Audrey\AppData\Roaming\EoRezo\db
C:\Users\Audrey\AppData\Roaming\EoRezo\eoDesktop
C:\Users\Audrey\AppData\Roaming\EoRezo\host.cyp
C:\Users\Audrey\AppData\Roaming\EoRezo\user.cyp
C:\Users\Audrey\AppData\Roaming\EoRezo\db\cat.cyp
C:\Users\Audrey\AppData\Roaming\EoRezo\eoDesktop\config.xml
C:\Users\Audrey\AppData\Roaming\EoRezo\eoDesktop\eoDesktop.html
C:\Users\Audrey\AppData\Roaming\EoRezo\eoDesktop\userConfig.xml
+--------------------| Everest Casino/Everest Poker Elements Found :
.
.
+--------------------| Funwebproducts/Myway/Mywebsearch/Myglobalsearch Elements Found :
.
.
+--------------------| It's TV Elements Found :
HKCU\SOFTWARE\ItsLabel
HKLM\SOFTWARE\ItsLabel
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ItsTV
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ItsTV_is1
.
C:\Program Files\ItsLabel
C:\Program Files\ItsLabel\ItsTV.exe
C:\Program Files\ItsLabel\ItsTV.url
C:\Program Files\ItsLabel\ItsTV.xml
C:\Program Files\ItsLabel\Loading.swf
C:\Program Files\ItsLabel\unins000.dat
C:\Program Files\ItsLabel\unins000.exe
C:\Users\Audrey\AppData\Roaming\ItsLabel
C:\Users\Audrey\AppData\Roaming\ItsLabel\ItsTV
C:\Users\Audrey\AppData\Roaming\ItsLabel\ItsTV\itsTV.xml
C:\ProgramData\Microsoft\Windows\STartm~1\Programs\ItsLabel
C:\ProgramData\Microsoft\Windows\STartm~1\Programs\ItsLabel\ItsTV.lnk
+--------------------| Sweetim Elements Found :
Process: "SWEETIM.EXE" [PID:~984]
.
HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCR\Installer\Features\5D72AF385B5242D47B69FD47F2805AFC
HKCR\Installer\Features\428C9AFC877ABE7409DCBBD48BC23F84
HKCR\Installer\Features\5D72AF385B5242D47B69FD47F2805AFC
HKCR\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
HKCR\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
HKCR\SWEETIE.IEToolbar
HKCR\SWEETIE.IEToolbar.1
HKCR\SWEETIE.SWEETIE
HKCR\SWEETIE.SWEETIE.3
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
HKCR\Toolbar3.SWEETIE
HKCR\Toolbar3.SWEETIE.1
HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}
HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}
HKCR\MgMediaPlayer.GifAnimator
HKCR\MgMediaPlayer.GifAnimator.1
HKCU\SOFTWARE\SweetIM
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83FA27D5-25B5-4D24-B796-DF742F08A5CF}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CFA9C824-A778-47EB-90CD-BB4DB82CF348}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
HKLM\SOFTWARE\SweetIM
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\SWEETIM
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNETREGISTRY\REGISTRY\USER\S-1-5-21-1516082199-3116397603-3739938318-1000\SOFTWARE\SWEETIM
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\02F47BF73B948514FAACADD8CBBDF37D
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\080D9F5E1E95FEE4794CE438E635239E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\1E264E0A5959A1C46BA9175A878B12EA
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\2E6768B6932D112438F047C54D180635
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\351716A953E21214898904032EAE2E81
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\397C771A7BCAC904697C3EC629ED33ED
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\98CC8BF5A4A6E6C4ABF7051DDAB8B058
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\A189D17A469616C4688D23E192996267
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D15DAF33C220F91468A1D7D57C31ACD7
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D3BA76A44C779424889063D5098ED2D6
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D6D0EB9FDBD90C04D92A7E729058F10D
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\E4748F9A4181FCE46A23C13B517B9420
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\07D5290CDBDAE4242926B8E6CA650501
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\08E33F7B61DEFF24BB9673ED7D467636
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\1AC67655DD68F8240B2860F2D511EBD8
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\34EDDB1BFB3A2D448845F3EFD0F15A43
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\4318DF19719275242801CBE292063A4C
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\4CCCAC049F34D0540AAC13011398BEDB
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5D19F074C042AD34BAB463D4175A062E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\697E782CF574CC34CBB9566440BA12BC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\6AE27A8613CF7EA4782F2886F67295E5
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\7CE172051F585E04187BCB97570BFA74
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\86A901BA5265452499DCBF719C378EE3
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\980289C22F80A7C4BB9323DC61255E4E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\9A4B7EF3789F871419D9302583B20C15
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\A6C53B0F76C44004A8F36716213017DB
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\B59F2D8189784CC46A4597F2842480B0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D149C1355C98DE24E82CEFBD996FE06A
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\DB59FDB786388EA4D897F3EE715683AC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\E337925F629CF4C4FB08F3D9674DD839
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\EC65F200D112357449C8B1BC3CFA03D0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\F327D0C73C0973644A21E8CC852267A0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\FA96423FE2B98E248A3B23548D1E22D9
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\0FF2AEFF45EEA0A48A4B33C1973B6094
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\305B09CE8C53A214DB58887F62F25536
HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCT\428C9AFC877ABE7409DCBBD48BC23F84
HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCT\5D72AF385B5242D47B69FD47F2805AFC
HKLM\~\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\5D72AF385B5242D47B69FD47F2805AFC
HKLM\~\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\428C9AFC877ABE7409DCBBD48BC23F84
HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCT\428C9AFC877ABE7409DCBBD48BC23F84
HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCT\5D72AF385B5242D47B69FD47F2805AFC
.
C:\Windows\INSTALLER\d9f02f.msi
C:\Windows\INSTALLER\d9f035.msi
C:\Program Files\SweetIM
C:\Program Files\SweetIM\Messenger
C:\Program Files\SweetIM\Toolbars
C:\Program Files\SweetIM\Messenger\default.xml
C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll
C:\Program Files\SweetIM\Messenger\mgAIMAuto.dll
C:\Program Files\SweetIM\Messenger\mgAIMMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\mgArchive.dll
C:\Program Files\SweetIM\Messenger\mgcommon.dll
C:\Program Files\SweetIM\Messenger\mgcommunication.dll
C:\Program Files\SweetIM\Messenger\mgconfig.dll
C:\Program Files\SweetIM\Messenger\mgFlashPlayer.dll
C:\Program Files\SweetIM\Messenger\mghooking.dll
C:\Program Files\SweetIM\Messenger\mgIEPlayer.dll
C:\Program Files\SweetIM\Messenger\mglogger.dll
C:\Program Files\SweetIM\Messenger\mgMediaPlayer.dll
C:\Program Files\SweetIM\Messenger\mgMsnAuto.dll
C:\Program Files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\mgsimcommon.dll
C:\Program Files\SweetIM\Messenger\mgSweetIM.dll
C:\Program Files\SweetIM\Messenger\mgUpdateSupport.dll
C:\Program Files\SweetIM\Messenger\mgxml_wrapper.dll
C:\Program Files\SweetIM\Messenger\mgYahooAuto.dll
C:\Program Files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\msvcp71.dll
C:\Program Files\SweetIM\Messenger\msvcr71.dll
C:\Program Files\SweetIM\Messenger\resources
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SweetIM\Messenger\resources\images
C:\Program Files\SweetIM\Messenger\resources\images\AudibleButton.png
C:\Program Files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
C:\Program Files\SweetIM\Messenger\resources\images\EmoticonButton.png
C:\Program Files\SweetIM\Messenger\resources\images\NudgeButton.png
C:\Program Files\SweetIM\Messenger\resources\images\SoundFxButton.png
C:\Program Files\SweetIM\Messenger\resources\images\WinksButton.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer
C:\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf
C:\Program Files\SweetIM\Toolbars\Internet Explorer\default.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\msvcp71.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\msvcr71.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources
C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Bookmarks_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Email_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Games_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Greetingcards_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Logo.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Mobile_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Music_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\News_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Shoping_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\sweetimicons.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
C:\ProgramData\SweetIM
C:\ProgramData\SweetIM\Messenger
C:\ProgramData\SweetIM\Messenger\conf
C:\ProgramData\SweetIM\Messenger\data
C:\ProgramData\SweetIM\Messenger\logs
C:\ProgramData\SweetIM\Messenger\update
C:\ProgramData\SweetIM\Messenger\conf\adapter.xml
C:\ProgramData\SweetIM\Messenger\conf\autoupdate.xml
C:\ProgramData\SweetIM\Messenger\conf\logger.xml
C:\ProgramData\SweetIM\Messenger\conf\messages.xml
C:\ProgramData\SweetIM\Messenger\conf\sweetim.xml
C:\ProgramData\SweetIM\Messenger\conf\sweetimapp.xml
C:\ProgramData\SweetIM\Messenger\conf\users
C:\ProgramData\SweetIM\Messenger\conf\users\ale141077@hotmail.fr
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr
C:\ProgramData\SweetIM\Messenger\conf\users\main_user_config.xml
C:\ProgramData\SweetIM\Messenger\conf\users\r.rateau@hotmail.fr
C:\ProgramData\SweetIM\Messenger\conf\users\ale141077@hotmail.fr\emoticons_shortcut.xml
C:\ProgramData\SweetIM\Messenger\conf\users\ale141077@hotmail.fr\user_config.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\emoticons_shortcut.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\lastuse_Audibles.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\lastuse_DisplayPictures.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\lastuse_Emoticons.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\lastuse_SoundFX.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\lastuse_SpecialFX.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\lastuse_Winks.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\user_config.xml
C:\ProgramData\SweetIM\Messenger\conf\users\r.rateau@hotmail.fr\emoticons_shortcut.xml
C:\ProgramData\SweetIM\Messenger\conf\users\r.rateau@hotmail.fr\user_config.xml
C:\ProgramData\SweetIM\Messenger\data\contentdb
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100AA.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100AC.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100AD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100AF.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100B3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100B5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100B6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100B7.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100B8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100B9.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100BA.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100C0.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100C1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100C3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100CF.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100D2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100D3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100D9.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100DA.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100DE.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100E7.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100E8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100FD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010101.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010104.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010105.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010107.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001010A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001010B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001010D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001010F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010119.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001011D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001011E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001011F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010121.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010123.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010814.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010817.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010819.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001081A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001081C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001081D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001081E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001083F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010844.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010845.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010846.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001084D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001084F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010853.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010856.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010859.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001085C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001085D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010861.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010863.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010865.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010868.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001086C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001086F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010871.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001088A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001088C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001088D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001088E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010890.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010891.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010892.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010893.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010894.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010896.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010897.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010898.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010899.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001089A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001089D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001089E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A0.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A4.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A9.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108AA.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108AB.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108AC.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108AF.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B0.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B4.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B7.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B9.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108BD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C4.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C7.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C9.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108CB.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108CC.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108CE.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D0.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D4.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D7.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108DD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108DE.