Rapport OTL

alec6 Messages postés 36 Statut Membre -  
 gen-hackman -
Bonjour, j'ai depuis quelques temps des pages pub qui s'ouvrent toutes seules.
J'ai suivi le tuto de "Malekal", dont je viens de tirer le rapport OTL suivant:

http://www.cijoint.fr/cjlink.php?file=cj201104/cijgVforXz.txt

quelqu'un pourrait-il m'aider à déseinfecter mon ordi?

Merci beaucoup.
Alec6

30 réponses

  • 1
  • 2
  1. gen-hackman
     
    salut

    ▶ Télécharge ici : Ad-remover sur ton bureau :

    ▶ Déconnecte toi et ferme toutes applications en cours !

    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "executer en tant que...."


    ▶ sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

    ▶ clique le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

    ▶ Au menu principal choisis "option Nettoyer" et tape sur [entrée] .

    ▶ Laisse travailler l'outil et ne touche à rien ...

    ▶ Poste le rapport qui apparait à la fin , sur le forum ...

    ( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

    0
  2. alec6 Messages postés 36 Statut Membre
     
    Merci pour ta réponse gen-hackman,

    voici donc le rapport d'AD remover

    ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 12/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 15:05:54 le 14/04/2011, Mode normal

    Microsoft Windows XP Professionnel Service Pack 2 (X86)
    dubost@WAITV20 ( )

    ============== ACTION(S) ==============

    Service: "ResultBar Service" Stoppé et supprimé

    Dossier supprimé: C:\Program Files\Mozilla FireFox\extensions\{34EFA911-B536-4C08-BECE-CD5E55C875B0}
    Fichier supprimé: C:\Program Files\Mozilla FireFox\searchplugins\Mp3Tube.xml
    Fichier supprimé: C:\WINDOWS\system32\ConduitEngine.tmp
    Dossier supprimé: C:\Documents and Settings\dubost\Application Data\Agence-Exclusive
    Dossier supprimé: C:\Documents and Settings\dubost\Local Settings\Application Data\Agence-Exclusive
    Dossier supprimé: C:\Program Files\Agence-Exclusive
    Dossier supprimé: C:\Program Files\PartyGaming
    Dossier supprimé: C:\Documents and Settings\dubost\Local Settings\Application Data\Conduit
    Dossier supprimé: C:\Program Files\Conduit
    Dossier supprimé: C:\Documents and Settings\dubost\Local Settings\Application Data\ConduitEngine
    Dossier supprimé: C:\Program Files\ConduitEngine
    Dossier supprimé: C:\Documents and Settings\dubost\Application Data\CrazyLoader
    Dossier supprimé: C:\Documents and Settings\dubost\Menu Démarrer\Programmes\CrazyLoader
    Dossier supprimé: C:\Program Files\CrazyLoader
    Dossier supprimé: C:\Documents and Settings\All Users\Application Data\ResultBar
    Dossier supprimé: C:\Program Files\ResultBar
    Dossier supprimé: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ShopperReports
    Dossier supprimé: C:\Documents and Settings\dubost\Application Data\ShopperReports3
    Dossier supprimé: C:\Program Files\ShopperReports3

    (!) -- Fichiers temporaires supprimés.

    Clé supprimée: HKLM\Software\Classes\CLSID\{09BCAB1C-FB4C-426C-9CDF-B669740A73DC}
    Clé supprimée: HKLM\Software\Classes\CLSID\{2721A8E5-BFDB-4562-9912-9E0531CA616C}
    Clé supprimée: HKLM\Software\Classes\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE}
    Clé supprimée: HKLM\Software\Classes\CLSID\{293A63F7-C3B6-423a-9845-901AC0A7EE6E}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{293A63F7-C3B6-423a-9845-901AC0A7EE6E}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{293A63F7-C3B6-423a-9845-901AC0A7EE6E}
    Clé supprimée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKLM\Software\Classes\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1}
    Clé supprimée: HKLM\Software\Classes\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306}
    Clé supprimée: HKLM\Software\Classes\CLSID\{53256D01-2424-456F-91A6-B99F91C477F9}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{53256D01-2424-456F-91A6-B99F91C477F9}
    Clé supprimée: HKLM\Software\Classes\CLSID\{60DA826C-B1C6-4358-BDEC-4837CED45470}
    Clé supprimée: HKLM\Software\Classes\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16}
    Clé supprimée: HKLM\Software\Classes\CLSID\{C1089F63-7AFC-4538-B0EB-BEA0F4225A57}
    Clé supprimée: HKLM\Software\Classes\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D}
    Clé supprimée: HKLM\Software\Classes\CLSID\{CFC16189-8A92-4a29-A940-60248385F426}
    Clé supprimée: HKLM\Software\Classes\CLSID\{DEE758B4-C3FB-4a5b-9939-848B9C77A2FB}
    Clé supprimée: HKLM\Software\Classes\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D}
    Clé supprimée: HKLM\Software\Classes\Interface\{115CCBAE-27B0-47C3-BA42-BAB708424393}
    Clé supprimée: HKLM\Software\Classes\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9}
    Clé supprimée: HKLM\Software\Classes\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226}
    Clé supprimée: HKLM\Software\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}
    Clé supprimée: HKLM\Software\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}
    Clé supprimée: HKLM\Software\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}
    Clé supprimée: HKLM\Software\Classes\Interface\{83B2FE06-BA20-4F7D-96C6-6FC3A4E877D3}
    Clé supprimée: HKLM\Software\Classes\Interface\{B32966A2-F7C2-4362-A6CF-399EC8B44110}
    Clé supprimée: HKLM\Software\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}
    Clé supprimée: HKLM\Software\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}
    Clé supprimée: HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}
    Clé supprimée: HKLM\Software\Classes\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A}
    Clé supprimée: HKLM\Software\Classes\Interface\{F8B4EC8A-2407-4BE0-AEE2-0F430D65A90D}
    Clé supprimée: HKLM\Software\Classes\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9}
    Clé supprimée: HKLM\Software\Classes\TypeLib\{0BF73E27-2734-4F7B-925A-4BBB1457F5FA}
    Clé supprimée: HKLM\Software\Classes\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46}
    Clé supprimée: HKLM\Software\Classes\TypeLib\{5FE0CEAE-CB69-40AF-A323-40F94257DACB}
    Clé supprimée: HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
    Clé supprimée: HKLM\Software\Classes\TypeLib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6}
    Clé supprimée: HKLM\Software\Classes\TypeLib\{F1A1892C-2A6C-4817-98B4-FF81443CBA20}
    Clé supprimée: HKLM\Software\Classes\Conduit.Engine
    Clé supprimée: HKLM\Software\Classes\ShopperReports.AsyncReporter
    Clé supprimée: HKLM\Software\Classes\ShopperReports.AsyncReporter.1
    Clé supprimée: HKLM\Software\Classes\ShopperReports.CntntDic
    Clé supprimée: HKLM\Software\Classes\ShopperReports.CntntDic.1
    Clé supprimée: HKLM\Software\Classes\ShopperReports.CntntDisp
    Clé supprimée: HKLM\Software\Classes\ShopperReports.CntntDisp.1
    Clé supprimée: HKLM\Software\Classes\ShopperReports.Dwnldr
    Clé supprimée: HKLM\Software\Classes\ShopperReports.Dwnldr.1
    Clé supprimée: HKLM\Software\Classes\ShopperReports.HbAx
    Clé supprimée: HKLM\Software\Classes\ShopperReports.HbAx.1
    Clé supprimée: HKLM\Software\Classes\ShopperReports.HbGuru
    Clé supprimée: HKLM\Software\Classes\ShopperReports.HbGuru.1
    Clé supprimée: HKLM\Software\Classes\ShopperReports.HbInfoBand
    Clé supprimée: HKLM\Software\Classes\ShopperReports.HbInfoBand.1
    Clé supprimée: HKLM\Software\Classes\ShopperReports.IEButton
    Clé supprimée: HKLM\Software\Classes\ShopperReports.IEButton.1
    Clé supprimée: HKLM\Software\Classes\ShopperReports.IEButtonA
    Clé supprimée: HKLM\Software\Classes\ShopperReports.IEButtonA.1
    Clé supprimée: HKLM\Software\Classes\ShopperReports.KOPFF
    Clé supprimée: HKLM\Software\Classes\ShopperReports.KOPFF.1
    Clé supprimée: HKLM\Software\Classes\ShopperReports.MozillaNvgtnTrpr
    Clé supprimée: HKLM\Software\Classes\ShopperReports.MozillaNvgtnTrpr.1
    Clé supprimée: HKLM\Software\Classes\ShopperReports.MozillaPSExecuter
    Clé supprimée: HKLM\Software\Classes\ShopperReports.MozillaPSExecuter.1
    Clé supprimée: HKLM\Software\Classes\ShopperReports.ReportData
    Clé supprimée: HKLM\Software\Classes\ShopperReports.ReportData.1
    Clé supprimée: HKLM\Software\Classes\ShopperReports.Reporter
    Clé supprimée: HKLM\Software\Classes\ShopperReports.Reporter.1
    Clé supprimée: HKLM\Software\Classes\ShopperReports.RprtCtrl
    Clé supprimée: HKLM\Software\Classes\ShopperReports.RprtCtrl.1
    Clé supprimée: HKLM\Software\Classes\ShopperReports.Scopes
    Clé supprimée: HKLM\Software\Classes\ShopperReports.Scopes.1
    Clé supprimée: HKLM\Software\Classes\ShopperReports.Stock
    Clé supprimée: HKLM\Software\Classes\ShopperReports.Stock.1
    Clé supprimée: HKLM\Software\Classes\ShopperReports.TriggerImmidiate
    Clé supprimée: HKLM\Software\Classes\ShopperReports.TriggerImmidiate.1
    Clé supprimée: HKLM\Software\Classes\ShopperReports.TriggerImmidiateOrRandomTS
    Clé supprimée: HKLM\Software\Classes\ShopperReports.TriggerImmidiateOrRandomTS.1
    Clé supprimée: HKLM\Software\Classes\ShopperReports.TriggerOnceInDay
    Clé supprimée: HKLM\Software\Classes\ShopperReports.TriggerOnceInDay.1
    Clé supprimée: HKLM\Software\Classes\Toolbar.CT2504091
    Clé supprimée: HKLM\Software\Classes\AppID\BRNstIE.DLL
    Clé supprimée: HKLM\Software\Classes\AppID\CmndFF.DLL
    Clé supprimée: HKLM\Software\Classes\AppID\mozillaps.dll
    Clé supprimée: HKLM\Software\Classes\AppID\Pltfrm.DLL
    Clé supprimée: HKLM\Software\Classes\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227}
    Clé supprimée: HKLM\Software\Conduit
    Clé supprimée: HKLM\Software\conduitEngine
    Clé supprimée: HKLM\Software\ResultBar
    Clé supprimée: HKLM\Software\ShopperReports3
    Clé supprimée: HKLM\Software\Titan Poker
    Clé supprimée: HKCU\Software\Conduit
    Clé supprimée: HKCU\Software\conduitEngine
    Clé supprimée: HKCU\Software\ShopperReports3
    Clé supprimée: HKCU\Software\vmntoolbar
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\CrazyLoader
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ShopperReports
    Clé supprimée: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\PCTuto
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3E03D94-5A54-4BF7-BF19-B7CD67F1C511}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\CrazyLoader
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ResultBar
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA
    Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4D03-A0CF-8203604C3DA6}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483C-A137-731E8F113DD5}

    Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|ShopperReports 3.0.517.0
    Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790476BC76595A37A095
    Valeur supprimée: HKLM\Software\Mozilla\Firefox\Extensions|ShopperReports@ShopperReports.com

    ============== SCAN ADDITIONNEL ==============

    **** Mozilla Firefox Version [3.6.12 (fr)] ****

    Plugins\npBitCometAgent.dll (BitComet)
    Plugins\npDivxPlayerPlugin.dll (DivX, Inc)
    Plugins\npmozax.dll (?)
    HKLM_MozillaPlugins\@veoh.com/VeohPlayer (x)
    HKLM_MozillaPlugins\@veoh.com/VeohTVPlugin (x)
    HKLM_MozillaPlugins\@veoh.com/VeohWebPlayer (x)
    Components\nsAxSecurityPolicy.js
    Extensions\mp3tubetoolbar@mp3tubetoolbar.com (MP3Tube Toolbar)
    Extensions\{B13721C7-F507-4982-B2E5-502A71474FED} (Skype extension for Firefox )
    HKCU_Extensions|web@veoh.com - C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder

    -- C:\Documents and Settings\dubost\Application Data\Mozilla\FireFox\Profiles\n36tq8vp.default --
    Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} (Vuze Remote Toolbar)
    User.js - keyword.URL, hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    Prefs.js - browser.startup.homepage_override.mstone, rv:1.8.1.3
    Prefs.js - browser.startup.homepage, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtb04ff&clid=185fe5b14...

    -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\54guqwtw.default --
    User.js - keyword.URL, hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.1.7
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...
    Prefs.js - browser.search.defaultenginename, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngine, Yahoo-Mp3Tube
    Prefs.js - browser.search.selectedEngineURL, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=18...

    -- C:\Documents and Settings\Dubost\Application Data\Mozilla\FireFox\Profiles\n36tq8vp.default --
    Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} (Vuze Remote Toolbar)
    User.js - keyword.URL, hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    Prefs.js - browser.startup.homepage_override.mstone, rv:1.8.1.3
    Prefs.js - browser.startup.homepage, hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtb04ff&clid=185fe5b14...

    ========================================

    **** Google Chrome Version [10.0.648.204] ****

    Extension\jfmjfhklogoienhpfnppmbcbjfjnkonk (C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx) (?)

    -- C:\Documents and Settings\dubost\Local Settings\Application Data\Google\Chrome\User Data\Default --
    Preferences - default_search_provider: "Recherche rapide Google" (Activé: true) (hxxp://www.google.com/search?hl=fr&ie=UTF-8&oe=UTF-8&q={searchTerms})
    Preferences - homepage: hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtb04ie&clid=185fe5b148d04cbc83a315f5e...
    Plugin - BitCometAgent (Activé: true) (C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll)
    Plugin - Windows Genuine Advantage (Activé: true) (C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll)
    Plugin - RealJukebox NS Plugin (Activé: true) (C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll)
    Plugin - (Activé: true) (C:\Program Files\Photosynth\npPhotosynthMozilla.dll)
    Plugin - Veoh Web Player Beta (Activé: true) (C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll)
    Plugin - "Silverlight" (Activé: true)
    Plugin - "DivX Player" (Activé: true)
    Plugin - "BitCometAgent" (Activé: true)
    Plugin - "BitTorrent" (Activé: true)
    Plugin - "DivX Player Netscape Plugin" (Activé: true)
    Plugin - "Windows Genuine Advantage" (Activé: true)
    Plugin - "RealJukebox NS Plugin" (Activé: true)
    Plugin - "DivX\u00AE Content Upload Plugin" (Activé: true)
    Plugin - "Picasa" (Activé: true)
    Plugin - "npPhotosynthMozilla" (Activé: true)
    Plugin - "VeohTV Plugin" (Activé: true)
    Plugin - "Veoh Web Player Beta" (Activé: true)
    Plugin - "NPVeohVersion4 plugin" (Activé: true)

    ========================================

    **** Internet Explorer Version [6.0.2900.2180] ****

    IEXPLORE.EXE\Shell\Open\Command - C:\Documents and Settings\dubost\Local Settings\Application Data\av.exe /START C:\Program Files\Internet Explorer\iexplore.exe
    HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
    HKCU_Main|Start Page - hxxp://fr.msn.com/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
    HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Start Page - hxxp://fr.msn.com/
    HKCU_URLSearchHooks|{ba14329e-9550-4989-b3f2-9732e92d17cc} - "Vuze Remote Toolbar" (C:\Program Files\Vuze_Remote\prxtbVuz2.dll)
    HKCU_SearchScopes\{EDAC3D2C-2EBE-4FB1-A5BA-B1F2FCD0DDD2} - "Yahoo-Mp3Tube" (hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ie&K...)
    HKCU_Toolbar|{1E796980-9CC5-11D1-A83F-00C04FC99D61} (x)
    HKCU_Toolbar\ShellBrowser|{A057A204-BACC-4D26-8287-79A187E26987} (x)
    HKCU_Toolbar\WebBrowser|{A057A204-BACC-4D26-8287-79A187E26987} (x)
    HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll)
    HKCU_Toolbar\WebBrowser|{BA14329E-9550-4989-B3F2-9732E92D17CC} (C:\Program Files\Vuze_Remote\prxtbVuz2.dll)
    HKCU_Toolbar\WebBrowser|{46897C77-E7A6-4C33-BFFB-E9C2E2718942} ("C:\Program Files\Mp3Tube Toolbar\mp3tubetb.dll") (x)
    HKLM_Toolbar|{E0E899AB-F487-11D5-8D29-0050BA6940E3} (x)
    HKLM_Toolbar|{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} (C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll)
    HKLM_Toolbar|{ba14329e-9550-4989-b3f2-9732e92d17cc} (C:\Program Files\Vuze_Remote\prxtbVuz2.dll)
    HKLM_Toolbar|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll)
    HKLM_Toolbar|{46897C77-E7A6-4c33-BFFB-E9C2E2718942} ("C:\Program Files\Mp3Tube Toolbar\mp3tubetb.dll") (x)
    HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll)
    HKLM_ElevationPolicy\1f9696f1-2cf2-41bb-a66f-7cde4b7055c9 - C:\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe (?)
    HKLM_ElevationPolicy\651758e9-4e59-4275-a18c-463522fe313f - C:\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe (?)
    HKLM_ElevationPolicy\{7F26EFD9-8F92-491C-BC3B-5493C0E1562F} - C:\Documents and Settings\dubost\Local Settings\Application Data\Conduit\CT2504091\Vuze_RemoteAutoUpdaterHelper.exe (x)
    HKLM_ElevationPolicy\{870BEE8C-C090-4B8D-A259-86AEC42F9ED9} - C:\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper1.exe (?)
    HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
    BHO\{100EB1FD-D03E-47fd-81F3-EE91287F9465} (?)
    BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll)
    BHO\{ba14329e-9550-4989-b3f2-9732e92d17cc} - "Vuze Remote Toolbar" (C:\Program Files\Vuze_Remote\prxtbVuz2.dll)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 382 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)

    Z:\Ad-Report-CLEAN[1].txt - 14/04/2011 15:06:12 (41169 Octet(s))
    Z:\Ad-Report-SCAN[1].txt - 14/04/2011 13:08:31 (41767 Octet(s))

    Fin à: 15:08:05, 14/04/2011

    ============== E.O.F ==============
    0
  3. gen-hackman
     
    desinstalle tout ce qui contient le mot toolbar
    0
  4. alec6 Messages postés 36 Statut Membre
     
    heu....

    ben, j'ai jonglé entre "suppression de programmes" et ccleaner, j'ai desinstallé un truc mp3toolbar, vuzetoolbar, et veoh...

    je relance un nettoyage AD-R?

    merci.
    Alec6
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. alec6 Messages postés 36 Statut Membre
     
    et voilou!!!