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108E2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108E3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108E5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108E8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108F0.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108F1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108F2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108F4.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108FB.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108FD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108FF.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010900.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010901.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010902.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010904.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010907.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001090C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001090D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010919.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001091A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010923.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010926.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001092B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001092C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010943.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001094A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001094F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010952.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010953.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0002006A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0002006C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00020071.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00020075.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000200C0.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00020158.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00020185.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000201DA.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000201F5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00020217.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000202A6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000202BA.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0002030A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0002030C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0002030D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003003C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003003F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003004A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003004B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003005D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00030063.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00030069.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003006B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003007B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00030082.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003008C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00030096.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00030098.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003009D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300A1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300A2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300A3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300A6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300A8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300AC.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300AD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300B1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300B2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040014.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040024.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040046.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040049.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0004005A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040081.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000400A3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000400B8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000400DD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000400DF.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040102.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040108.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040109.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0004010F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0004011A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00050005.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0006007D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000600B6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000601A1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000601B8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00060211.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0006021B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00060235.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0006023E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008000B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008000C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008000D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008000F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080011.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080012.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080016.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080017.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080019.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008001A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008001B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008001D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008001E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008001F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080020.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080021.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080023.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080024.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080025.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080026.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080027.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080028.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080029.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008002F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080030.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080031.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008003B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008003D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008003E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008003F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080040.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080043.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008004F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080050.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080051.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080052.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080055.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080056.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008005C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008005F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080060.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080061.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080062.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\010108A7.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\01050001.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\01050002.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\01050007.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\cache_indx.dat
C:\Users\Audrey\AppData\LocalLow\SweetIM
C:\Users\Audrey\AppData\LocalLow\SweetIM\Toolbars
C:\Users\Audrey\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer
C:\Users\Audrey\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache
C:\Users\Audrey\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\7ecfc800b3946bda26c32bca50a3f4eb.games.bmp
C:\Users\Audrey\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\f64a71f602d078aa84829e36b8992194.toolbar31.xml
C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Cookies\audrey@www.sweetim[2].txt
+--------------------| Added Scan :
~~~~ INTERNET EXPLORER VERSION 7.0.6001.18000 ~~~~
+--[HKEY_CURRENT_USER\..\INTERNET EXPLORER\MAIN]
Start page : hxxp://msn.com/
+--[HKEY_LOCAL_MACHINE\..\INTERNET EXPLORER\MAIN]
Start page : hxxp://www.msn.com/
+---------------------------------------------------------------------------+
[~32120 BYTES] - "C:\AD-REPORT-SCAN-17.01.2009.LOG"
End at: 17:45:34 | 17/01/2009 - Time elapsed: 37.6 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 533 Lines ]
+---------------------------------------------------------------------------+
------- LOGFILE OF AD-REMOVER 1.0.9.3 | ONLY XP/VISTA -------
Updated by C_XX on 17/01/2009 at 12:00
Start at: 17:44:56 | Sat 17/01/2009 | Microsoft® Windows Vista™ Home Premium SP1 (V6.0.6001)
Boot mode: Normal
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: LH-IQ0TM2YJ0X91 | User: Audrey ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\Windows\
System Directory: C:\Windows\System32\
--- Running Processes: 84
+--------------------| Boonty/Boonty Games Elements Found :
.
.
+--------------------| Eorezo Elements Found :
.
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\EOENGINE
.
C:\Program Files\EoRezo
C:\Program Files\EoRezo\EoAdv
C:\Program Files\EoRezo\EoAdv\eoAdv.url
C:\Program Files\EoRezo\EoAdv\EoRezoBho.old
C:\Program Files\EoRezo\EoAdv\tmp
C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.5905
C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.8430
C:\Users\Audrey\AppData\Roaming\EoRezo
C:\Users\Audrey\AppData\Roaming\EoRezo\cmhost.cyp
C:\Users\Audrey\AppData\Roaming\EoRezo\ConfMedia.cyp
C:\Users\Audrey\AppData\Roaming\EoRezo\db
C:\Users\Audrey\AppData\Roaming\EoRezo\eoDesktop
C:\Users\Audrey\AppData\Roaming\EoRezo\host.cyp
C:\Users\Audrey\AppData\Roaming\EoRezo\user.cyp
C:\Users\Audrey\AppData\Roaming\EoRezo\db\cat.cyp
C:\Users\Audrey\AppData\Roaming\EoRezo\eoDesktop\config.xml
C:\Users\Audrey\AppData\Roaming\EoRezo\eoDesktop\eoDesktop.html
C:\Users\Audrey\AppData\Roaming\EoRezo\eoDesktop\userConfig.xml
+--------------------| Everest Casino/Everest Poker Elements Found :
.
.
+--------------------| Funwebproducts/Myway/Mywebsearch/Myglobalsearch Elements Found :
.
.
+--------------------| It's TV Elements Found :
HKCU\SOFTWARE\ItsLabel
HKLM\SOFTWARE\ItsLabel
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ItsTV
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ItsTV_is1
.
C:\Program Files\ItsLabel
C:\Program Files\ItsLabel\ItsTV.exe
C:\Program Files\ItsLabel\ItsTV.url
C:\Program Files\ItsLabel\ItsTV.xml
C:\Program Files\ItsLabel\Loading.swf
C:\Program Files\ItsLabel\unins000.dat
C:\Program Files\ItsLabel\unins000.exe
C:\Users\Audrey\AppData\Roaming\ItsLabel
C:\Users\Audrey\AppData\Roaming\ItsLabel\ItsTV
C:\Users\Audrey\AppData\Roaming\ItsLabel\ItsTV\itsTV.xml
C:\ProgramData\Microsoft\Windows\STartm~1\Programs\ItsLabel
C:\ProgramData\Microsoft\Windows\STartm~1\Programs\ItsLabel\ItsTV.lnk
+--------------------| Sweetim Elements Found :
Process: "SWEETIM.EXE" [PID:~984]
.
HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCR\Installer\Features\5D72AF385B5242D47B69FD47F2805AFC
HKCR\Installer\Features\428C9AFC877ABE7409DCBBD48BC23F84
HKCR\Installer\Features\5D72AF385B5242D47B69FD47F2805AFC
HKCR\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
HKCR\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
HKCR\SWEETIE.IEToolbar
HKCR\SWEETIE.IEToolbar.1
HKCR\SWEETIE.SWEETIE
HKCR\SWEETIE.SWEETIE.3
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
HKCR\Toolbar3.SWEETIE
HKCR\Toolbar3.SWEETIE.1
HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}
HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}
HKCR\MgMediaPlayer.GifAnimator
HKCR\MgMediaPlayer.GifAnimator.1
HKCU\SOFTWARE\SweetIM
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83FA27D5-25B5-4D24-B796-DF742F08A5CF}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CFA9C824-A778-47EB-90CD-BB4DB82CF348}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
HKLM\SOFTWARE\SweetIM
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\SWEETIM
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNETREGISTRY\REGISTRY\USER\S-1-5-21-1516082199-3116397603-3739938318-1000\SOFTWARE\SWEETIM
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\02F47BF73B948514FAACADD8CBBDF37D
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\080D9F5E1E95FEE4794CE438E635239E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\1E264E0A5959A1C46BA9175A878B12EA
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\2E6768B6932D112438F047C54D180635
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\351716A953E21214898904032EAE2E81
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\397C771A7BCAC904697C3EC629ED33ED
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\98CC8BF5A4A6E6C4ABF7051DDAB8B058
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\A189D17A469616C4688D23E192996267
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D15DAF33C220F91468A1D7D57C31ACD7
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D3BA76A44C779424889063D5098ED2D6
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D6D0EB9FDBD90C04D92A7E729058F10D
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\E4748F9A4181FCE46A23C13B517B9420
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\07D5290CDBDAE4242926B8E6CA650501
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\08E33F7B61DEFF24BB9673ED7D467636
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\1AC67655DD68F8240B2860F2D511EBD8
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\34EDDB1BFB3A2D448845F3EFD0F15A43
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\4318DF19719275242801CBE292063A4C
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\4CCCAC049F34D0540AAC13011398BEDB
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5D19F074C042AD34BAB463D4175A062E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\697E782CF574CC34CBB9566440BA12BC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\6AE27A8613CF7EA4782F2886F67295E5
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\7CE172051F585E04187BCB97570BFA74
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\86A901BA5265452499DCBF719C378EE3
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\980289C22F80A7C4BB9323DC61255E4E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\9A4B7EF3789F871419D9302583B20C15
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\A6C53B0F76C44004A8F36716213017DB
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\B59F2D8189784CC46A4597F2842480B0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D149C1355C98DE24E82CEFBD996FE06A
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\DB59FDB786388EA4D897F3EE715683AC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\E337925F629CF4C4FB08F3D9674DD839
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\EC65F200D112357449C8B1BC3CFA03D0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\F327D0C73C0973644A21E8CC852267A0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\FA96423FE2B98E248A3B23548D1E22D9
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\0FF2AEFF45EEA0A48A4B33C1973B6094
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\305B09CE8C53A214DB58887F62F25536
HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCT\428C9AFC877ABE7409DCBBD48BC23F84
HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCT\5D72AF385B5242D47B69FD47F2805AFC
HKLM\~\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\5D72AF385B5242D47B69FD47F2805AFC
HKLM\~\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\428C9AFC877ABE7409DCBBD48BC23F84
HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCT\428C9AFC877ABE7409DCBBD48BC23F84
HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCT\5D72AF385B5242D47B69FD47F2805AFC
.
C:\Windows\INSTALLER\d9f02f.msi
C:\Windows\INSTALLER\d9f035.msi
C:\Program Files\SweetIM
C:\Program Files\SweetIM\Messenger
C:\Program Files\SweetIM\Toolbars
C:\Program Files\SweetIM\Messenger\default.xml
C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll
C:\Program Files\SweetIM\Messenger\mgAIMAuto.dll
C:\Program Files\SweetIM\Messenger\mgAIMMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\mgArchive.dll
C:\Program Files\SweetIM\Messenger\mgcommon.dll
C:\Program Files\SweetIM\Messenger\mgcommunication.dll
C:\Program Files\SweetIM\Messenger\mgconfig.dll
C:\Program Files\SweetIM\Messenger\mgFlashPlayer.dll
C:\Program Files\SweetIM\Messenger\mghooking.dll
C:\Program Files\SweetIM\Messenger\mgIEPlayer.dll
C:\Program Files\SweetIM\Messenger\mglogger.dll
C:\Program Files\SweetIM\Messenger\mgMediaPlayer.dll
C:\Program Files\SweetIM\Messenger\mgMsnAuto.dll
C:\Program Files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\mgsimcommon.dll
C:\Program Files\SweetIM\Messenger\mgSweetIM.dll
C:\Program Files\SweetIM\Messenger\mgUpdateSupport.dll
C:\Program Files\SweetIM\Messenger\mgxml_wrapper.dll
C:\Program Files\SweetIM\Messenger\mgYahooAuto.dll
C:\Program Files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\msvcp71.dll
C:\Program Files\SweetIM\Messenger\msvcr71.dll
C:\Program Files\SweetIM\Messenger\resources
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SweetIM\Messenger\resources\images
C:\Program Files\SweetIM\Messenger\resources\images\AudibleButton.png
C:\Program Files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
C:\Program Files\SweetIM\Messenger\resources\images\EmoticonButton.png
C:\Program Files\SweetIM\Messenger\resources\images\NudgeButton.png
C:\Program Files\SweetIM\Messenger\resources\images\SoundFxButton.png
C:\Program Files\SweetIM\Messenger\resources\images\WinksButton.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer
C:\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf
C:\Program Files\SweetIM\Toolbars\Internet Explorer\default.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\msvcp71.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\msvcr71.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources
C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Bookmarks_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Email_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Games_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Greetingcards_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Logo.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Mobile_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Music_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\News_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Shoping_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\sweetimicons.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
C:\ProgramData\SweetIM
C:\ProgramData\SweetIM\Messenger
C:\ProgramData\SweetIM\Messenger\conf
C:\ProgramData\SweetIM\Messenger\data
C:\ProgramData\SweetIM\Messenger\logs
C:\ProgramData\SweetIM\Messenger\update
C:\ProgramData\SweetIM\Messenger\conf\adapter.xml
C:\ProgramData\SweetIM\Messenger\conf\autoupdate.xml
C:\ProgramData\SweetIM\Messenger\conf\logger.xml
C:\ProgramData\SweetIM\Messenger\conf\messages.xml
C:\ProgramData\SweetIM\Messenger\conf\sweetim.xml
C:\ProgramData\SweetIM\Messenger\conf\sweetimapp.xml
C:\ProgramData\SweetIM\Messenger\conf\users
C:\ProgramData\SweetIM\Messenger\conf\users\ale141077@hotmail.fr
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr
C:\ProgramData\SweetIM\Messenger\conf\users\main_user_config.xml
C:\ProgramData\SweetIM\Messenger\conf\users\r.rateau@hotmail.fr
C:\ProgramData\SweetIM\Messenger\conf\users\ale141077@hotmail.fr\emoticons_shortcut.xml
C:\ProgramData\SweetIM\Messenger\conf\users\ale141077@hotmail.fr\user_config.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\emoticons_shortcut.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\lastuse_Audibles.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\lastuse_DisplayPictures.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\lastuse_Emoticons.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\lastuse_SoundFX.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\lastuse_SpecialFX.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\lastuse_Winks.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\user_config.xml
C:\ProgramData\SweetIM\Messenger\conf\users\r.rateau@hotmail.fr\emoticons_shortcut.xml
C:\ProgramData\SweetIM\Messenger\conf\users\r.rateau@hotmail.fr\user_config.xml
C:\ProgramData\SweetIM\Messenger\data\contentdb
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100AA.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100AC.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100AD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100AF.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100B3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100B5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100B6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100B7.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100B8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100B9.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100BA.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100C0.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100C1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100C3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100CF.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100D2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100D3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100D9.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100DA.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100DE.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100E7.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100E8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100FD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010101.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010104.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010105.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010107.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001010A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001010B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001010D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001010F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010119.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001011D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001011E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001011F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010121.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010123.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010814.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010817.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010819.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001081A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001081C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001081D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001081E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001083F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010844.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010845.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010846.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001084D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001084F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010853.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010856.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010859.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001085C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001085D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010861.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010863.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010865.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010868.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001086C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001086F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010871.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001088A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001088C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001088D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001088E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010890.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010891.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010892.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010893.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010894.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010896.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010897.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010898.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010899.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001089A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001089D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001089E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A0.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A4.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A9.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108AA.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108AB.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108AC.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108AF.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B0.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B4.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B7.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B9.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108BD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C4.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C7.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C9.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108CB.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108CC.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108CE.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D0.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D4.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D7.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108DD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108DE.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108E2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108E3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108E5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108E8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108F0.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108F1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108F2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108F4.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108FB.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108FD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108FF.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010900.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010901.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010902.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010904.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010907.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001090C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001090D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010919.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001091A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010923.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010926.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001092B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001092C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010943.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001094A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001094F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010952.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010953.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0002006A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0002006C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00020071.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00020075.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000200C0.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00020158.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00020185.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000201DA.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000201F5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00020217.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000202A6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000202BA.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0002030A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0002030C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0002030D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003003C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003003F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003004A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003004B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003005D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00030063.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00030069.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003006B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003007B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00030082.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003008C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00030096.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00030098.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003009D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300A1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300A2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300A3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300A6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300A8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300AC.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300AD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300B1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300B2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040014.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040024.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040046.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040049.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0004005A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040081.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000400A3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000400B8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000400DD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000400DF.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040102.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040108.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040109.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0004010F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0004011A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00050005.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0006007D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000600B6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000601A1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000601B8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00060211.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0006021B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00060235.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0006023E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008000B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008000C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008000D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008000F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080011.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080012.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080016.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080017.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080019.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008001A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008001B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008001D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008001E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008001F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080020.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080021.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080023.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080024.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080025.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080026.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080027.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080028.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080029.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008002F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080030.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080031.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008003B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008003D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008003E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008003F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080040.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080043.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008004F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080050.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080051.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080052.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080055.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080056.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008005C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008005F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080060.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080061.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080062.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\010108A7.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\01050001.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\01050002.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\01050007.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\cache_indx.dat
C:\Users\Audrey\AppData\LocalLow\SweetIM
C:\Users\Audrey\AppData\LocalLow\SweetIM\Toolbars
C:\Users\Audrey\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer
C:\Users\Audrey\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache
C:\Users\Audrey\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\7ecfc800b3946bda26c32bca50a3f4eb.games.bmp
C:\Users\Audrey\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\f64a71f602d078aa84829e36b8992194.toolbar31.xml
C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Cookies\audrey@www.sweetim[2].txt
+--------------------| Added Scan :
~~~~ INTERNET EXPLORER VERSION 7.0.6001.18000 ~~~~
+--[HKEY_CURRENT_USER\..\INTERNET EXPLORER\MAIN]
Start page : hxxp://msn.com/
+--[HKEY_LOCAL_MACHINE\..\INTERNET EXPLORER\MAIN]
Start page : hxxp://www.msn.com/
+---------------------------------------------------------------------------+
[~32120 BYTES] - "C:\AD-REPORT-SCAN-17.01.2009.LOG"
End at: 17:45:34 | 17/01/2009 - Time elapsed: 37.6 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 533 Lines ]
+---------------------------------------------------------------------------+
toptitbal
Messages postés
25709
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
2 228
17 janv. 2009 à 18:06
17 janv. 2009 à 18:06
Relance "Ad-remover" : au menu principal choisi l'option "B" .
A l'écran de sélection choisis A : supprimer tout.
Puis choisis "S", le programme va travailler,
Poste le rapport qui apparait à la fin.
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
A l'écran de sélection choisis A : supprimer tout.