    OTL logfile created on: 14/04/2011 16:03:34 - Run 3
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\dubost\Mes documents\Downloads
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
    4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74,50 Gb Total Space | 12,47 Gb Free Space | 16,74% Space Free | Partition Type: NTFS
    Drive F: | 7,45 Gb Total Space | 6,70 Gb Free Space | 89,95% Space Free | Partition Type: FAT32
    Drive G: | 465,65 Gb Total Space | 104,46 Gb Free Space | 22,43% Space Free | Partition Type: FAT32
    Drive H: | 111,76 Gb Total Space | 47,19 Gb Free Space | 42,22% Space Free | Partition Type: FAT32
    Drive Y: | 58,04 Gb Total Space | 29,77 Gb Free Space | 51,30% Space Free | Partition Type: NTFS
    Drive Z: | 58,04 Gb Total Space | 29,77 Gb Free Space | 51,30% Space Free | Partition Type: NTFS

    Computer Name: WAITV20 | User Name: dubost | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    [color=#E56717]========== Processes (SafeList) ==========[/color]

    PRC - C:\Documents and Settings\dubost\Mes documents\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Documents and Settings\dubost\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
    PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Documents and Settings\dubost\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
    PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Documents and Settings\dubost\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe (Google)
    PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
    PRC - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
    PRC - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
    PRC - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
    PRC - C:\Program Files\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
    PRC - C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

    [color=#E56717]========== Modules (SafeList) ==========[/color]

    MOD - C:\Documents and Settings\dubost\Mes documents\Downloads\OTL.exe (OldTimer Tools)
    MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealNetworks, Inc.)
    MOD - C:\Program Files\AVAST Software\Avast\snxhk.dll (AVAST Software)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)

    [color=#E56717]========== Win32 Services (SafeList) ==========[/color]

    SRV - (StyleXPService) -- File not found
    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (NMIndexingService) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (Nero AG)
    SRV - (UleadBurningHelper) -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
    SRV - (DigiRefresh) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
    SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
    SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
    SRV - (LightScribeService) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
    SRV - (Capture Device Service) -- C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
    SRV - (Adobe LM Service) -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
    SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
    SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
    SRV - (MDM) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

    [color=#E56717]========== Driver Services (SafeList) ==========[/color]

    DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
    DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
    DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
    DRV - (ezplay) -- C:\WINDOWS\system32\drivers\ezplay.sys (VSO Software)
    DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
    DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
    DRV - (CrystalSysInfo) -- C:\Program Files\MediaCoder\SysInfo.sys ()
    DRV - (DigiNet) -- C:\WINDOWS\system32\drivers\diginet.sys (Digidesign, A Division of Avid Technology, Inc.)
    DRV - (TPkd) -- C:\WINDOWS\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
    DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
    DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI)
    DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI)
    DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI)
    DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
    DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
    DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
    DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
    DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
    DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
    DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\hap16v2k.sys (Creative Technology Ltd)
    DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
    DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)
    DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
    DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
    DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
    DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)

    [color=#E56717]========== Standard Registry (SafeList) ==========[/color]

    [color=#E56717]========== Internet Explorer ==========[/color]

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
    IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    [color=#E56717]========== FireFox ==========[/color]

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/24 16:34:28 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/04/06 13:25:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/24 16:34:18 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/03/25 12:07:10 | 000,000,000 | ---D | M]

    [2011/04/14 15:41:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dubost\Application Data\Mozilla\Extensions
    [2010/09/07 11:58:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dubost\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2011/01/05 16:31:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dubost\Application Data\Mozilla\Extensions\celtx@celtx.com
    [2009/11/03 13:58:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dubost\Application Data\Mozilla\Extensions\MediaCoder
    [2010/06/21 14:14:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dubost\Application Data\Mozilla\Firefox\Profiles\n36tq8vp.default\extensions
    [2010/06/21 14:14:34 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Documents and Settings\dubost\Application Data\Mozilla\Firefox\Profiles\n36tq8vp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2011/04/14 15:41:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/26 16:04:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2011/03/24 16:25:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2009/07/17 10:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
    [2006/10/26 23:13:26 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
    [2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2006/07/12 19:19:13 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

    O1 HOSTS File: ([2011/04/14 12:32:30 | 000,432,448 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 14885 more lines...
    O2 - BHO: (no name) - {100EB1FD-D03E-47fd-81F3-EE91287F9465} - No CLSID value found.
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-8287-79A187E26987} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {46897C77-E7A6-4C33-BFFB-E9C2E2718942} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8287-79A187E26987} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [autoupdater] File not found
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = File not found
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Monitor Apache Servers.lnk.disabled ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
    O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {0000000C-0000-0000-0000-000000000000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
    O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
    O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} https://waitv20.wai-tv.local:4343/SMB/console/html/root/AtxEnc.cab (Encrypt Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E78DE03F-DC83-40DB-B590-8FD80BE5F7C8} https://waitv20.wai-tv.local:4343/SMB/console/html/root/AtxConsole.cab (Console d'administration de Security Server)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wai-tv.local
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - CLSID or File not found.
    O24 - Desktop Components:0 () - file:///C:/DOCUME~1/dubost/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
    O24 - Desktop Components:1 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\dubost\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\dubost\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/10/16 12:42:43 | 000,000,076 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/09/06 14:22:35 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.SYD -- [ NTFS ]
    O32 - AutoRun File - [2010/03/15 16:31:49 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2010/03/15 15:31:52 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ FAT32 ]
    O32 - AutoRun File - [2004/07/16 11:51:42 | 000,000,031 | ---- | M] () - H:\autorun.inf -- [ FAT32 ]
    O32 - AutoRun File - [2010/03/15 16:31:52 | 000,000,000 | RHSD | M] - Y:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2010/03/15 16:31:52 | 000,000,000 | RHSD | M] - Z:\autorun.inf -- [ NTFS ]
    O33 - MountPoints2\{26928993-d52b-11df-a7f3-00123f74ece2}\Shell\AutoRun\command - "" = G:\Autorun.exe /run
    O33 - MountPoints2\{26928993-d52b-11df-a7f3-00123f74ece2}\Shell\Shell00\Command - "" = G:\Autorun.exe /run
    O33 - MountPoints2\{26928993-d52b-11df-a7f3-00123f74ece2}\Shell\Shell01\Command - "" = G:\Autorun.exe /action
    O33 - MountPoints2\{26928993-d52b-11df-a7f3-00123f74ece2}\Shell\Shell02\Command - "" = G:\Autorun.exe /uninstall
    O33 - MountPoints2\{94cc304a-f944-11df-a811-00123f74ece2}\Shell - "" = AutoRun
    O33 - MountPoints2\{94cc304a-f944-11df-a811-00123f74ece2}\Shell\AutoRun\command - "" = G:\SETUP.EXE
    O33 - MountPoints2\{94cc304a-f944-11df-a811-00123f74ece2}\Shell\configure\command - "" = G:\SETUP.EXE
    O33 - MountPoints2\{94cc304a-f944-11df-a811-00123f74ece2}\Shell\install\command - "" = G:\SETUP.EXE
    O33 - MountPoints2\{afec6f4a-66f6-11de-a6c0-00123f74ece2}\Shell - "" = AutoRun
    O33 - MountPoints2\{afec6f4a-66f6-11de-a6c0-00123f74ece2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\{b2afe898-c035-11dc-a558-00123f74ece2}\Shell - "" = AutoRun
    O33 - MountPoints2\{b2afe898-c035-11dc-a558-00123f74ece2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (aswBoot.exe /M:32ead9d1b4d7) - C:\WINDOWS\System32\aswBoot.exe (AVAST Software)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

    [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

    [2011/04/14 15:31:50 | 000,000,000 | ---D | C] -- C:\Inetpub
    [2011/04/14 13:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
    [2011/04/14 12:10:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/04/14 12:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
    [2011/04/14 12:10:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/04/13 15:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\PDFCreator
    [2011/04/13 15:41:53 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
    [2011/04/13 15:41:51 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
    [2011/04/13 15:41:51 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCC2FR.DLL
    [2011/04/13 15:41:51 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMPIDE.DLL
    [2011/04/13 15:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
    [2011/04/06 14:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dubost\Menu Démarrer\Programmes\Google Chrome
    [2011/04/06 13:26:44 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/04/06 13:26:44 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/04/06 13:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\avast! Free Antivirus
    [2011/04/06 13:26:43 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2011/04/06 13:26:43 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/04/06 13:26:43 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/04/06 13:26:42 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/04/06 13:26:42 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/04/06 13:26:42 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/04/06 13:25:53 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/04/06 13:25:52 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/04/06 13:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/04/06 13:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/03/29 17:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dubost\Application Data\inkscape
    [2011/03/29 17:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\Inkscape
    [2011/03/24 17:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dubost\Application Data\vlc
    [2011/03/24 17:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\VideoLAN
    [2011/03/24 16:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\xing shared
    [2011/03/24 16:34:16 | 000,198,848 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
    [2011/03/24 16:33:52 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
    [2011/03/24 16:33:51 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
    [2011/03/24 16:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Real
    [2011/03/24 16:25:38 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2011/03/24 16:25:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2011/03/24 16:25:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2011/03/24 16:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
    [2011/03/24 16:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dubost\Application Data\VDownloader
    [2011/03/24 16:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dubost\Local Settings\Application Data\VDownloader
    [2011/03/24 16:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
    [2011/03/24 16:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\VDownloader
    [2011/03/24 16:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\VDownloader
    [2011/03/24 15:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dubost\Application Data\Qualys
    [2011/03/23 20:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\OpenXML-ODF Translator
    [2011/03/23 20:28:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dubost\Menu Démarrer\Programmes\ODF Add-in for Microsoft Office
    [2011/03/18 12:47:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dubost\Bureau\Raccourcis Bureau non utilisés
    [2011/03/16 17:29:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dubost\Mes documents\Finale Files
    [2011/03/16 17:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dubost\Application Data\MakeMusic
    [2011/03/16 17:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MakeMusic
    [2011/03/16 17:23:15 | 000,000,000 | ---D | C] -- C:\PSFONTS
    [2011/03/16 17:14:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dubost\Menu Démarrer\Programmes\Notepad++
    [2011/03/16 17:14:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Notepad++
    [2011/03/16 17:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
    [2011/03/16 17:14:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dubost\Application Data\Notepad++
    [2011/03/16 17:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dubost\Mes documents\Myriad Documents
    [2011/03/16 17:06:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dubost\Application Data\ACAMPREF
    [2008/04/18 17:39:02 | 000,094,208 | ---- | C] (VSO Software) -- C:\Documents and Settings\dubost\Application Data\ezplay.sys
    [2007/10/09 17:53:02 | 000,411,248 | ---- | C] (Applian Technologies Inc.) -- C:\Program Files\FLV PlayerRCSetup.exe
    [2007/04/10 15:24:48 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\dubost\Application Data\pcouffin.sys
    [2006/06/19 19:01:20 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
    [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