Puis choisis "S", le programme va travailler,
Poste le rapport qui apparait à la fin.
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
voila je sais pas si c le bon rapport mais j'ai que celui la
------- LOGFILE OF AD-REMOVER 1.0.9.3 | ONLY XP/VISTA -------
Updated by C_XX on 17/01/2009 at 12:00
Start at: 17:44:56 | Sat 17/01/2009 | Microsoft® Windows Vista™ Home Premium SP1 (V6.0.6001)
Boot mode: Normal
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: LH-IQ0TM2YJ0X91 | User: Audrey ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\Windows\
System Directory: C:\Windows\System32\
--- Running Processes: 84
+--------------------| Boonty/Boonty Games Elements Found :
.
.
+--------------------| Eorezo Elements Found :
.
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\EOENGINE
.
C:\Program Files\EoRezo
C:\Program Files\EoRezo\EoAdv
C:\Program Files\EoRezo\EoAdv\eoAdv.url
C:\Program Files\EoRezo\EoAdv\EoRezoBho.old
C:\Program Files\EoRezo\EoAdv\tmp
C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.5905
C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.8430
C:\Users\Audrey\AppData\Roaming\EoRezo
C:\Users\Audrey\AppData\Roaming\EoRezo\cmhost.cyp
C:\Users\Audrey\AppData\Roaming\EoRezo\ConfMedia.cyp
C:\Users\Audrey\AppData\Roaming\EoRezo\db
C:\Users\Audrey\AppData\Roaming\EoRezo\eoDesktop
C:\Users\Audrey\AppData\Roaming\EoRezo\host.cyp
C:\Users\Audrey\AppData\Roaming\EoRezo\user.cyp
C:\Users\Audrey\AppData\Roaming\EoRezo\db\cat.cyp
C:\Users\Audrey\AppData\Roaming\EoRezo\eoDesktop\config.xml
C:\Users\Audrey\AppData\Roaming\EoRezo\eoDesktop\eoDesktop.html
C:\Users\Audrey\AppData\Roaming\EoRezo\eoDesktop\userConfig.xml
+--------------------| Everest Casino/Everest Poker Elements Found :
.
.
+--------------------| Funwebproducts/Myway/Mywebsearch/Myglobalsearch Elements Found :
.
.
+--------------------| It's TV Elements Found :
HKCU\SOFTWARE\ItsLabel
HKLM\SOFTWARE\ItsLabel
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ItsTV
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ItsTV_is1
.
C:\Program Files\ItsLabel
C:\Program Files\ItsLabel\ItsTV.exe
C:\Program Files\ItsLabel\ItsTV.url
C:\Program Files\ItsLabel\ItsTV.xml
C:\Program Files\ItsLabel\Loading.swf
C:\Program Files\ItsLabel\unins000.dat
C:\Program Files\ItsLabel\unins000.exe
C:\Users\Audrey\AppData\Roaming\ItsLabel
C:\Users\Audrey\AppData\Roaming\ItsLabel\ItsTV
C:\Users\Audrey\AppData\Roaming\ItsLabel\ItsTV\itsTV.xml
C:\ProgramData\Microsoft\Windows\STartm~1\Programs\ItsLabel
C:\ProgramData\Microsoft\Windows\STartm~1\Programs\ItsLabel\ItsTV.lnk
+--------------------| Sweetim Elements Found :
Process: "SWEETIM.EXE" [PID:~984]
.
HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCR\Installer\Features\5D72AF385B5242D47B69FD47F2805AFC
HKCR\Installer\Features\428C9AFC877ABE7409DCBBD48BC23F84
HKCR\Installer\Features\5D72AF385B5242D47B69FD47F2805AFC
HKCR\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
HKCR\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
HKCR\SWEETIE.IEToolbar
HKCR\SWEETIE.IEToolbar.1
HKCR\SWEETIE.SWEETIE
HKCR\SWEETIE.SWEETIE.3
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
HKCR\Toolbar3.SWEETIE
HKCR\Toolbar3.SWEETIE.1
HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}
HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}
HKCR\MgMediaPlayer.GifAnimator
HKCR\MgMediaPlayer.GifAnimator.1
HKCU\SOFTWARE\SweetIM
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83FA27D5-25B5-4D24-B796-DF742F08A5CF}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CFA9C824-A778-47EB-90CD-BB4DB82CF348}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
HKLM\SOFTWARE\SweetIM
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\SWEETIM
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNETREGISTRY\REGISTRY\USER\S-1-5-21-1516082199-3116397603-3739938318-1000\SOFTWARE\SWEETIM
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\02F47BF73B948514FAACADD8CBBDF37D
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\080D9F5E1E95FEE4794CE438E635239E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\1E264E0A5959A1C46BA9175A878B12EA
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\2E6768B6932D112438F047C54D180635
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\351716A953E21214898904032EAE2E81
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\397C771A7BCAC904697C3EC629ED33ED
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\98CC8BF5A4A6E6C4ABF7051DDAB8B058
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\A189D17A469616C4688D23E192996267
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D15DAF33C220F91468A1D7D57C31ACD7
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D3BA76A44C779424889063D5098ED2D6
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D6D0EB9FDBD90C04D92A7E729058F10D
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\E4748F9A4181FCE46A23C13B517B9420
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\07D5290CDBDAE4242926B8E6CA650501
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\08E33F7B61DEFF24BB9673ED7D467636
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\1AC67655DD68F8240B2860F2D511EBD8
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\34EDDB1BFB3A2D448845F3EFD0F15A43
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\4318DF19719275242801CBE292063A4C
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\4CCCAC049F34D0540AAC13011398BEDB
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5D19F074C042AD34BAB463D4175A062E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\697E782CF574CC34CBB9566440BA12BC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\6AE27A8613CF7EA4782F2886F67295E5
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\7CE172051F585E04187BCB97570BFA74
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\86A901BA5265452499DCBF719C378EE3
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\980289C22F80A7C4BB9323DC61255E4E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\9A4B7EF3789F871419D9302583B20C15
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\A6C53B0F76C44004A8F36716213017DB
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\B59F2D8189784CC46A4597F2842480B0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D149C1355C98DE24E82CEFBD996FE06A
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\DB59FDB786388EA4D897F3EE715683AC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\E337925F629CF4C4FB08F3D9674DD839
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\EC65F200D112357449C8B1BC3CFA03D0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\F327D0C73C0973644A21E8CC852267A0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\FA96423FE2B98E248A3B23548D1E22D9
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\0FF2AEFF45EEA0A48A4B33C1973B6094
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\305B09CE8C53A214DB58887F62F25536
HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCT\428C9AFC877ABE7409DCBBD48BC23F84
HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCT\5D72AF385B5242D47B69FD47F2805AFC
HKLM\~\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\5D72AF385B5242D47B69FD47F2805AFC
HKLM\~\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\428C9AFC877ABE7409DCBBD48BC23F84
HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCT\428C9AFC877ABE7409DCBBD48BC23F84
HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCT\5D72AF385B5242D47B69FD47F2805AFC
.