    [2011/04/14 15:55:03 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/04/14 15:55:03 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/04/14 15:25:00 | 000,001,150 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-124205632-3647424188-604737728-1118UA.job
    [2011/04/14 15:15:02 | 000,513,080 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
    [2011/04/14 15:15:02 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/04/14 15:15:02 | 000,085,404 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
    [2011/04/14 15:15:02 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/04/14 15:12:56 | 000,023,773 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2011/04/14 15:10:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/04/14 15:09:42 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000004-10031102}.rfx
    [2011/04/14 15:09:42 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000004-00001102-00000004-10031102}.rfx
    [2011/04/14 15:09:42 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000004-00001102-00000004-10031102}.rfx
    [2011/04/14 15:09:42 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000004-00001102-00000004-10031102}.rfx
    [2011/04/14 15:09:42 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
    [2011/04/14 15:09:42 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
    [2011/04/14 15:09:42 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000004-00001102-00000004-10031102}.dat
    [2011/04/14 15:09:42 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000004-00001102-00000004-10031102}.dat
    [2011/04/14 15:09:22 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
    [2011/04/14 14:25:00 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-124205632-3647424188-604737728-1118Core.job
    [2011/04/14 13:06:34 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\dubost\Bureau\AD-R.lnk
    [2011/04/14 12:32:30 | 000,432,448 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/04/14 12:01:20 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-124205632-3647424188-604737728-1118.job
    [2011/04/14 12:01:20 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-124205632-3647424188-604737728-1118.job
    [2011/04/13 18:07:28 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\dubost\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/04/11 16:08:35 | 000,387,116 | ---- | M] () -- C:\Documents and Settings\dubost\Bureau\alec6.JPG
    [2011/04/11 13:46:03 | 000,000,246 | -HS- | M] () -- C:\boot.ini
    [2011/04/11 10:57:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/04/08 17:15:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\Maintenance en 1 clic.job
    [2011/04/08 16:24:59 | 000,007,579 | ---- | M] () -- C:\WINDOWS\cfgall.ini
    [2011/04/08 15:49:49 | 000,004,172 | ---- | M] () -- C:\WINDOWS\cfgps.ini
    [2011/04/06 16:28:08 | 000,380,826 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110414-123230.backup
    [2011/04/06 14:22:58 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\dubost\Bureau\Google Chrome.lnk
    [2011/04/06 14:22:58 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\dubost\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011/04/06 13:26:44 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\avast! Free Antivirus.lnk
    [2011/04/06 13:26:43 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011/04/04 12:49:56 | 000,177,796 | ---- | M] () -- C:\cc_20110404_124945.reg
    [2011/04/01 15:26:28 | 000,006,708 | ---- | M] () -- C:\Documents and Settings\dubost\.recently-used.xbel
    [2011/04/01 15:26:27 | 006,811,973 | ---- | M] () -- C:\Documents and Settings\dubost\Bureau\jacquettes ENPC.xcf
    [2011/04/01 12:22:47 | 000,971,426 | ---- | M] () -- C:\Documents and Settings\dubost\Bureau\jacquettes ENPC.jpg
    [2011/03/29 17:58:03 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\dubost\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
    [2011/03/29 14:25:12 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2011/03/29 14:11:16 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\dubost\Bureau\DVDFab 8.lnk
    [2011/03/25 12:07:10 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
    [2011/03/24 17:06:35 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk
    [2011/03/24 16:34:16 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
    [2011/03/24 16:33:52 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
    [2011/03/24 16:33:52 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
    [2011/03/17 12:05:35 | 000,484,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    [color=#E56717]========== Files Created - No Company Name ==========[/color]