C:\Windows\INSTALLER\d9f02f.msi
C:\Windows\INSTALLER\d9f035.msi
C:\Program Files\SweetIM
C:\Program Files\SweetIM\Messenger
C:\Program Files\SweetIM\Toolbars
C:\Program Files\SweetIM\Messenger\default.xml
C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll
C:\Program Files\SweetIM\Messenger\mgAIMAuto.dll
C:\Program Files\SweetIM\Messenger\mgAIMMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\mgArchive.dll
C:\Program Files\SweetIM\Messenger\mgcommon.dll
C:\Program Files\SweetIM\Messenger\mgcommunication.dll
C:\Program Files\SweetIM\Messenger\mgconfig.dll
C:\Program Files\SweetIM\Messenger\mgFlashPlayer.dll
C:\Program Files\SweetIM\Messenger\mghooking.dll
C:\Program Files\SweetIM\Messenger\mgIEPlayer.dll
C:\Program Files\SweetIM\Messenger\mglogger.dll
C:\Program Files\SweetIM\Messenger\mgMediaPlayer.dll
C:\Program Files\SweetIM\Messenger\mgMsnAuto.dll
C:\Program Files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\mgsimcommon.dll
C:\Program Files\SweetIM\Messenger\mgSweetIM.dll
C:\Program Files\SweetIM\Messenger\mgUpdateSupport.dll
C:\Program Files\SweetIM\Messenger\mgxml_wrapper.dll
C:\Program Files\SweetIM\Messenger\mgYahooAuto.dll
C:\Program Files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\msvcp71.dll
C:\Program Files\SweetIM\Messenger\msvcr71.dll
C:\Program Files\SweetIM\Messenger\resources
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SweetIM\Messenger\resources\images
C:\Program Files\SweetIM\Messenger\resources\images\AudibleButton.png
C:\Program Files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
C:\Program Files\SweetIM\Messenger\resources\images\EmoticonButton.png
C:\Program Files\SweetIM\Messenger\resources\images\NudgeButton.png
C:\Program Files\SweetIM\Messenger\resources\images\SoundFxButton.png
C:\Program Files\SweetIM\Messenger\resources\images\WinksButton.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer
C:\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf
C:\Program Files\SweetIM\Toolbars\Internet Explorer\default.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\msvcp71.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\msvcr71.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources
C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Bookmarks_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Email_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Games_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Greetingcards_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Logo.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Mobile_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Music_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\News_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Shoping_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\sweetimicons.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
C:\ProgramData\SweetIM
C:\ProgramData\SweetIM\Messenger
C:\ProgramData\SweetIM\Messenger\conf
C:\ProgramData\SweetIM\Messenger\data
C:\ProgramData\SweetIM\Messenger\logs
C:\ProgramData\SweetIM\Messenger\update
C:\ProgramData\SweetIM\Messenger\conf\adapter.xml
C:\ProgramData\SweetIM\Messenger\conf\autoupdate.xml
C:\ProgramData\SweetIM\Messenger\conf\logger.xml
C:\ProgramData\SweetIM\Messenger\conf\messages.xml
C:\ProgramData\SweetIM\Messenger\conf\sweetim.xml
C:\ProgramData\SweetIM\Messenger\conf\sweetimapp.xml
C:\ProgramData\SweetIM\Messenger\conf\users
C:\ProgramData\SweetIM\Messenger\conf\users\ale141077@hotmail.fr
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr
C:\ProgramData\SweetIM\Messenger\conf\users\main_user_config.xml
C:\ProgramData\SweetIM\Messenger\conf\users\r.rateau@hotmail.fr
C:\ProgramData\SweetIM\Messenger\conf\users\ale141077@hotmail.fr\emoticons_shortcut.xml
C:\ProgramData\SweetIM\Messenger\conf\users\ale141077@hotmail.fr\user_config.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\emoticons_shortcut.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\lastuse_Audibles.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\lastuse_DisplayPictures.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\lastuse_Emoticons.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\lastuse_SoundFX.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\lastuse_SpecialFX.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\lastuse_Winks.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\user_config.xml
C:\ProgramData\SweetIM\Messenger\conf\users\r.rateau@hotmail.fr\emoticons_shortcut.xml
C:\ProgramData\SweetIM\Messenger\conf\users\r.rateau@hotmail.fr\user_config.xml
C:\ProgramData\SweetIM\Messenger\data\contentdb
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100AA.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100AC.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100AD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100AF.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100B3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100B5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100B6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100B7.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100B8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100B9.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100BA.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100C0.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100C1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100C3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100CF.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100D2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100D3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100D9.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100DA.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100DE.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100E7.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100E8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100FD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010101.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010104.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010105.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010107.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001010A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001010B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001010D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001010F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010119.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001011D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001011E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001011F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010121.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010123.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010814.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010817.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010819.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001081A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001081C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001081D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001081E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001083F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010844.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010845.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010846.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001084D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001084F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010853.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010856.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010859.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001085C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001085D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010861.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010863.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010865.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010868.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001086C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001086F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010871.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001088A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001088C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001088D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001088E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010890.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010891.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010892.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010893.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010894.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010896.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010897.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010898.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010899.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001089A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001089D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001089E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A0.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A4.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A9.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108AA.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108AB.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108AC.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108AF.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B0.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B4.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B7.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B9.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108BD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C4.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C7.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C9.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108CB.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108CC.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108CE.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D0.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D4.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D7.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108DD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108DE.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108E2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108E3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108E5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108E8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108F0.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108F1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108F2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108F4.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108FB.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108FD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108FF.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010900.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010901.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010902.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010904.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010907.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001090C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001090D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010919.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001091A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010923.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010926.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001092B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001092C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010943.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001094A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001094F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010952.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010953.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0002006A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0002006C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00020071.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00020075.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000200C0.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00020158.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00020185.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000201DA.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000201F5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00020217.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000202A6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000202BA.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0002030A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0002030C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0002030D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003003C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003003F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003004A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003004B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003005D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00030063.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00030069.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003006B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003007B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00030082.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003008C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00030096.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00030098.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003009D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300A1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300A2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300A3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300A6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300A8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300AC.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300AD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300B1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300B2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040014.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040024.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040046.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040049.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0004005A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040081.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000400A3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000400B8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000400DD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000400DF.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040102.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040108.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040109.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0004010F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0004011A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00050005.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0006007D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000600B6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000601A1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000601B8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00060211.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0006021B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00060235.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0006023E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008000B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008000C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008000D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008000F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080011.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080012.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080016.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080017.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080019.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008001A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008001B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008001D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008001E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008001F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080020.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080021.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080023.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080024.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080025.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080026.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080027.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080028.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080029.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008002F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080030.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080031.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008003B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008003D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008003E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008003F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080040.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080043.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008004F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080050.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080051.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080052.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080055.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080056.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008005C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008005F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080060.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080061.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080062.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\010108A7.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\01050001.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\01050002.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\01050007.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\cache_indx.dat
C:\Users\Audrey\AppData\LocalLow\SweetIM
C:\Users\Audrey\AppData\LocalLow\SweetIM\Toolbars
C:\Users\Audrey\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer
C:\Users\Audrey\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache
C:\Users\Audrey\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\7ecfc800b3946bda26c32bca50a3f4eb.games.bmp
C:\Users\Audrey\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\f64a71f602d078aa84829e36b8992194.toolbar31.xml
C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Cookies\audrey@www.sweetim[2].txt
+--------------------| Added Scan :
~~~~ INTERNET EXPLORER VERSION 7.0.6001.18000 ~~~~
+--[HKEY_CURRENT_USER\..\INTERNET EXPLORER\MAIN]
Start page : hxxp://msn.com/
+--[HKEY_LOCAL_MACHINE\..\INTERNET EXPLORER\MAIN]
Start page : hxxp://www.msn.com/
+---------------------------------------------------------------------------+
[~32120 BYTES] - "C:\AD-REPORT-SCAN-17.01.2009.LOG"
End at: 17:45:34 | 17/01/2009 - Time elapsed: 37.6 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 533 Lines ]
+---------------------------------------------------------------------------+
------- LOGFILE OF AD-REMOVER 1.0.9.3 | ONLY XP/VISTA -------
Updated by C_XX on 17/01/2009 at 12:00
Start at: 17:44:56 | Sat 17/01/2009 | Microsoft® Windows Vista™ Home Premium SP1 (V6.0.6001)
Boot mode: Normal
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: LH-IQ0TM2YJ0X91 | User: Audrey ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\Windows\
System Directory: C:\Windows\System32\
--- Running Processes: 84
+--------------------| Boonty/Boonty Games Elements Found :
.
.
+--------------------| Eorezo Elements Found :
.
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\EOENGINE
.
C:\Program Files\EoRezo
C:\Program Files\EoRezo\EoAdv
C:\Program Files\EoRezo\EoAdv\eoAdv.url
C:\Program Files\EoRezo\EoAdv\EoRezoBho.old
C:\Program Files\EoRezo\EoAdv\tmp
C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.5905
C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.8430
C:\Users\Audrey\AppData\Roaming\EoRezo
C:\Users\Audrey\AppData\Roaming\EoRezo\cmhost.cyp
C:\Users\Audrey\AppData\Roaming\EoRezo\ConfMedia.cyp
C:\Users\Audrey\AppData\Roaming\EoRezo\db
C:\Users\Audrey\AppData\Roaming\EoRezo\eoDesktop
C:\Users\Audrey\AppData\Roaming\EoRezo\host.cyp
C:\Users\Audrey\AppData\Roaming\EoRezo\user.cyp
C:\Users\Audrey\AppData\Roaming\EoRezo\db\cat.cyp
C:\Users\Audrey\AppData\Roaming\EoRezo\eoDesktop\config.xml
C:\Users\Audrey\AppData\Roaming\EoRezo\eoDesktop\eoDesktop.html
C:\Users\Audrey\AppData\Roaming\EoRezo\eoDesktop\userConfig.xml
+--------------------| Everest Casino/Everest Poker Elements Found :
.
.
+--------------------| Funwebproducts/Myway/Mywebsearch/Myglobalsearch Elements Found :
.
.
+--------------------| It's TV Elements Found :
HKCU\SOFTWARE\ItsLabel
HKLM\SOFTWARE\ItsLabel
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ItsTV
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ItsTV_is1
.
C:\Program Files\ItsLabel
C:\Program Files\ItsLabel\ItsTV.exe
C:\Program Files\ItsLabel\ItsTV.url
C:\Program Files\ItsLabel\ItsTV.xml
C:\Program Files\ItsLabel\Loading.swf
C:\Program Files\ItsLabel\unins000.dat
C:\Program Files\ItsLabel\unins000.exe
C:\Users\Audrey\AppData\Roaming\ItsLabel
C:\Users\Audrey\AppData\Roaming\ItsLabel\ItsTV
C:\Users\Audrey\AppData\Roaming\ItsLabel\ItsTV\itsTV.xml
C:\ProgramData\Microsoft\Windows\STartm~1\Programs\ItsLabel
C:\ProgramData\Microsoft\Windows\STartm~1\Programs\ItsLabel\ItsTV.lnk
+--------------------| Sweetim Elements Found :
Process: "SWEETIM.EXE" [PID:~984]
.
HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCR\Installer\Features\5D72AF385B5242D47B69FD47F2805AFC
HKCR\Installer\Features\428C9AFC877ABE7409DCBBD48BC23F84
HKCR\Installer\Features\5D72AF385B5242D47B69FD47F2805AFC
HKCR\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
HKCR\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
HKCR\SWEETIE.IEToolbar
HKCR\SWEETIE.IEToolbar.1
HKCR\SWEETIE.SWEETIE
HKCR\SWEETIE.SWEETIE.3
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
HKCR\Toolbar3.SWEETIE
HKCR\Toolbar3.SWEETIE.1
HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}
HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}
HKCR\MgMediaPlayer.GifAnimator
HKCR\MgMediaPlayer.GifAnimator.1
HKCU\SOFTWARE\SweetIM
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83FA27D5-25B5-4D24-B796-DF742F08A5CF}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CFA9C824-A778-47EB-90CD-BB4DB82CF348}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
HKLM\SOFTWARE\SweetIM
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\SWEETIM
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNETREGISTRY\REGISTRY\USER\S-1-5-21-1516082199-3116397603-3739938318-1000\SOFTWARE\SWEETIM
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\02F47BF73B948514FAACADD8CBBDF37D
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\080D9F5E1E95FEE4794CE438E635239E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\1E264E0A5959A1C46BA9175A878B12EA
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\2E6768B6932D112438F047C54D180635
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\351716A953E21214898904032EAE2E81
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\397C771A7BCAC904697C3EC629ED33ED
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\98CC8BF5A4A6E6C4ABF7051DDAB8B058
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\A189D17A469616C4688D23E192996267
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D15DAF33C220F91468A1D7D57C31ACD7
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D3BA76A44C779424889063D5098ED2D6
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D6D0EB9FDBD90C04D92A7E729058F10D
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\E4748F9A4181FCE46A23C13B517B9420
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\07D5290CDBDAE4242926B8E6CA650501
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\08E33F7B61DEFF24BB9673ED7D467636
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\1AC67655DD68F8240B2860F2D511EBD8
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\34EDDB1BFB3A2D448845F3EFD0F15A43
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\4318DF19719275242801CBE292063A4C
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\4CCCAC049F34D0540AAC13011398BEDB
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5D19F074C042AD34BAB463D4175A062E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\697E782CF574CC34CBB9566440BA12BC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\6AE27A8613CF7EA4782F2886F67295E5
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\7CE172051F585E04187BCB97570BFA74
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\86A901BA5265452499DCBF719C378EE3
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\980289C22F80A7C4BB9323DC61255E4E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\9A4B7EF3789F871419D9302583B20C15
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\A6C53B0F76C44004A8F36716213017DB
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\B59F2D8189784CC46A4597F2842480B0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D149C1355C98DE24E82CEFBD996FE06A
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\DB59FDB786388EA4D897F3EE715683AC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\E337925F629CF4C4FB08F3D9674DD839
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\EC65F200D112357449C8B1BC3CFA03D0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\F327D0C73C0973644A21E8CC852267A0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\FA96423FE2B98E248A3B23548D1E22D9
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\0FF2AEFF45EEA0A48A4B33C1973B6094
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\305B09CE8C53A214DB58887F62F25536
HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCT\428C9AFC877ABE7409DCBBD48BC23F84
HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCT\5D72AF385B5242D47B69FD47F2805AFC
HKLM\~\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\5D72AF385B5242D47B69FD47F2805AFC
HKLM\~\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\428C9AFC877ABE7409DCBBD48BC23F84
HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCT\428C9AFC877ABE7409DCBBD48BC23F84
HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCT\5D72AF385B5242D47B69FD47F2805AFC
.
C:\Windows\INSTALLER\d9f02f.msi
C:\Windows\INSTALLER\d9f035.msi
C:\Program Files\SweetIM
C:\Program Files\SweetIM\Messenger
C:\Program Files\SweetIM\Toolbars
C:\Program Files\SweetIM\Messenger\default.xml
C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll
C:\Program Files\SweetIM\Messenger\mgAIMAuto.dll
C:\Program Files\SweetIM\Messenger\mgAIMMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\mgArchive.dll
C:\Program Files\SweetIM\Messenger\mgcommon.dll
C:\Program Files\SweetIM\Messenger\mgcommunication.dll
C:\Program Files\SweetIM\Messenger\mgconfig.dll
C:\Program Files\SweetIM\Messenger\mgFlashPlayer.dll
C:\Program Files\SweetIM\Messenger\mghooking.dll
C:\Program Files\SweetIM\Messenger\mgIEPlayer.dll
C:\Program Files\SweetIM\Messenger\mglogger.dll
C:\Program Files\SweetIM\Messenger\mgMediaPlayer.dll
C:\Program Files\SweetIM\Messenger\mgMsnAuto.dll
C:\Program Files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\mgsimcommon.dll
C:\Program Files\SweetIM\Messenger\mgSweetIM.dll
C:\Program Files\SweetIM\Messenger\mgUpdateSupport.dll
C:\Program Files\SweetIM\Messenger\mgxml_wrapper.dll
C:\Program Files\SweetIM\Messenger\mgYahooAuto.dll
C:\Program Files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\msvcp71.dll
C:\Program Files\SweetIM\Messenger\msvcr71.dll
C:\Program Files\SweetIM\Messenger\resources
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SweetIM\Messenger\resources\images
C:\Program Files\SweetIM\Messenger\resources\images\AudibleButton.png
C:\Program Files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
C:\Program Files\SweetIM\Messenger\resources\images\EmoticonButton.png
C:\Program Files\SweetIM\Messenger\resources\images\NudgeButton.png
C:\Program Files\SweetIM\Messenger\resources\images\SoundFxButton.png
C:\Program Files\SweetIM\Messenger\resources\images\WinksButton.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer
C:\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf
C:\Program Files\SweetIM\Toolbars\Internet Explorer\default.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\msvcp71.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\msvcr71.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources
C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Bookmarks_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Email_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Games_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Greetingcards_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Logo.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Mobile_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Music_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\News_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Shoping_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\sweetimicons.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
C:\ProgramData\SweetIM
C:\ProgramData\SweetIM\Messenger
C:\ProgramData\SweetIM\Messenger\conf
C:\ProgramData\SweetIM\Messenger\data
C:\ProgramData\SweetIM\Messenger\logs
C:\ProgramData\SweetIM\Messenger\update
C:\ProgramData\SweetIM\Messenger\conf\adapter.xml
C:\ProgramData\SweetIM\Messenger\conf\autoupdate.xml
C:\ProgramData\SweetIM\Messenger\conf\logger.xml
C:\ProgramData\SweetIM\Messenger\conf\messages.xml
C:\ProgramData\SweetIM\Messenger\conf\sweetim.xml
C:\ProgramData\SweetIM\Messenger\conf\sweetimapp.xml
C:\ProgramData\SweetIM\Messenger\conf\users
C:\ProgramData\SweetIM\Messenger\conf\users\ale141077@hotmail.fr
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr
C:\ProgramData\SweetIM\Messenger\conf\users\main_user_config.xml
C:\ProgramData\SweetIM\Messenger\conf\users\r.rateau@hotmail.fr
C:\ProgramData\SweetIM\Messenger\conf\users\ale141077@hotmail.fr\emoticons_shortcut.xml
C:\ProgramData\SweetIM\Messenger\conf\users\ale141077@hotmail.fr\user_config.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\emoticons_shortcut.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\lastuse_Audibles.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\lastuse_DisplayPictures.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\lastuse_Emoticons.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\lastuse_SoundFX.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\lastuse_SpecialFX.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\lastuse_Winks.xml
C:\ProgramData\SweetIM\Messenger\conf\users\audrey03600@hotmail.fr\user_config.xml
C:\ProgramData\SweetIM\Messenger\conf\users\r.rateau@hotmail.fr\emoticons_shortcut.xml
C:\ProgramData\SweetIM\Messenger\conf\users\r.rateau@hotmail.fr\user_config.xml
C:\ProgramData\SweetIM\Messenger\data\contentdb
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100AA.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100AC.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100AD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100AF.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100B3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100B5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100B6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100B7.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100B8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100B9.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100BA.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100C0.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100C1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100C3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100CF.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100D2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100D3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100D9.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100DA.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100DE.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100E7.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100E8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000100FD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010101.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010104.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010105.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010107.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001010A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001010B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001010D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001010F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010119.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001011D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001011E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001011F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010121.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010123.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010814.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010817.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010819.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001081A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001081C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001081D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001081E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001083F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010844.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010845.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010846.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001084D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001084F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010853.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010856.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010859.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001085C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001085D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010861.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010863.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010865.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010868.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001086C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001086F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010871.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001088A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001088C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001088D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001088E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010890.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010891.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010892.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010893.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010894.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010896.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010897.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010898.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010899.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001089A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001089D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001089E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A0.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A4.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108A9.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108AA.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108AB.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108AC.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108AF.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B0.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B4.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B7.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108B9.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108BD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C4.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C7.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108C9.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108CB.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108CC.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108CE.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D0.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D4.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108D7.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108DD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108DE.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108E2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108E3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108E5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108E8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108F0.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108F1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108F2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108F4.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108FB.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108FD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000108FF.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010900.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010901.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010902.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010904.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010907.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001090C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001090D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010919.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001091A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010923.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010926.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001092B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001092C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010943.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001094A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0001094F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010952.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00010953.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0002006A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0002006C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00020071.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00020075.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000200C0.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00020158.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00020185.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000201DA.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000201F5.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00020217.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000202A6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000202BA.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0002030A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0002030C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0002030D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003003C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003003F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003004A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003004B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003005D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00030063.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00030069.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003006B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003007B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00030082.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003008C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00030096.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00030098.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0003009D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300A1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300A2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300A3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300A6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300A8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300AC.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300AD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300B1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000300B2.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040014.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040024.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040046.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040049.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0004005A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040081.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000400A3.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000400B8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000400DD.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000400DF.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040102.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040108.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00040109.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0004010F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0004011A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00050005.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0006007D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000600B6.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000601A1.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\000601B8.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00060211.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0006021B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00060235.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0006023E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008000B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008000C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008000D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008000F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080011.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080012.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080016.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080017.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080019.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008001A.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008001B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008001D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008001E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008001F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080020.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080021.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080023.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080024.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080025.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080026.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080027.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080028.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080029.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008002F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080030.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080031.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008003B.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008003D.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008003E.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008003F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080040.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080043.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008004F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080050.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080051.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080052.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080055.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080056.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008005C.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\0008005F.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080060.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080061.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\00080062.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\010108A7.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\01050001.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\01050002.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\01050007.dat
C:\ProgramData\SweetIM\Messenger\data\contentdb\cache_indx.dat
C:\Users\Audrey\AppData\LocalLow\SweetIM
C:\Users\Audrey\AppData\LocalLow\SweetIM\Toolbars
C:\Users\Audrey\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer
C:\Users\Audrey\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache
C:\Users\Audrey\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\7ecfc800b3946bda26c32bca50a3f4eb.games.bmp
C:\Users\Audrey\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\f64a71f602d078aa84829e36b8992194.toolbar31.xml
C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Cookies\audrey@www.sweetim[2].txt
+--------------------| Added Scan :
~~~~ INTERNET EXPLORER VERSION 7.0.6001.18000 ~~~~
+--[HKEY_CURRENT_USER\..\INTERNET EXPLORER\MAIN]
Start page : hxxp://msn.com/
+--[HKEY_LOCAL_MACHINE\..\INTERNET EXPLORER\MAIN]
Start page : hxxp://www.msn.com/
+---------------------------------------------------------------------------+
[~32120 BYTES] - "C:\AD-REPORT-SCAN-17.01.2009.LOG"
End at: 17:45:34 | 17/01/2009 - Time elapsed: 37.6 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 533 Lines ]
+---------------------------------------------------------------------------+
toptitbal
Messages postés
25709
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
2 228
17 janv. 2009 à 18:19
17 janv. 2009 à 18:19
Tu as recollé le même rapport.