    [2011/04/14 13:06:33 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\dubost\Bureau\AD-R.lnk
    [2011/04/11 16:09:09 | 000,387,116 | ---- | C] () -- C:\Documents and Settings\dubost\Bureau\alec6.JPG
    [2011/04/06 14:22:58 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\dubost\Bureau\Google Chrome.lnk
    [2011/04/06 14:22:58 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\dubost\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011/04/06 13:26:44 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\avast! Free Antivirus.lnk
    [2011/04/04 12:49:50 | 000,177,796 | ---- | C] () -- C:\cc_20110404_124945.reg
    [2011/04/01 15:26:28 | 000,006,708 | ---- | C] () -- C:\Documents and Settings\dubost\.recently-used.xbel
    [2011/04/01 15:25:09 | 006,811,973 | ---- | C] () -- C:\Documents and Settings\dubost\Bureau\jacquettes ENPC.xcf
    [2011/04/01 12:22:47 | 000,971,426 | ---- | C] () -- C:\Documents and Settings\dubost\Bureau\jacquettes ENPC.jpg
    [2011/03/29 17:58:27 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Inkscape.lnk
    [2011/03/29 17:58:03 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\dubost\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
    [2011/03/29 14:11:16 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\dubost\Bureau\DVDFab 8.lnk
    [2011/03/25 12:07:10 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
    [2011/03/24 17:06:35 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk
    [2011/03/24 16:35:56 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-124205632-3647424188-604737728-1118.job
    [2011/03/24 16:35:55 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-124205632-3647424188-604737728-1118.job
    [2011/03/24 16:01:48 | 000,444,283 | ---- | C] () -- C:\Program Files\Fichiers communs\WinPcapNmap.exe
    [2011/01/11 15:51:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Progs_.ini
    [2011/01/06 20:02:43 | 000,000,030 | ---- | C] () -- C:\Program Files\Exiferupdate.ini
    [2011/01/03 12:44:03 | 006,664,208 | ---- | C] () -- C:\WINDOWS\System32\dvdripcore.dll
    [2010/11/25 18:10:50 | 000,190,976 | R--- | C] () -- C:\WINDOWS\System32\Wgalogon.dll
    [2010/11/25 18:10:49 | 000,667,136 | R--- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2010/11/08 15:34:48 | 000,221,184 | --S- | C] () -- C:\WINDOWS\System32\glut32.dll
    [2010/07/23 16:59:58 | 000,102,284 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/07/22 19:22:27 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
    [2010/06/29 18:47:24 | 000,481,432 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/03/12 12:59:43 | 000,011,564 | -HS- | C] () -- C:\Documents and Settings\dubost\Local Settings\Application Data\7U1hEm8axF
    [2010/01/27 04:09:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
    [2010/01/12 18:16:16 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7010.dat
    [2010/01/12 18:15:35 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
    [2009/11/03 13:19:18 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\dubost\Application Data\vso_ts_preview.xml
    [2009/11/02 13:10:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2009/11/02 13:10:33 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2009/11/02 13:10:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2009/11/02 13:10:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2009/11/02 13:10:33 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2009/11/02 13:10:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2009/10/20 11:51:40 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176
    [2009/10/20 11:48:51 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105
    [2009/10/16 12:19:27 | 000,150,994 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
    [2009/10/16 12:15:31 | 000,249,097 | ---- | C] () -- C:\WINDOWS\hpqins01.dat
    [2009/10/15 13:19:46 | 000,205,940 | ---- | C] () -- C:\WINDOWS\hpwins14.dat
    [2009/10/15 13:19:46 | 000,001,108 | ---- | C] () -- C:\WINDOWS\hpwmdl14.dat
    [2009/09/04 18:19:30 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
    [2009/09/04 18:19:30 | 000,002,163 | ---- | C] () -- C:\WINDOWS\Graffiti5.2Pin.ini
    [2009/07/30 13:52:30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
    [2009/07/21 13:32:58 | 000,000,495 | ---- | C] () -- C:\Documents and Settings\dubost\Application Data\Poladroid prefs.plist
    [2009/05/06 12:49:26 | 016,742,799 | ---- | C] () -- C:\Program Files\vlc-0.9.9-win32.exe
    [2009/03/19 13:33:07 | 000,205,963 | ---- | C] () -- C:\WINDOWS\hpwins14.dat.temp
    [2009/03/19 13:33:07 | 000,001,108 | ---- | C] () -- C:\WINDOWS\hpwmdl14.dat.temp
    [2008/12/19 19:15:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
    [2008/12/19 17:40:36 | 000,012,858 | ---- | C] () -- C:\WINDOWS\hpwscr14.dat
    [2008/11/26 17:39:31 | 001,900,132 | ---- | C] () -- C:\WINDOWS\System32\ExpansionHD_Firmware.bin
    [2008/11/26 17:39:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\DigiPlatformSupport.dll
    [2008/09/29 16:13:26 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
    [2008/09/21 00:13:46 | 000,530,976 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
    [2008/09/21 00:13:46 | 000,323,072 | R--- | C] () -- C:\WINDOWS\System32\WgaTray.exe
    [2008/09/05 16:11:43 | 000,001,809 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2008/04/18 17:39:02 | 000,007,861 | ---- | C] () -- C:\Documents and Settings\dubost\Application Data\ezplay.cat
    [2008/04/18 17:39:02 | 000,001,104 | ---- | C] () -- C:\Documents and Settings\dubost\Application Data\ezplay.inf
    [2008/04/18 17:39:02 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\dubost\Application Data\ezplay.ini
    [2008/04/18 17:38:53 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\dubost\Application Data\inst.exe
    [2008/04/18 16:59:13 | 007,101,440 | ---- | C] () -- C:\Program Files\PocketDivXEncoder_0.3.60.exe
    [2008/03/13 12:09:53 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
    [2008/03/07 15:44:47 | 000,000,271 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2008/01/18 18:12:12 | 000,000,091 | ---- | C] () -- C:\WINDOWS\fpxpress.ini
    [2007/11/28 21:38:04 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AvidXPSerial.sys
    [2007/10/09 18:19:42 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
    [2007/10/09 17:55:49 | 002,293,712 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
    [2007/10/09 17:54:58 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
    [2007/10/09 17:54:29 | 003,655,488 | ---- | C] () -- C:\Program Files\FLV PlayerRCATSetup.exe
    [2007/08/06 12:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
    [2007/04/10 15:33:14 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\dubost\Local Settings\Application Data\fusioncache.dat
    [2007/04/10 15:24:53 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\dubost\Application Data\ViewerApp.dat
    [2007/04/10 15:24:48 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\dubost\Application Data\pcouffin.cat
    [2007/04/10 15:24:48 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\dubost\Application Data\pcouffin.inf
    [2007/04/10 15:24:32 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\dubost\Application Data\ezpinst.exe
    [2007/04/10 15:22:17 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\dubost\Application Data\$_hpcst$.hpc
    [2007/04/10 15:18:07 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\dubost\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/04/02 11:17:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
    [2007/04/02 11:11:23 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2007/01/04 13:41:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\COMPANIONAPP.INI
    [2007/01/04 00:02:23 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
    [2007/01/03 23:58:18 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
    [2007/01/03 23:58:11 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2006/11/06 14:17:42 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
    [2006/09/29 19:06:43 | 000,000,300 | ---- | C] () -- C:\WINDOWS\ofcscan.ini
    [2006/09/14 16:27:21 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2006/09/14 16:27:20 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2006/07/20 17:47:34 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2006/07/03 12:40:36 | 000,000,028 | ---- | C] () -- C:\WINDOWS\wordpad.ini
    [2006/06/21 10:51:00 | 000,004,172 | ---- | C] () -- C:\WINDOWS\cfgps.ini
    [2006/06/21 10:49:49 | 000,004,072 | ---- | C] () -- C:\WINDOWS\cfgms.ini
    [2006/06/21 10:49:40 | 000,003,284 | ---- | C] () -- C:\WINDOWS\cfgrs_ex.ini
    [2006/06/21 10:49:39 | 000,004,080 | ---- | C] () -- C:\WINDOWS\cfgrs.ini
    [2006/06/20 14:36:53 | 000,007,579 | ---- | C] () -- C:\WINDOWS\cfgall.ini
    [2006/06/20 13:39:52 | 000,000,441 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2006/06/20 10:38:59 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2006/06/19 20:23:25 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2006/06/19 20:22:25 | 000,484,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2006/06/19 20:09:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2006/06/19 20:09:33 | 000,006,911 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2006/06/19 19:53:13 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/06/19 19:18:47 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000004-00001102-00000004-10031102}.dat
    [2006/06/19 19:18:47 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000004-00001102-00000004-10031102}.dat
    [2006/06/19 19:02:08 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
    [2006/06/19 19:02:06 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
    [2006/06/19 19:01:36 | 000,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
    [2006/06/19 19:01:36 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2006/06/19 19:01:31 | 000,232,723 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
    [2006/06/19 19:01:30 | 000,190,842 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
    [2006/06/19 19:01:30 | 000,110,720 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
    [2006/06/19 19:01:30 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
    [2006/06/19 19:01:29 | 000,138,716 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
    [2006/06/19 19:01:26 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
    [2006/06/19 19:01:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
    [2006/06/19 19:01:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
    [2006/06/19 19:01:26 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
    [2006/06/19 19:01:26 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
    [2006/06/19 19:01:18 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
    [2006/06/19 19:01:07 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
    [2006/06/19 18:59:53 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
    [2006/06/19 18:36:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2006/06/19 18:32:10 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2006/04/27 11:24:24 | 000,845,312 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
    [2006/03/18 00:43:52 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\nLame.dll
    [2005/10/24 12:13:58 | 000,066,560 | RHS- | C] () -- C:\WINDOWS\MOTA113.exe
    [2005/10/13 22:27:00 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
    [2005/08/31 10:11:04 | 000,002,045 | ---- | C] () -- C:\WINDOWS\System32\whlpda32e.dll
    [2005/06/21 23:37:42 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
    [2005/05/13 18:12:00 | 000,217,073 | RHS- | C] () -- C:\WINDOWS\meta4.exe
    [2005/03/29 03:22:59 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2005/03/29 03:22:59 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2005/02/28 14:16:22 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
    [2005/01/12 05:08:50 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\SafeIE.dll
    [2004/09/12 16:10:42 | 000,005,456 | ---- | C] () -- C:\WINDOWS\System32\Zap.exe
    [2004/08/05 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/05 14:00:00 | 000,513,080 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
    [2004/08/05 14:00:00 | 000,444,028 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/05 14:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
    [2004/08/05 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/05 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/05 14:00:00 | 000,085,404 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
    [2004/08/05 14:00:00 | 000,071,904 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/05 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/05 14:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
    [2004/08/05 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/05 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/05 14:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2004/08/05 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/01/27 13:13:54 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
    [2002/03/26 09:19:42 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\auth.dll

    [color=#E56717]========== LOP Check ==========[/color]

    [2009/10/01 15:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4D
    [2011/04/06 13:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2009/07/30 13:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
    [2008/11/26 18:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avid
    [2007/05/23 17:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2010/11/25 18:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2009/10/20 11:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft
    [2009/11/02 13:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
    [2011/03/24 17:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MakeMusic
    [2007/02/13 17:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2008/11/26 17:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
    [2009/09/29 15:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
    [2009/09/04 18:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
    [2006/12/13 18:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
    [2008/02/13 12:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/11/02 13:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2006/12/13 13:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\veoh
    [2010/07/15 15:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/11/04 13:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2007/04/10 15:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\3M
    [2011/03/16 17:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\ACAMPREF
    [2007/04/10 15:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\ADSoft
    [2008/11/26 18:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\Avid
    [2009/11/03 13:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\avidemux
    [2011/04/14 15:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\Azureus
    [2008/11/17 13:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\BirdieSync
    [2007/04/10 15:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\BitTorrent
    [2009/11/03 13:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\Broad Intelligence
    [2009/06/23 13:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
    [2007/04/02 13:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\ConvertTemp
    [2006/07/20 16:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\CopyToDvd
    [2008/04/18 17:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\DAEMON Tools
    [2010/11/26 12:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\DAEMON Tools Lite
    [2011/02/18 14:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
    [2007/04/10 15:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\DeepBurner
    [2009/10/20 11:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\Final Draft
    [2008/10/17 14:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\FMA
    [2009/03/02 13:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\FMZilla
    [2007/10/09 17:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\GetRightToGo
    [2011/01/05 16:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\Greyfirst
    [2010/10/11 15:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\Grisbi
    [2011/04/01 15:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\gtk-2.0
    [2011/03/29 17:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\inkscape
    [2007/04/10 15:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\Leadertech
    [2009/04/23 17:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\LKSoft
    [2011/03/16 17:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\MakeMusic
    [2007/04/10 15:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\MoyeaFLV2Video
    [2009/09/29 15:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\MPEG Streamclip
    [2008/01/18 15:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\MSNInstaller
    [2007/04/10 15:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\NCH Swift Sound
    [2011/03/16 17:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\Notepad++
    [2007/04/10 15:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\Nvu
    [2006/09/19 17:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\Opera
    [2008/11/26 17:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\PACE Anti-Piracy
    [2009/09/29 15:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\proDAD
    [2011/03/24 15:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\Qualys
    [2007/02/13 14:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\RecordPad
    [2010/10/18 15:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\Samsung
    [2010/07/22 19:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\Scan2PDF
    [2011/03/16 17:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\ScanSoft
    [2007/06/22 17:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\Temporary
    [2008/05/16 13:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\TextPad
    [2010/09/07 11:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\Thunderbird
    [2008/06/23 12:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\TransRender
    [2007/09/27 16:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\TuneUp Software
    [2009/11/02 13:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\Ulead Systems
    [2009/12/18 14:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\uTorrent
    [2011/03/24 16:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\VDownloader
    [2009/11/03 14:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\Vso
    [2008/11/07 13:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\WinFF
    [2006/06/21 12:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dubost\Application Data\XnView
    [2011/04/08 17:15:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\Maintenance en 1 clic.job
    [2009/04/09 18:45:22 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

    [color=#E56717]========== Purity Check ==========[/color]

    [color=#E56717]========== Alternate Data Streams ==========[/color]

    @Alternate Data Stream - 1095 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:BQ87uraLEj1ZvrWtS1
    @Alternate Data Stream - 1030 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:uFDrt11lQgdH4PwhCu
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844

    < End of report >
    0
  7. gen-hackman
     

    /!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\

    __________________________________________________________
    >Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
    >>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
    =====================================================


    ▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur

    Telecharge ici : Combofix

    Avant d'utiliser ComboFix :

    Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
    La simple désactivation du résident n'est pas suffisante.
    Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
    Choisis la version adéquate (32 ou 64 bits)/!\

    Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :

    ▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau

    ▶ Lance le

    Une fenêtre apparait : clique sur "Disable"

    ▶ Fais redémarrer l'ordinateur si l'outil te le demande

    Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"

    _________________________________________________________
    >> referme les fenêtres de tous les programmes en cours.
    >> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
    >>la protection en temps réel de ton Antivirus et de tes Antispywares,
    >>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°


    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "executer en tant que...."


    sur combofix renommé

    ¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤

    ▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

    ▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    ▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    0
  8. alec6 Messages postés 36 Statut Membre
     
    voila,

    le travail de combofix est enfin terminé!!!! voici le rapport

    ComboFix 11-04-13.06 - dubost 14/04/2011 17:08:31.1.2 - x86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.3326.2713 [GMT 2:00]
    Lancé depuis: c:\documents and settings\dubost\Mes documents\Downloads\dubost.exe
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\Adobe Systems
    c:\documents and settings\All Users\Application Data\Adobe Systems\Product licenses\B2BB2000.dat
    c:\documents and settings\dubost\Application Data\inst.exe
    c:\windows\system32\Ijl11.dll
    c:\windows\system32\Process.exe
    H:\autorun.inf
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_USBAAPL
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-03-14 au 2011-04-14 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-04-14 13:31 . 2011-04-14 13:31 -------- dc----w- C:\Inetpub
    2011-04-14 11:06 . 2011-04-14 11:06 -------- dc----w- c:\program files\Ad-Remover
    2011-04-14 10:10 . 2010-12-20 16:09 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-14 10:10 . 2010-12-20 16:08 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-13 13:41 . 1998-06-23 22:00 137000 -c--a-w- c:\windows\system32\MSMAPI32.OCX
    2011-04-13 13:41 . 2011-04-13 13:42 -------- dc----w- c:\program files\PDFCreator
    2011-04-13 13:41 . 1998-07-12 23:08 59904 -c--a-w- c:\windows\system32\MSCC2FR.DLL
    2011-04-13 13:41 . 1998-07-12 23:08 141312 -c--a-w- c:\windows\system32\MSCMCFR.DLL
    2011-04-13 13:41 . 1998-07-05 22:00 23552 -c--a-w- c:\windows\system32\MSMPIDE.DLL
    2011-04-06 11:26 . 2011-02-23 13:56 301528 -c--a-w- c:\windows\system32\drivers\aswSP.sys
    2011-04-06 11:26 . 2011-02-23 13:54 19544 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-04-06 11:26 . 2011-02-23 13:56 371544 -c--a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-04-06 11:26 . 2011-02-23 13:55 49240 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-04-06 11:26 . 2011-02-23 13:55 25432 -c--a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-04-06 11:26 . 2011-02-23 13:55 102232 -c--a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-04-06 11:26 . 2011-02-23 13:55 96344 -c--a-w- c:\windows\system32\drivers\aswmon.sys
    2011-04-06 11:26 . 2011-02-23 13:54 30680 -c--a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-04-06 11:25 . 2011-02-23 14:04 40648 -c--a-w- c:\windows\avastSS.scr
    2011-04-06 11:25 . 2011-02-23 14:04 190016 -c--a-w- c:\windows\system32\aswBoot.exe
    2011-04-06 11:25 . 2011-04-06 11:25 -------- dc----w- c:\program files\AVAST Software
    2011-04-06 11:25 . 2011-04-06 11:25 -------- dc----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-04-04 10:49 . 2011-04-04 10:49 177796 -c--a-w- C:\cc_20110404_124945.reg
    2011-03-29 15:59 . 2011-03-29 15:59 -------- dc----w- c:\documents and settings\dubost\Application Data\inkscape
    2011-03-29 15:53 . 2011-03-29 15:58 -------- dc----w- c:\program files\Inkscape
    2011-03-24 15:06 . 2011-03-24 16:03 -------- dc----w- c:\documents and settings\dubost\Application Data\vlc
    2011-03-24 14:35 . 2011-03-24 14:35 11776 -c--a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
    2011-03-24 14:34 . 2011-03-24 14:34 -------- dc----w- c:\program files\Fichiers communs\xing shared
    2011-03-24 14:34 . 2011-03-24 14:34 150712 -c--a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
    2011-03-24 14:33 . 2011-03-24 14:33 100864 -c--a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
    2011-03-24 14:10 . 2011-03-24 15:40 -------- dc----w- c:\program files\NirSoft
    2011-03-24 14:02 . 2011-03-24 14:02 -------- dc----w- c:\documents and settings\dubost\Application Data\VDownloader
    2011-03-24 14:02 . 2011-03-24 14:04 -------- dc----w- c:\documents and settings\dubost\Local Settings\Application Data\VDownloader
    2011-03-24 14:01 . 2011-03-24 14:01 -------- dc----w- c:\program files\WinPcap
    2011-03-24 14:01 . 2010-01-26 09:11 444283 -c--a-w- c:\program files\Fichiers communs\WinPcapNmap.exe
    2011-03-24 14:01 . 2011-03-24 14:02 -------- dc----w- c:\program files\VDownloader
    2011-03-24 13:34 . 2011-03-24 13:34 -------- dc----w- c:\documents and settings\dubost\Application Data\Qualys
    2011-03-23 18:28 . 2011-03-23 18:28 -------- dc----w- c:\program files\OpenXML-ODF Translator
    2011-03-16 15:29 . 2011-03-16 15:29 -------- dc----w- c:\documents and settings\dubost\Application Data\MakeMusic
    2011-03-16 15:23 . 2011-03-24 15:40 -------- dc----w- c:\documents and settings\All Users\Application Data\MakeMusic
    2011-03-16 15:23 . 2011-03-16 15:23 -------- dc----w- C:\PSFONTS
    2011-03-16 15:14 . 2011-03-16 15:15 -------- dc----w- c:\documents and settings\dubost\Application Data\Notepad++
    2011-03-16 15:14 . 2011-03-16 15:14 -------- dc----w- c:\program files\Notepad++
    2011-03-16 15:06 . 2011-03-16 15:08 -------- dc----w- c:\documents and settings\dubost\Application Data\ACAMPREF
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-24 14:33 . 2005-11-29 12:58 348160 -c--a-w- c:\windows\system32\msvcr71.dll
    2011-03-24 14:33 . 2003-03-18 20:14 499712 -c--a-w- c:\windows\system32\msvcp71.dll
    2011-02-18 15:36 . 2009-11-04 11:32 41984 -c--a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-02-18 15:36 . 2009-11-04 11:32 4184352 -c--a-w- c:\windows\system32\usbaaplrc.dll
    2011-02-02 20:40 . 2010-04-26 14:04 472808 -c--a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 18:19 . 2010-04-26 14:04 73728 -c--a-w- c:\windows\system32\javacpl.cpl
    2009-05-06 10:49 . 2009-05-06 10:49 16742799 -c--a-w- c:\program files\vlc-0.9.9-win32.exe
    2008-04-18 14:59 . 2008-04-18 14:59 7101440 -c--a-w- c:\program files\PocketDivXEncoder_0.3.60.exe
    2007-10-09 15:55 . 2007-10-09 15:55 2293712 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
    2007-10-09 15:54 . 2007-10-09 15:54 3655488 -c--a-w- c:\program files\FLV PlayerRCATSetup.exe
    2007-10-09 15:53 . 2007-10-09 15:53 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
    2005-05-13 16:12 217073 -csha-r- c:\windows\meta4.exe
    2005-10-24 10:13 66560 -csha-r- c:\windows\MOTA113.exe
    .
    .
    ------- Sigcheck -------
    .
    [-] 2008-04-14 02:33 . F4B7146C7EED6C4E158DCD9B5266C25A . 851968 . . [2001.12.4414.700] . . c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\comres.dll
    [-] 2004-08-05 12:00 . C7B9BBD55970C513823D7108CB87B24D . 851968 . . [2001.12.4414.258] . . c:\windows\system32\Comres.dll
    [-] 2004-08-05 12:00 . C7B9BBD55970C513823D7108CB87B24D . 851968 . . [2001.12.4414.258] . . c:\windows\system32\dllcache\comres.dll
    .
    [-] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\winlogon.exe
    [-] 2004-08-05 . CF4C4D674C1DA44FFC3977C47679FCBC . 506368 . . [5.1.2600.2180] . . c:\windows\system32\Winlogon.exe
    [-] 2004-08-05 . CF4C4D674C1DA44FFC3977C47679FCBC . 506368 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe
    .
    [-] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\user32.dll
    [7] 2007-03-08 . 4D88AAF39ADABFE45958EA1384E2C4FF . 579072 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
    [-] 2007-03-08 . C08F070BFD33BA831F3F77C1F2564E90 . 578560 . . [5.1.2600.3099] . . c:\windows\system32\User32.dll
    [-] 2007-03-08 . C08F070BFD33BA831F3F77C1F2564E90 . 578560 . . [5.1.2600.3099] . . c:\windows\system32\dllcache\user32.dll
    [7] 2005-03-02 . C34920EB988CE98910BD6B0417F334EB . 578048 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
    .
    [-] 2008-04-14 . 9245FAF86A8235D5290A23C010DABD43 . 1287168 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ole32.dll
    [-] 2005-07-26 . 1578ACA76F5CB719D0992421BDF19A91 . 1284608 . . [5.1.2600.2726] . . c:\windows\system32\Ole32.dll
    [-] 2005-07-26 . 1578ACA76F5CB719D0992421BDF19A91 . 1284608 . . [5.1.2600.2726] . . c:\windows\system32\dllcache\ole32.dll
    [7] 2005-07-25 . EED987351DDEB1B8AE7892A9AAEFF453 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz2.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2011-01-17 14:54 175912 -c--a-w- c:\program files\Vuze_Remote\prxtbVuz2.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz2.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz2.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-02-23 14:04 122512 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
    "Google Update"="c:\documents and settings\dubost\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-13 136176]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 110592]
    "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-03-24 273544]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
    .
    c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
    Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A]
    Monitor Apache Servers.lnk.disabled [2006-6-20 1127]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MIDI3"=diomidi.dll
    "wave3"=Digi32.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:32ead9d1b4d7
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DigidesignMMERefresh]
    2006-12-09 00:17 61440 -c--a-w- c:\program files\Digidesign\Drivers\MMERefresh.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2005-06-10 08:44 81920 -c--a-w- c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-03-07 14:33 421160 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 13:57 153136 -c--a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 16:38 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
    2004-11-11 16:14 49152 -c----w- c:\program files\Brother\Brmfl04g\BrStDvPt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "ResultBar Service"=2 (0x2)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "gasameeh"="c:\documents and settings\dubost\local settings\application data\gasameeh.exe" gasameeh
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "19843:TCP"= 19843:TCP:BitComet 19843 TCP
    "19843:UDP"= 19843:UDP:BitComet 19843 UDP
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18/04/2008 17:42 691696]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [06/04/2011 13:26 371544]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06/04/2011 13:26 301528]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/04/2011 13:26 19544]
    R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [26/11/2008 17:39 11776]
    R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27/01/2010 04:09 50704]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/02/2011 16:50 136176]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [15/04/2008 13:33 13352]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
    2004-08-05 12:00 101888 ------w- c:\windows\system32\advpack.dll
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-22 11:56]
    .
    2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-22 11:56]
    .
    2011-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-124205632-3647424188-604737728-1118Core.job
    - c:\documents and settings\dubost\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-13 11:56]
    .
    2011-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-124205632-3647424188-604737728-1118UA.job
    - c:\documents and settings\dubost\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-13 11:56]
    .
    2011-04-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-124205632-3647424188-604737728-1118.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
    .
    2011-04-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-124205632-3647424188-604737728-1118.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
    .
    2009-04-09 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-04-09 20:18]
    .
    .
    ------- Examen supplémentaire -------
    .
    mWindow Title =
    uInternet Connection Wizard,ShellNext = hxxp://www.waitv.com/equipechilderic.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: {41CA7D24-571E-4FC1-ACD4-0C30793762A5} = 8.8.8.8,8.8.4.4
    DPF: {E78DE03F-DC83-40DB-B590-8FD80BE5F7C8} - hxxps://waitv20.wai-tv.local:4343/SMB/console/html/root/AtxConsole.cab
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987} - (no file)
    HKLM-Run-autoupdater - c:\documents and settings\dubost\Application Data\Agence-Exclusive\Agence-Exclusive\autoupdater.exe
    MSConfigStartUp-autoupdater - c:\documents and settings\dubost\Application Data\Agence-Exclusive\Agence-Exclusive\autoupdater.exe
    MSConfigStartUp-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
    AddRemove-PcTuto_is1 - c:\program files\Agence-Exclusive\unins000.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-14 17:40
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'explorer.exe'(1788)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    c:\windows\system32\CTsvcCDA.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
    c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\nvsvc32.exe
    c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\RealVNC\VNC4\WinVNC4.exe
    c:\windows\system32\rundll32.exe
    c:\documents and settings\dubost\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    .
    **************************************************************************
    .
    Heure de fin: 2011-04-14 17:50:45 - La machine a redémarré
    ComboFix-quarantined-files.txt 2011-04-14 15:50
    .
    Avant-CF: 13 290 328 064 octets libres
    Après-CF: 13 832 826 880 octets libres
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
    [spybotsd]
    timeout.old=30
    .
    - - End Of File - - 5E840E51FF472E4C244D99ADD1E0E129
    0
  9. gen-hackman
     