Il faudrait celui de l'option suppression.
Il faudrait celui de l'option suppression.
toptitbal
Messages postés
25709
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
2 228
17 janv. 2009 à 18:26
17 janv. 2009 à 18:26
UAC toujours désactivé ? Méfie-toi, on a fait tools Bar et il le réactive.
Clic droit "en tant qu'administrateur" ?
Clic droit "en tant qu'administrateur" ?
ouf voici le rapport
------- LOGFILE OF AD-REMOVER 1.0.9.3 | ONLY XP/VISTA -------
Updated by C_XX on 17/01/2009 at 12:00
*** LIMITED TO ***
Boonty/Boontygames
Eorezo
Everest casino/Everest poker
Funwebproduct/Myway/Mywebsearch
It's TV
Sweetim
******************
Start at: 18:30:25 | Sat 17/01/2009 | Microsoft® Windows Vista™ Home Premium SP1 (V6.0.6001)
Boot mode: Normal
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: LH-IQ0TM2YJ0X91 | User: Audrey ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\Windows\
System Directory: C:\Windows\System32\
--- Running Processes: 84
(!) ---- IE start pages reset
+--------------------| Boonty/Boonty Games Elements Deleted :
.
.
+--------------------| Eorezo Elements Deleted :
.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\EOENGINE
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
.
C:\Program Files\EoRezo
C:\Users\Audrey\AppData\Roaming\EoRezo
+--------------------| Everest Casino/Everest Poker Elements Deleted :
.
.
+--------------------| Funwebproducts/Myway/Mywebsearch/Myglobalsearch Elements Deleted :
.
HKCR\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
.
+--------------------| It's TV Elements Deleted :
HKCU\SOFTWARE\ItsLabel
HKLM\SOFTWARE\ItsLabel
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ItsTV
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ItsTV_is1
.
C:\Program Files\ItsLabel
C:\Users\Audrey\AppData\Roaming\ItsLabel
C:\ProgramData\Microsoft\Windows\STartm~1\Programs\ItsLabel
+--------------------| Sweetim Elements Deleted :
Process: "SWEETIM.EXE" [PID:~1736]
.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\SWEETIM
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNETREGISTRY\REGISTRY\USER\S-1-5-21-1516082199-3116397603-3739938318-1000\SOFTWARE\SWEETIM
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\02F47BF73B948514FAACADD8CBBDF37D
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\080D9F5E1E95FEE4794CE438E635239E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\1E264E0A5959A1C46BA9175A878B12EA
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\2E6768B6932D112438F047C54D180635
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\351716A953E21214898904032EAE2E81
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\397C771A7BCAC904697C3EC629ED33ED
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\98CC8BF5A4A6E6C4ABF7051DDAB8B058
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\A189D17A469616C4688D23E192996267
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D15DAF33C220F91468A1D7D57C31ACD7
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D3BA76A44C779424889063D5098ED2D6
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D6D0EB9FDBD90C04D92A7E729058F10D
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\E4748F9A4181FCE46A23C13B517B9420
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\07D5290CDBDAE4242926B8E6CA650501
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\08E33F7B61DEFF24BB9673ED7D467636
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\1AC67655DD68F8240B2860F2D511EBD8
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\34EDDB1BFB3A2D448845F3EFD0F15A43
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\4318DF19719275242801CBE292063A4C
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\4CCCAC049F34D0540AAC13011398BEDB
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5D19F074C042AD34BAB463D4175A062E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\697E782CF574CC34CBB9566440BA12BC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\6AE27A8613CF7EA4782F2886F67295E5
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\7CE172051F585E04187BCB97570BFA74
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\86A901BA5265452499DCBF719C378EE3
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\980289C22F80A7C4BB9323DC61255E4E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\9A4B7EF3789F871419D9302583B20C15
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\A6C53B0F76C44004A8F36716213017DB
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\B59F2D8189784CC46A4597F2842480B0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D149C1355C98DE24E82CEFBD996FE06A
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\DB59FDB786388EA4D897F3EE715683AC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\E337925F629CF4C4FB08F3D9674DD839
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\EC65F200D112357449C8B1BC3CFA03D0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\F327D0C73C0973644A21E8CC852267A0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\FA96423FE2B98E248A3B23548D1E22D9
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\0FF2AEFF45EEA0A48A4B33C1973B6094
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\305B09CE8C53A214DB58887F62F25536
HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCT\428C9AFC877ABE7409DCBBD48BC23F84
HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCT\5D72AF385B5242D47B69FD47F2805AFC
HKLM\~\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\5D72AF385B5242D47B69FD47F2805AFC
HKLM\~\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\428C9AFC877ABE7409DCBBD48BC23F84
HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCR\Installer\Features\5D72AF385B5242D47B69FD47F2805AFC
HKCR\Installer\Features\428C9AFC877ABE7409DCBBD48BC23F84
HKCR\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
HKCR\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
HKCR\SWEETIE.IEToolbar
HKCR\SWEETIE.IEToolbar.1
HKCR\SWEETIE.SWEETIE
HKCR\SWEETIE.SWEETIE.3
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
HKCR\Toolbar3.SWEETIE
HKCR\Toolbar3.SWEETIE.1
HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}
HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}
HKCR\MgMediaPlayer.GifAnimator
HKCR\MgMediaPlayer.GifAnimator.1
HKCU\SOFTWARE\SweetIM
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83FA27D5-25B5-4D24-B796-DF742F08A5CF}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CFA9C824-A778-47EB-90CD-BB4DB82CF348}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
HKLM\SOFTWARE\SweetIM
.
C:\Windows\INSTALLER\d9f02f.msi
C:\Windows\INSTALLER\d9f035.msi
/!\ NOT DELETED - C:\Program Files\SweetIM
/!\ NOT DELETED - C:\Program Files\SweetIM\Messenger
/!\ NOT DELETED - C:\Program Files\SweetIM\Toolbars
/!\ NOT DELETED - C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll
/!\ NOT DELETED - C:\Program Files\SweetIM\Messenger\msvcr71.dll
/!\ NOT DELETED - C:\Program Files\SweetIM\Toolbars\Internet Explorer
/!\ NOT DELETED - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
/!\ NOT DELETED - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
/!\ NOT DELETED - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
/!\ NOT DELETED - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
/!\ NOT DELETED - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
/!\ NOT DELETED - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
/!\ NOT DELETED - C:\Program Files\SweetIM\Toolbars\Internet Explorer\msvcp71.dll
C:\ProgramData\SweetIM
C:\Users\Audrey\AppData\LocalLow\SweetIM
C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Cookies\audrey@www.sweetim[2].txt
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
************* /!\ FILE(S)/FOLDER(S) NOT DELETED /!\ *************
"C:\Program Files\SweetIM\Messenger"
"C:\Program Files\SweetIM\Toolbars"
"C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll"
"C:\Program Files\SweetIM\Messenger\msvcr71.dll"
"C:\Program Files\SweetIM\Toolbars\Internet Explorer"
"C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll"
"C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll"
"C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll"
"C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll"
"C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll"
"C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll"
"C:\Program Files\SweetIM\Toolbars\Internet Explorer\msvcp71.dll"
SECOND RUN ...
/!\ RESIST ! - "C:\Program Files\SweetIM\Messenger"
/!\ RESIST ! - "C:\Program Files\SweetIM\Toolbars"
/!\ RESIST ! - "C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll"
/!\ RESIST ! - "C:\Program Files\SweetIM\Messenger\msvcr71.dll"
/!\ RESIST ! - "C:\Program Files\SweetIM\Toolbars\Internet Explorer"
/!\ RESIST ! - "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll"
/!\ RESIST ! - "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll"
/!\ RESIST ! - "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll"
/!\ RESIST ! - "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll"
/!\ RESIST ! - "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll"
/!\ RESIST ! - "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll"
/!\ RESIST ! - "C:\Program Files\SweetIM\Toolbars\Internet Explorer\msvcp71.dll"
+--------------------| Added Scan :
+---------------------------------------------------------------------------+
~~~~ INTERNET EXPLORER VERSION 7.0.6001.18000 ~~~~
+--[HKEY_CURRENT_USER\..\INTERNET EXPLORER\MAIN]
Start page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\INTERNET EXPLORER\MAIN]
Start page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
[~11441 BYTES] - "C:\AD-REPORT-CLEAN-17.01.2009.LOG"
[~32454 BYTES] - "C:\AD-REPORT-SCAN-17.01.2009.LOG"
End at: 18:33:09 | 17/01/2009 - Time elapsed: 2 minutes, 44 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 200 Lines ]
+---------------------------------------------------------------------------+
------- LOGFILE OF AD-REMOVER 1.0.9.3 | ONLY XP/VISTA -------
Updated by C_XX on 17/01/2009 at 12:00
*** LIMITED TO ***
Boonty/Boontygames
Eorezo
Everest casino/Everest poker
Funwebproduct/Myway/Mywebsearch
It's TV
Sweetim
******************
Start at: 18:30:25 | Sat 17/01/2009 | Microsoft® Windows Vista™ Home Premium SP1 (V6.0.6001)
Boot mode: Normal
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: LH-IQ0TM2YJ0X91 | User: Audrey ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\Windows\
System Directory: C:\Windows\System32\
--- Running Processes: 84
(!) ---- IE start pages reset
+--------------------| Boonty/Boonty Games Elements Deleted :
.