    __________________________________________________
    =>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
    =>il est fort déconseillé de le transposer sur un autre ordinateur !<=
    ----------------------------------------------------------------------------


    Toujours avec toutes les protections désactivées, fais ceci :

    ▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
    ▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

    ----------------------------------------------------------
    KillAll::

    File::
    c:\documents and settings\dubost\local settings\application data\gasameeh.exe
    c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "ResultBar Service"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"=-
    "HP Software Update"=-
    "SunJavaUpdateSched"=-
    "TkBellExe"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"-
    [-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-

    Driver::
    ResultBar Service


    ------------------------------------------------------------------

    ▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
    ▶ Quitte le Bloc Notes

    ▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix

    ▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    ▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    ▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

    G3?-?@¢??@?......Concepteur de List_Kill'em...Pre_Scan....MBR_Repair....
    0
  10. alec6 Messages postés 36 Statut Membre
     
    Salut, Gen-hackman

    je viens donc d'effectuer toutes les manip indiquées, combofix vient de finir son boulot et normalement il etait en train de redemarrer mon ordi, or, il ne se relance pas!! il est comme en "veille".

    je l'éteint à la barbare et le rallume?

    :)
    0
  11. alec6 Messages postés 36 Statut Membre
     
    Gen-hackman,

    je suis actuellement en mode sans echec puisque à la réouverture de windows, il m'a proposé plusieurs démarrage, j'ai tout d'abord choisi de redemarrer normallement, ce qui n'a pas marché, j'ai donc choisi ce mode.

    Voici le nouveau rapport combofix!!

    ComboFix 11-04-13.06 - dubost 15/04/2011 11:13:03.2.2 - x86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.3326.2861 [GMT 2:00]
    Lancé depuis: c:\documents and settings\dubost\Mes documents\Downloads\dubost.exe
    Commutateurs utilisés :: c:\documents and settings\dubost\Bureau\CFScript.txt
    .
    FILE ::
    "c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk"
    "c:\documents and settings\dubost\local settings\application data\gasameeh.exe"
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-03-15 au 2011-04-15 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-04-14 13:31 . 2011-04-14 13:31 -------- dc----w- C:\Inetpub
    2011-04-14 11:06 . 2011-04-14 11:06 -------- dc----w- c:\program files\Ad-Remover
    2011-04-14 10:10 . 2010-12-20 16:09 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-14 10:10 . 2010-12-20 16:08 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-13 13:41 . 1998-06-23 22:00 137000 -c--a-w- c:\windows\system32\MSMAPI32.OCX
    2011-04-13 13:41 . 2011-04-13 13:42 -------- dc----w- c:\program files\PDFCreator
    2011-04-13 13:41 . 1998-07-12 23:08 59904 -c--a-w- c:\windows\system32\MSCC2FR.DLL
    2011-04-13 13:41 . 1998-07-12 23:08 141312 -c--a-w- c:\windows\system32\MSCMCFR.DLL
    2011-04-13 13:41 . 1998-07-05 22:00 23552 -c--a-w- c:\windows\system32\MSMPIDE.DLL
    2011-04-06 11:26 . 2011-02-23 13:56 301528 -c--a-w- c:\windows\system32\drivers\aswSP.sys
    2011-04-06 11:26 . 2011-02-23 13:54 19544 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-04-06 11:26 . 2011-02-23 13:56 371544 -c--a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-04-06 11:26 . 2011-02-23 13:55 49240 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-04-06 11:26 . 2011-02-23 13:55 25432 -c--a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-04-06 11:26 . 2011-02-23 13:55 102232 -c--a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-04-06 11:26 . 2011-02-23 13:55 96344 -c--a-w- c:\windows\system32\drivers\aswmon.sys
    2011-04-06 11:26 . 2011-02-23 13:54 30680 -c--a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-04-06 11:25 . 2011-02-23 14:04 40648 -c--a-w- c:\windows\avastSS.scr
    2011-04-06 11:25 . 2011-02-23 14:04 190016 -c--a-w- c:\windows\system32\aswBoot.exe
    2011-04-06 11:25 . 2011-04-06 11:25 -------- dc----w- c:\program files\AVAST Software
    2011-04-06 11:25 . 2011-04-06 11:25 -------- dc----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-04-04 10:49 . 2011-04-04 10:49 177796 -c--a-w- C:\cc_20110404_124945.reg
    2011-03-29 15:59 . 2011-03-29 15:59 -------- dc----w- c:\documents and settings\dubost\Application Data\inkscape
    2011-03-29 15:53 . 2011-03-29 15:58 -------- dc----w- c:\program files\Inkscape
    2011-03-24 15:06 . 2011-03-24 16:03 -------- dc----w- c:\documents and settings\dubost\Application Data\vlc
    2011-03-24 14:35 . 2011-03-24 14:35 11776 -c--a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
    2011-03-24 14:34 . 2011-03-24 14:34 -------- dc----w- c:\program files\Fichiers communs\xing shared
    2011-03-24 14:34 . 2011-03-24 14:34 150712 -c--a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
    2011-03-24 14:33 . 2011-03-24 14:33 100864 -c--a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
    2011-03-24 14:10 . 2011-03-24 15:40 -------- dc----w- c:\program files\NirSoft
    2011-03-24 14:02 . 2011-03-24 14:02 -------- dc----w- c:\documents and settings\dubost\Application Data\VDownloader
    2011-03-24 14:02 . 2011-03-24 14:04 -------- dc----w- c:\documents and settings\dubost\Local Settings\Application Data\VDownloader
    2011-03-24 14:01 . 2011-03-24 14:01 -------- dc----w- c:\program files\WinPcap
    2011-03-24 14:01 . 2010-01-26 09:11 444283 -c--a-w- c:\program files\Fichiers communs\WinPcapNmap.exe
    2011-03-24 14:01 . 2011-03-24 14:02 -------- dc----w- c:\program files\VDownloader
    2011-03-24 13:34 . 2011-03-24 13:34 -------- dc----w- c:\documents and settings\dubost\Application Data\Qualys
    2011-03-23 18:28 . 2011-03-23 18:28 -------- dc----w- c:\program files\OpenXML-ODF Translator
    2011-03-16 15:29 . 2011-03-16 15:29 -------- dc----w- c:\documents and settings\dubost\Application Data\MakeMusic
    2011-03-16 15:23 . 2011-03-24 15:40 -------- dc----w- c:\documents and settings\All Users\Application Data\MakeMusic
    2011-03-16 15:23 . 2011-03-16 15:23 -------- dc----w- C:\PSFONTS
    2011-03-16 15:14 . 2011-03-16 15:15 -------- dc----w- c:\documents and settings\dubost\Application Data\Notepad++
    2011-03-16 15:14 . 2011-03-16 15:14 -------- dc----w- c:\program files\Notepad++
    2011-03-16 15:06 . 2011-03-16 15:08 -------- dc----w- c:\documents and settings\dubost\Application Data\ACAMPREF
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-15 09:47 . 2006-06-19 18:16 98304 ----a-w- c:\windows\DUMP4565.tmp
    2011-03-24 14:33 . 2005-11-29 12:58 348160 -c--a-w- c:\windows\system32\msvcr71.dll
    2011-03-24 14:33 . 2003-03-18 20:14 499712 -c--a-w- c:\windows\system32\msvcp71.dll
    2011-02-18 15:36 . 2009-11-04 11:32 41984 -c--a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-02-18 15:36 . 2009-11-04 11:32 4184352 -c--a-w- c:\windows\system32\usbaaplrc.dll
    2011-02-02 20:40 . 2010-04-26 14:04 472808 -c--a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 18:19 . 2010-04-26 14:04 73728 -c--a-w- c:\windows\system32\javacpl.cpl
    2009-05-06 10:49 . 2009-05-06 10:49 16742799 -c--a-w- c:\program files\vlc-0.9.9-win32.exe
    2008-04-18 14:59 . 2008-04-18 14:59 7101440 -c--a-w- c:\program files\PocketDivXEncoder_0.3.60.exe
    2007-10-09 15:55 . 2007-10-09 15:55 2293712 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
    2007-10-09 15:54 . 2007-10-09 15:54 3655488 -c--a-w- c:\program files\FLV PlayerRCATSetup.exe
    2007-10-09 15:53 . 2007-10-09 15:53 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
    2005-05-13 16:12 217073 -csha-r- c:\windows\meta4.exe
    2005-10-24 10:13 66560 -csha-r- c:\windows\MOTA113.exe
    .
    .
    ------- Sigcheck -------
    .
    [-] 2008-04-14 02:33 . F4B7146C7EED6C4E158DCD9B5266C25A . 851968 . . [2001.12.4414.700] . . c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\comres.dll
    [-] 2004-08-05 12:00 . C7B9BBD55970C513823D7108CB87B24D . 851968 . . [2001.12.4414.258] . . c:\windows\system32\Comres.dll
    [-] 2004-08-05 12:00 . C7B9BBD55970C513823D7108CB87B24D . 851968 . . [2001.12.4414.258] . . c:\windows\system32\dllcache\comres.dll
    .
    [-] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\winlogon.exe
    [-] 2004-08-05 . CF4C4D674C1DA44FFC3977C47679FCBC . 506368 . . [5.1.2600.2180] . . c:\windows\system32\Winlogon.exe
    [-] 2004-08-05 . CF4C4D674C1DA44FFC3977C47679FCBC . 506368 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe
    .
    [-] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\user32.dll
    [7] 2007-03-08 . 4D88AAF39ADABFE45958EA1384E2C4FF . 579072 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
    [-] 2007-03-08 . C08F070BFD33BA831F3F77C1F2564E90 . 578560 . . [5.1.2600.3099] . . c:\windows\system32\User32.dll
    [-] 2007-03-08 . C08F070BFD33BA831F3F77C1F2564E90 . 578560 . . [5.1.2600.3099] . . c:\windows\system32\dllcache\user32.dll
    [7] 2005-03-02 . C34920EB988CE98910BD6B0417F334EB . 578048 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
    .
    [-] 2008-04-14 . 9245FAF86A8235D5290A23C010DABD43 . 1287168 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ole32.dll
    [-] 2005-07-26 . 1578ACA76F5CB719D0992421BDF19A91 . 1284608 . . [5.1.2600.2726] . . c:\windows\system32\Ole32.dll
    [-] 2005-07-26 . 1578ACA76F5CB719D0992421BDF19A91 . 1284608 . . [5.1.2600.2726] . . c:\windows\system32\dllcache\ole32.dll
    [7] 2005-07-25 . EED987351DDEB1B8AE7892A9AAEFF453 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-02-23 14:04 122512 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
    "Google Update"="c:\documents and settings\dubost\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-13 136176]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
    "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 110592]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
    .
    c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
    Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A]
    Monitor Apache Servers.lnk.disabled [2006-6-20 1127]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MIDI3"=diomidi.dll
    "wave3"=Digi32.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:32ead9d1b4d7
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DigidesignMMERefresh]
    2006-12-09 00:17 61440 -c--a-w- c:\program files\Digidesign\Drivers\MMERefresh.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2005-06-10 08:44 81920 -c--a-w- c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-03-07 14:33 421160 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 13:57 153136 -c--a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 16:38 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
    2004-11-11 16:14 49152 -c----w- c:\program files\Brother\Brmfl04g\BrStDvPt.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "gasameeh"="c:\documents and settings\dubost\local settings\application data\gasameeh.exe" gasameeh
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\dubost\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "19843:TCP"= 19843:TCP:BitComet 19843 TCP
    "19843:UDP"= 19843:UDP:BitComet 19843 UDP
    .
    S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18/04/2008 17:42 691696]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [06/04/2011 13:26 371544]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06/04/2011 13:26 301528]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/04/2011 13:26 19544]
    S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [26/11/2008 17:39 11776]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/02/2011 16:50 136176]
    S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27/01/2010 04:09 50704]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [15/04/2008 13:33 13352]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
    2004-08-05 12:00 101888 ------w- c:\windows\system32\advpack.dll
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-22 11:56]
    .
    2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-22 11:56]
    .
    2011-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-124205632-3647424188-604737728-1118Core.job
    - c:\documents and settings\dubost\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-13 11:56]
    .
    2011-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-124205632-3647424188-604737728-1118UA.job
    - c:\documents and settings\dubost\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-13 11:56]
    .
    2011-04-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-124205632-3647424188-604737728-1118.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
    .
    2011-04-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-124205632-3647424188-604737728-1118.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
    .
    2009-04-09 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-04-09 20:18]
    .
    .
    ------- Examen supplémentaire -------
    .
    mWindow Title =
    uInternet Connection Wizard,ShellNext = hxxp://www.waitv.com/equipechilderic.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: {41CA7D24-571E-4FC1-ACD4-0C30793762A5} = 8.8.8.8,8.8.4.4
    DPF: {E78DE03F-DC83-40DB-B590-8FD80BE5F7C8} - hxxps://waitv20.wai-tv.local:4343/SMB/console/html/root/AtxConsole.cab
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-15 11:51
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'explorer.exe'(328)
    c:\windows\system32\browselc.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
    c:\windows\system32\shdoclc.dll
    c:\windows\system32\ShellExt\GMailFS.dll
    .
    Heure de fin: 2011-04-15 11:58:26 - La machine a redémarré
    ComboFix-quarantined-files.txt 2011-04-15 09:58
    ComboFix2.txt 2011-04-14 15:50
    .
    Avant-CF: 13 657 915 392 octets libres
    Après-CF: 13 686 882 304 octets libres
    .
    - - End Of File - - 9A097667EC10E679877F3664105C571C

    MERCI.
    alec6
    0
  12. gen-hackman
     
    ce windows est pas legitime dirait-on ?
    0
  13. alec6 Messages postés 36 Statut Membre
     
    bien sur que si, c'est un ordinateur d'entreprise, je peux te donner le numero de licence...
    windows XP professional
    X1060256

    pourquoi tu me dis ca?

    tu veux que je te scanne ma facture d'achat???
    0
  14. gen-hackman
     
    mais non lol c'est tout simplement qu'il n'est pas à jour du tout...
    0
  15. alec6 Messages postés 36 Statut Membre
     
    et du coup j'en fais quoi mantenant de mon ordi qui veut pplus redemarrer qu'en mode sans echec??
    0
  16. gen-hackman
     
    fais ceci :

    demarrer/executer/ tape msconfig

    ensuite onglet demarrage regarde si la case safeboot n'est pas cochée
    0
  17. alec6 Messages postés 36 Statut Membre
     
    ben bizarrement, je n'ai pas de "safeboot" dans l'onglet démarrage...
    0
  18. alec6 Messages postés 36 Statut Membre
     
    ok,

    non elle n'est pas cochée, d'ailleurs je n'y ai pas accés, elle est grisée, comme toutes les cases proposées : noguiboot / bootlog/ basevideo...
    0
  19. gen-hackman
     
    ▶ Télécharge ici : USBFIX sur ton bureau

    branche tous tes periphériques sans les ouvrir

    /!\ Désactive provisoirement et seulement le temps de l'utilisation d'USBFIX, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "executer en tant que...."


    sur l'icône Usbfix située sur ton Bureau.
    Sur la page, clique sur le bouton :

    ▶ choisi l option Suppression

    ▶ UsbFix scannera ton pc , laisse travailler l outil.

    ▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

    ▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    0
  • 1
  • 2