.
+--------------------| Eorezo Elements Deleted :
.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\EOENGINE
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
.
C:\Program Files\EoRezo
C:\Users\Audrey\AppData\Roaming\EoRezo
+--------------------| Everest Casino/Everest Poker Elements Deleted :
.
.
+--------------------| Funwebproducts/Myway/Mywebsearch/Myglobalsearch Elements Deleted :
.
HKCR\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
.
+--------------------| It's TV Elements Deleted :
HKCU\SOFTWARE\ItsLabel
HKLM\SOFTWARE\ItsLabel
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ItsTV
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ItsTV_is1
.
C:\Program Files\ItsLabel
C:\Users\Audrey\AppData\Roaming\ItsLabel
C:\ProgramData\Microsoft\Windows\STartm~1\Programs\ItsLabel
+--------------------| Sweetim Elements Deleted :
Process: "SWEETIM.EXE" [PID:~1736]
.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\SWEETIM
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNETREGISTRY\REGISTRY\USER\S-1-5-21-1516082199-3116397603-3739938318-1000\SOFTWARE\SWEETIM
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\02F47BF73B948514FAACADD8CBBDF37D
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\080D9F5E1E95FEE4794CE438E635239E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\1E264E0A5959A1C46BA9175A878B12EA
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\2E6768B6932D112438F047C54D180635
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\351716A953E21214898904032EAE2E81
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\397C771A7BCAC904697C3EC629ED33ED
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\98CC8BF5A4A6E6C4ABF7051DDAB8B058
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\A189D17A469616C4688D23E192996267
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D15DAF33C220F91468A1D7D57C31ACD7
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D3BA76A44C779424889063D5098ED2D6
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D6D0EB9FDBD90C04D92A7E729058F10D
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\E4748F9A4181FCE46A23C13B517B9420
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\07D5290CDBDAE4242926B8E6CA650501
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\08E33F7B61DEFF24BB9673ED7D467636
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\1AC67655DD68F8240B2860F2D511EBD8
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\34EDDB1BFB3A2D448845F3EFD0F15A43
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\4318DF19719275242801CBE292063A4C
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\4CCCAC049F34D0540AAC13011398BEDB
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5D19F074C042AD34BAB463D4175A062E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\697E782CF574CC34CBB9566440BA12BC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\6AE27A8613CF7EA4782F2886F67295E5
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\7CE172051F585E04187BCB97570BFA74
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\86A901BA5265452499DCBF719C378EE3
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\980289C22F80A7C4BB9323DC61255E4E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\9A4B7EF3789F871419D9302583B20C15
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\A6C53B0F76C44004A8F36716213017DB
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\B59F2D8189784CC46A4597F2842480B0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D149C1355C98DE24E82CEFBD996FE06A
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\DB59FDB786388EA4D897F3EE715683AC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\E337925F629CF4C4FB08F3D9674DD839
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\EC65F200D112357449C8B1BC3CFA03D0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\F327D0C73C0973644A21E8CC852267A0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\FA96423FE2B98E248A3B23548D1E22D9
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\0FF2AEFF45EEA0A48A4B33C1973B6094
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\305B09CE8C53A214DB58887F62F25536
HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCT\428C9AFC877ABE7409DCBBD48BC23F84
HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCT\5D72AF385B5242D47B69FD47F2805AFC
HKLM\~\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\5D72AF385B5242D47B69FD47F2805AFC
HKLM\~\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\428C9AFC877ABE7409DCBBD48BC23F84
HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCR\Installer\Features\5D72AF385B5242D47B69FD47F2805AFC
HKCR\Installer\Features\428C9AFC877ABE7409DCBBD48BC23F84
HKCR\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
HKCR\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
HKCR\SWEETIE.IEToolbar
HKCR\SWEETIE.IEToolbar.1
HKCR\SWEETIE.SWEETIE
HKCR\SWEETIE.SWEETIE.3
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
HKCR\Toolbar3.SWEETIE
HKCR\Toolbar3.SWEETIE.1
HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}
HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}
HKCR\MgMediaPlayer.GifAnimator
HKCR\MgMediaPlayer.GifAnimator.1
HKCU\SOFTWARE\SweetIM
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83FA27D5-25B5-4D24-B796-DF742F08A5CF}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CFA9C824-A778-47EB-90CD-BB4DB82CF348}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
HKLM\SOFTWARE\SweetIM
.
C:\Windows\INSTALLER\d9f02f.msi
C:\Windows\INSTALLER\d9f035.msi
/!\ NOT DELETED - C:\Program Files\SweetIM
/!\ NOT DELETED - C:\Program Files\SweetIM\Messenger
/!\ NOT DELETED - C:\Program Files\SweetIM\Toolbars
/!\ NOT DELETED - C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll
/!\ NOT DELETED - C:\Program Files\SweetIM\Messenger\msvcr71.dll
/!\ NOT DELETED - C:\Program Files\SweetIM\Toolbars\Internet Explorer
/!\ NOT DELETED - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
/!\ NOT DELETED - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
/!\ NOT DELETED - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
/!\ NOT DELETED - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
/!\ NOT DELETED - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
/!\ NOT DELETED - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
/!\ NOT DELETED - C:\Program Files\SweetIM\Toolbars\Internet Explorer\msvcp71.dll
C:\ProgramData\SweetIM
C:\Users\Audrey\AppData\LocalLow\SweetIM
C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Cookies\audrey@www.sweetim[2].txt
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
************* /!\ FILE(S)/FOLDER(S) NOT DELETED /!\ *************
"C:\Program Files\SweetIM\Messenger"
"C:\Program Files\SweetIM\Toolbars"
"C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll"
"C:\Program Files\SweetIM\Messenger\msvcr71.dll"
"C:\Program Files\SweetIM\Toolbars\Internet Explorer"
"C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll"
"C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll"
"C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll"
"C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll"
"C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll"
"C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll"
"C:\Program Files\SweetIM\Toolbars\Internet Explorer\msvcp71.dll"
SECOND RUN ...
/!\ RESIST ! - "C:\Program Files\SweetIM\Messenger"
/!\ RESIST ! - "C:\Program Files\SweetIM\Toolbars"
/!\ RESIST ! - "C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll"
/!\ RESIST ! - "C:\Program Files\SweetIM\Messenger\msvcr71.dll"
/!\ RESIST ! - "C:\Program Files\SweetIM\Toolbars\Internet Explorer"
/!\ RESIST ! - "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll"
/!\ RESIST ! - "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll"
/!\ RESIST ! - "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll"
/!\ RESIST ! - "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll"
/!\ RESIST ! - "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll"
/!\ RESIST ! - "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll"
/!\ RESIST ! - "C:\Program Files\SweetIM\Toolbars\Internet Explorer\msvcp71.dll"
+--------------------| Added Scan :
+---------------------------------------------------------------------------+
~~~~ INTERNET EXPLORER VERSION 7.0.6001.18000 ~~~~
+--[HKEY_CURRENT_USER\..\INTERNET EXPLORER\MAIN]
Start page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\INTERNET EXPLORER\MAIN]
Start page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
[~11441 BYTES] - "C:\AD-REPORT-CLEAN-17.01.2009.LOG"
[~32454 BYTES] - "C:\AD-REPORT-SCAN-17.01.2009.LOG"
End at: 18:33:09 | 17/01/2009 - Time elapsed: 2 minutes, 44 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 200 Lines ]
+---------------------------------------------------------------------------+
rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:35:29, on 17/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\BR040286.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Audrey\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [NBCore] "C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:35:29, on 17/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\BR040286.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Audrey\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [NBCore] "C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
toptitbal
Messages postés
25709
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
2 228
17 janv. 2009 à 18:52
17 janv. 2009 à 18:52
Il reste des morceaux de SweetIM et des résidus de barres d'outils.
On va essayer de nettoyer tout ça :
---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant ci-dessous :
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
On va essayer de nettoyer tout ça :
---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
:files
c:\program files\asktbar\srchastt\1.bin\a5srchas.dll
c:\program files\asktbar\bar\1.bin\asktbar.dll
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
[-HKEY_CLASSES_ROOT\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FE063DB9-4EC0-403e-8DD8-394C54984B2C}"=-
:commands
[emptytemp]
[start explorer]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
17 janv. 2009 à 16:33
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:54, on 17/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\BR040286.exe
C:\Users\Audrey\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Audrey\AppData\Local\oyygugs.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SweetIM Toolbar Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [NBCore] "C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [oyygugs] "c:\users\audrey\appdata\local\oyygugs.exe" oyygugs
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe