Win32 trojan-gen (other)

Slt,

Je confirme : fixer des clés n'est pas comme fixer des fichiers.

Merci.

Salut, merci d'accorder du temps à une novice comme moi ! ça te parle tout ça ?

Logfile of random's system information tool 1.04 (written by random/random)
Run by Compaq_Propriétaire at 2008-12-13 10:48:43
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 112 GB (76%) free of 147 GB
Total RAM: 447 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:45, on 13/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\fxstaller.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\LERBI3GF\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Propriétaire.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {18973860-7AF1-45B9-A1F4-36435531F01A} - C:\WINDOWS\system32\iifgGASJ.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb125\Dealio.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\jkkKbBRH.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {82184106-0af8-4723-9e6e-b8dae26e7bf0} - C:\WINDOWS\system32\jzgvzp.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb125\Dealio.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Fichiers communs\SystemDoctor\DNSE.exe" -c
O4 - HKLM\..\Run: [DC6V_Check] "C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [NeroFilterCheck] c:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "c:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Build 4] C:\DOCUME~1\COMPAQ~1\APPLIC~1\TRAYCH~1\optionmeal.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [57968828312333086197212848512327] C:\Program Files\A360\av360.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Compaq_Propriétaire\Application Data\Dealio\kb125\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?003d7528cef9402eb7c4d829afea03ec
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?003d7528cef9402eb7c4d829afea03ec
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: jzgvzp.dll
O20 - Winlogon Notify: awtuUkjk - awtuUkjk.dll (file missing)
O20 - Winlogon Notify: jkkKbBRH - C:\WINDOWS\SYSTEM32\jkkKbBRH.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

voilà...


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
BIOS : BIOS Ver: A7225NH5 V3.12 06/29/06 17:32:37
USER : Compaq_Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 081212-0] 4.8.1296 (Activated)
Firewall : Norton Internet Worm Protection 2006 (Not Activated)
C:\ (Local Disk) - NTFS - Total:143 Go (Free:109 Go)
D:\ (Local Disk) - FAT32 - Total:5 Go (Free:0 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 13/12/2008|18:39 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@advertising[1].txt
Supprime! - C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@adopt.euroclick[2].txt
Supprime! - C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@adopt.euroclick[3].txt
Supprime! - C:\Program Files\Adverts
Supprime! - C:\Program Files\Multi_Media_France
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[26/10/2005|23:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[02/01/2006|23:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[02/01/2006|22:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real

[02/03/2008|16:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[22/07/2007|08:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bib dash 16 this
[01/03/2008|21:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[23/09/2006|16:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[02/01/2006|23:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[01/11/2006|20:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[02/01/2006|23:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[02/01/2006|23:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[07/10/2006|17:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McNeel
[12/05/2007|15:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[23/06/2008|10:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[13/11/2008|03:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[24/06/2007|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NannyMania
[04/12/2007|18:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[24/08/2006|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[02/11/2007|16:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[02/01/2006|22:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[02/01/2006|22:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[24/08/2006|09:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[06/05/2007|16:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[27/06/2007|11:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free
[24/06/2007|16:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[06/01/2007|21:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[25/10/2006|19:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[23/06/2008|10:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[12/12/2008|23:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[24/06/2007|15:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[19/01/2008|19:42] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Adobe
[28/05/2008|16:20] C:\DOCUME~1\COMPAQ~1\APPLIC~1\AdobeUM
[16/09/2007|17:02] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Creative
[30/08/2006|18:36] C:\DOCUME~1\COMPAQ~1\APPLIC~1\CyberLink
[02/12/2007|19:05] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio
[06/01/2007|20:18] C:\DOCUME~1\COMPAQ~1\APPLIC~1\FUJIFILM
[04/11/2006|14:00] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Google
[14/09/2006|19:30] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Help
[23/08/2006|15:56] C:\DOCUME~1\COMPAQ~1\APPLIC~1\HP
[23/08/2006|14:26] C:\DOCUME~1\COMPAQ~1\APPLIC~1\HPQ
[26/10/2005|23:34] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Identities
[18/07/2007|17:32] C:\DOCUME~1\COMPAQ~1\APPLIC~1\InfraRecorder
[23/08/2006|15:48] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Leadertech
[04/07/2007|17:43] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Macromedia
[04/02/2008|20:49] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Media Player Classic
[06/06/2008|16:46] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Microsoft
[17/09/2006|20:48] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Mozilla
[26/08/2006|12:30] C:\DOCUME~1\COMPAQ~1\APPLIC~1\MSNInstaller
[04/12/2007|18:08] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Nero
[02/11/2007|16:12] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Real
[16/08/2008|10:35] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Screenshot Sender
[02/12/2007|19:08] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings
[17/12/2006|14:16] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Sonic
[24/08/2006|09:56] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Sony Corporation
[27/04/2007|18:02] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Sun
[30/10/2006|18:51] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Symantec
[27/06/2007|12:41] C:\DOCUME~1\COMPAQ~1\APPLIC~1\SystemDoctor Free
[02/05/2008|21:51] C:\DOCUME~1\COMPAQ~1\APPLIC~1\TaoUSign
[23/09/2006|16:49] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Template
[22/07/2007|08:44] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Tray chin multi
[05/11/2007|14:00] C:\DOCUME~1\COMPAQ~1\APPLIC~1\U3
[26/07/2007|10:36] C:\DOCUME~1\COMPAQ~1\APPLIC~1\vlc

[26/10/2005|23:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[02/01/2006|23:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[02/01/2006|22:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real

[26/10/2005|23:34] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities
[06/11/2006|21:17] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft
[02/01/2006|22:59] C:\DOCUME~1\INVIT~1\APPLIC~1\Real

[21/10/2007|17:19] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[28/10/2006|23:27] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[13/12/2008 18:37][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[13/12/2008 18:35][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
[13/12/2008 10:32][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 12:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[02/01/2006|23:03] C:\Program Files\Adobe
[06/05/2007|16:31] C:\Program Files\Alwil Software
[23/09/2006|16:29] C:\Program Files\Canon
[12/12/2008|23:45] C:\Program Files\CCleaner
[01/03/2008|21:14] C:\Program Files\Common Files
[20/10/2005|20:06] C:\Program Files\ComPlus Applications
[25/08/2007|15:57] C:\Program Files\Creative
[02/01/2006|23:02] C:\Program Files\CyberLink
[02/12/2007|19:05] C:\Program Files\Dealio
[24/08/2006|09:50] C:\Program Files\directx
[16/09/2006|08:16] C:\Program Files\EA GAMES
[01/02/2007|18:17] C:\Program Files\Elaborate Bytes
[11/12/2008|20:16] C:\Program Files\eMule
[23/06/2008|10:39] C:\Program Files\Fichiers communs
[21/01/2007|21:31] C:\Program Files\FinePixViewer
[19/04/2007|20:05] C:\Program Files\Free
[02/12/2007|19:06] C:\Program Files\Free Easy Burner
[24/06/2007|16:11] C:\Program Files\Gamenext
[12/12/2008|22:59] C:\Program Files\GameSpy Arcade
[10/02/2007|19:13] C:\Program Files\Google
[25/08/2008|12:36] C:\Program Files\GTA2
[01/02/2007|18:30] C:\Program Files\Hewlett-Packard
[01/02/2007|18:30] C:\Program Files\HP
[05/02/2007|20:10] C:\Program Files\Infogrames
[27/09/2008|21:34] C:\Program Files\InstallShield Installation Information
[01/02/2007|18:30] C:\Program Files\InterActual
[04/11/2008|10:22] C:\Program Files\Internet Explorer
[11/12/2008|17:36] C:\Program Files\Java
[02/11/2007|16:16] C:\Program Files\K-Lite Codec Pack
[02/03/2008|16:50] C:\Program Files\Les Boucliers de Quetzalcoatl
[23/08/2006|15:36] C:\Program Files\Maxis
[23/12/2007|10:57] C:\Program Files\MediaInfo
[29/11/2008|19:01] C:\Program Files\Messenger
[29/11/2008|18:37] C:\Program Files\Messenger Plus! Live
[12/05/2007|22:27] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[26/10/2005|23:36] C:\Program Files\microsoft frontpage
[28/09/2008|16:29] C:\Program Files\Microsoft Games
[01/02/2007|18:33] C:\Program Files\Microsoft Office
[01/02/2007|18:08] C:\Program Files\Microsoft Visual Studio 8
[01/02/2007|18:32] C:\Program Files\Microsoft Works
[01/02/2007|17:57] C:\Program Files\Microsoft.NET
[29/11/2008|18:57] C:\Program Files\Movie Maker
[10/12/2008|17:16] C:\Program Files\Mozilla Firefox
[01/02/2007|17:59] C:\Program Files\MSBuild
[01/02/2007|18:19] C:\Program Files\MSN
[26/10/2005|23:36] C:\Program Files\MSN Gaming Zone
[29/11/2008|18:38] C:\Program Files\MSN Messenger
[16/08/2007|02:02] C:\Program Files\MSXML 4.0
[04/12/2007|18:05] C:\Program Files\Nero
[29/11/2008|18:54] C:\Program Files\NetMeeting
[16/08/2007|16:25] C:\Program Files\ONES Trial (F)
[26/10/2005|23:36] C:\Program Files\Online Services
[29/11/2008|18:54] C:\Program Files\Outlook Express
[14/09/2006|19:11] C:\Program Files\PC-Doctor 5 for Windows
[02/01/2006|22:59] C:\Program Files\Real
[06/01/2007|20:14] C:\Program Files\REGSHAVE
[01/03/2008|21:29] C:\Program Files\Rhinoceros 3.0
[02/12/2007|19:05] C:\Program Files\Search Settings
[02/01/2006|23:15] C:\Program Files\Services en ligne
[28/08/2006|07:58] C:\Program Files\Sierra On-Line
[02/01/2006|23:00] C:\Program Files\Sonic
[24/08/2006|09:53] C:\Program Files\Sony
[05/07/2007|18:48] C:\Program Files\StudioLine
[30/10/2008|18:31] C:\Program Files\Sun
[06/05/2007|16:38] C:\Program Files\Symantec
[22/07/2007|08:31] C:\Program Files\SystemDoctor Free
[12/05/2007|13:10] C:\Program Files\Tray chin multi
[12/12/2008|23:56] C:\Program Files\Trend Micro
[20/10/2005|20:06] C:\Program Files\Uninstall Information
[26/07/2007|10:35] C:\Program Files\VideoLAN
[23/06/2008|10:39] C:\Program Files\Windows Live
[01/12/2007|03:00] C:\Program Files\Windows Live Toolbar
[02/11/2007|18:14] C:\Program Files\Windows Media Connect 2
[29/11/2008|18:54] C:\Program Files\Windows Media Player
[29/11/2008|18:54] C:\Program Files\Windows NT
[20/10/2005|20:05] C:\Program Files\WindowsUpdate
[24/02/2008|15:17] C:\Program Files\WinRAR
[26/10/2005|23:37] C:\Program Files\xerox
[12/12/2008|23:44] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[02/03/2008|16:15] C:\Program Files\Fichiers communs\Adobe
[23/08/2006|13:55] C:\Program Files\Fichiers communs\AOL
[01/02/2007|17:58] C:\Program Files\Fichiers communs\DESIGNER
[27/08/2006|11:19] C:\Program Files\Fichiers communs\EPSON
[28/04/2008|10:26] C:\Program Files\Fichiers communs\HP
[25/08/2007|15:30] C:\Program Files\Fichiers communs\InstallShield
[02/01/2006|22:40] C:\Program Files\Fichiers communs\Java
[08/08/2008|02:04] C:\Program Files\Fichiers communs\Microsoft Shared
[27/01/2008|16:02] C:\Program Files\Fichiers communs\Motorola Shared
[26/10/2005|23:35] C:\Program Files\Fichiers communs\MSSoap
[04/12/2007|18:07] C:\Program Files\Fichiers communs\Nero
[24/06/2007|16:11] C:\Program Files\Fichiers communs\Oberon Media
[26/10/2005|23:35] C:\Program Files\Fichiers communs\ODBC
[02/11/2007|16:13] C:\Program Files\Fichiers communs\Real
[26/10/2005|23:35] C:\Program Files\Fichiers communs\Services
[28/04/2008|10:27] C:\Program Files\Fichiers communs\Sonic Shared
[24/08/2006|09:53] C:\Program Files\Fichiers communs\Sony Shared
[26/10/2005|23:35] C:\Program Files\Fichiers communs\SpeechEngines
[02/01/2006|23:00] C:\Program Files\Fichiers communs\SureThing Shared
[06/05/2007|16:38] C:\Program Files\Fichiers communs\Symantec Shared
[29/11/2008|18:54] C:\Program Files\Fichiers communs\System
[22/07/2007|08:31] C:\Program Files\Fichiers communs\SystemDoctor
[02/01/2006|23:00] C:\Program Files\Fichiers communs\TiVo Shared
[23/06/2008|10:39] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 51 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 18:41:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 726

--------------------\\ Recherche d'autres infections

C:\WINDOWS\system32\JSAGgfii.ini
C:\WINDOWS\system32\JSAGgfii.ini2
C:\WINDOWS\system32\iifgGASJ.dll
[b]==> VUNDO <==/b

--------------------\\ ROGUES ..

C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free
C:\DOCUME~1\COMPAQ~1\APPLIC~1\SystemDoctor Free
C:\PROGRA~1\FICHIE~1\SystemDoctor
C:\PROGRA~1\SystemDoctor Free



[F:34][D:4]-> C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
[F:71][D:0]-> C:\DOCUME~1\COMPAQ~1\Cookies
[F:1509][D:4]-> C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 13/12/2008|18:22 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 13/12/2008|18:43 - Option : [2]

--------------------\\ Fin du rapport a 18:43:41

ben c'est fait mais je n'ai pas installé la console de récupération, on m'a rien demandé, Combofix a fait tout tout seul.... c'est grave ?

ComboFix 08-12-12.05 - Compaq_Propri‚taire 2008-12-13 19:54:28.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.447.131 [GMT 1:00]
Lancé depuis: c:\documents and settings\Compaq_Propri‚taire\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\SystemDoctor Free
c:\documents and settings\All Users\Application Data\SystemDoctor Free\Data\Abbr
c:\documents and settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode
c:\documents and settings\All Users\Application Data\SystemDoctor Free\Data\HOURS
c:\documents and settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode
c:\documents and settings\Compaq_Propri‚taire\err.log
c:\documents and settings\Compaq_Propri‚taire\ResErrors.log
c:\program files\Fichiers communs\SystemDoctor
c:\program files\Fichiers communs\SystemDoctor\err.log
c:\windows\Downloaded Program Files\setup.inf
c:\windows\fxstaller.exe
c:\windows\system32\dccyll.dll
c:\windows\system32\fsuwgxbl.dll
c:\windows\system32\geBspppO.dll
c:\windows\system32\iifgGASJ.dll
c:\windows\system32\jkkKbBRH.dll
c:\windows\system32\jkkkKBUK.dll
c:\windows\system32\JSAGgfii.ini
c:\windows\system32\JSAGgfii.ini2
c:\windows\system32\jzgvzp.dll
c:\windows\system32\kwxvuoro.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\nwaipv.dll
c:\windows\system32\rs32net.exe
c:\windows\system32\xxyyxuTn.dll
c:\windows\system32\yqxovndv.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-13 au 2008-12-13 ))))))))))))))))))))))))))))))))))))
.

2008-12-13 18:17 . 2008-12-13 18:43 <REP> d-------- C:\Lop SD
2008-12-13 10:47 . 2008-12-13 10:47 <REP> d-------- C:\rsit
2008-12-12 23:56 . 2008-12-12 23:56 <REP> d-------- c:\program files\Trend Micro
2008-12-12 23:53 . 2008-12-12 23:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-12 23:44 . 2008-12-12 23:44 <REP> d-------- c:\program files\Yahoo!
2008-12-12 23:44 . 2008-12-12 23:45 <REP> d-------- c:\program files\CCleaner
2008-12-12 23:05 . 2006-01-02 23:05 <REP> d-------- c:\documents and settings\Administrateur\WINDOWS
2008-12-12 23:05 . 2005-10-20 20:05 <REP> d-------- c:\documents and settings\Administrateur\Voisinage r‚seau
2008-12-12 23:05 . 2005-10-20 20:05 <REP> d-------- c:\documents and settings\Administrateur\Voisinage d'impression
2008-12-12 23:05 . 2005-10-26 23:35 <REP> d-------- c:\documents and settings\Administrateur\ModŠles
2008-12-12 23:05 . 2005-10-26 23:35 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2008-12-12 23:05 . 2005-10-26 23:35 <REP> d-------- c:\documents and settings\Administrateur\Menu D‚marrer
2008-12-12 23:05 . 2006-08-23 13:45 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2008-12-12 23:05 . 2005-10-20 20:05 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2008-12-12 23:05 . 2008-12-12 23:05 <REP> d-------- c:\documents and settings\Administrateur
2008-12-11 20:30 . 2008-12-11 20:30 <REP> d-------- c:\windows\Profiles
2008-12-11 17:36 . 2008-12-11 17:36 410,976 --a------ c:\windows\system32\deploytk.dll
2008-12-11 17:32 . 2008-12-11 17:32 1,025 --a------ C:\wax.exe
2008-12-10 17:38 . 2008-12-10 17:38 59,904 --a------ C:\pr2.exe
2008-12-09 01:51 . 2008-12-09 01:51 12,288 --a------ C:\sdfgh.exe
2008-12-08 23:02 . 2008-12-08 23:02 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\Search Settings
2008-12-08 23:00 . 2008-12-08 23:00 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\Dealio
2008-12-08 22:55 . 2008-12-08 22:55 <REP> dr-hs---- C:\CONFIG
2008-12-08 22:55 . 2008-12-08 22:55 12,288 --a------ C:\mpsn.exe
2008-12-08 22:04 . 2008-12-08 22:04 73,216 --a------ C:\osy.exe
2008-11-29 18:57 . 2008-11-29 18:57 <REP> d-------- c:\windows\system32\fr
2008-11-29 18:57 . 2008-11-29 18:57 <REP> d-------- c:\windows\system32\bits
2008-11-29 18:57 . 2008-11-29 18:57 <REP> d-------- c:\windows\l2schemas
2008-11-29 18:54 . 2008-11-29 18:57 <REP> d-------- c:\windows\ServicePackFiles
2008-11-29 18:46 . 2008-11-29 18:46 <REP> d-------- c:\windows\EHome

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 21:59 --------- d-----w c:\program files\GameSpy Arcade
2008-12-11 19:16 --------- d-----w c:\program files\eMule
2008-12-11 16:36 --------- d-----w c:\program files\Java
2008-11-29 17:38 --------- d-----w c:\program files\MSN Messenger
2008-11-29 17:37 --------- d-----w c:\program files\Messenger Plus! Live
2008-11-13 02:05 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-30 17:31 --------- d-----w c:\program files\Sun
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2007-12-25 11:38 92,064 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmmdm.sys
2007-12-25 11:38 9,232 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmmdfl.sys
2007-12-25 11:38 79,328 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmserd.sys
2007-12-25 11:38 66,656 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmbus.sys
2007-12-25 11:38 6,208 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmcmnt.sys
2007-12-25 11:38 5,936 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmwhnt.sys
2007-12-25 11:38 4,048 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmcr.sys
2007-12-25 11:38 25,600 -c--a-w c:\documents and settings\Compaq_Propriétaire\usbsermptxp.sys
2007-12-25 11:38 22,768 -c--a-w c:\documents and settings\Compaq_Propriétaire\usbsermpt.sys
2007-02-01 17:21 1,104 -c--a-w c:\documents and settings\Compaq_Propriétaire\Application Data\wklnhst.dat
2004-10-06 19:50 15,772,525 -c--a-w c:\program files\Sims2.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 147456]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"au"="c:\program files\Dealio\DealioAU.exe" [2007-11-22 546144]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2007-11-26 1066336]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-01-25 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-19 54888]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-01-02 27136]

c:\documents and settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-01-02 27136]

c:\documents and settings\Compaq_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=jzgvzp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 PzWDM;PzWDM;c:\windows\system32\Drivers\PzWDM.sys [2007-08-16 15172]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-31 20560]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\DRIVERS\V0260Vid.sys [2007-08-25 178913]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cf4df24-e840-11dc-9d80-0007cb0000ff}]
\Shell\AutoRun\command - xp19.com
\Shell\explore\Command - xp19.com
\Shell\open\Command - xp19.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77322e8e-0628-11dd-9d9a-0007cb0000ff}]
\Shell\AutoRun\command - f:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
\Shell\open\command - f:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab519f5d-b213-11db-9c8b-00161782cd80}]
\Shell\AutoRun\command - J:\SETUP.EXE
\Shell\configure\command - J:\SETUP.EXE
\Shell\install\command - J:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af76b74b-68ce-11db-9c40-00161782cd80}]
\Shell\AutoRun\command - xp19.com
\Shell\explore\Command - xp19.com
\Shell\open\Command - xp19.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfef6fc4-87bd-11dd-9ddb-0007cb0000ff}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee1e96a0-7e6d-11dd-9dd6-0007cb0000ff}]
\Shell\AutoRun\command - xp19.com
\Shell\explore\Command - xp19.com
\Shell\open\Command - xp19.com

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX5C574571}]
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
.
Contenu du dossier 'Tâches planifiées'

2008-12-13 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-19 16:07]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{18973860-7AF1-45B9-A1F4-36435531F01A} - c:\windows\system32\iifgGASJ.dll
BHO-{82184106-0af8-4723-9e6e-b8dae26e7bf0} - c:\windows\system32\jzgvzp.dll
HKCU-Run-Build 4 - c:\docume~1\COMPAQ~1\APPLIC~1\TRAYCH~1\optionmeal.exe
HKCU-Run-57968828312333086197212848512327 - c:\program files\A360\av360.exe
HKCU-Run-rs32net - c:\windows\System32\rs32net.exe
HKLM-Run-TkBellExe - c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
HKLM-Run-PCDrProfiler - (no file)
Notify-awtuUkjk - awtuUkjk.dll


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.fr/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PRESARIO&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Compare Prices with &Dealio - c:\documents and settings\Compaq_Propriétaire\Application Data\Dealio\kb125\res\DealioSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?003d7528cef9402eb7c4d829afea03ec
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?003d7528cef9402eb7c4d829afea03ec

c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 20:00:29
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Heure de fin: 2008-12-13 20:07:25 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-13 19:07:14

Avant-CF: 116ÿ975ÿ456ÿ256 octets libres
AprÞs-CF: 117,282,488,320 octets libres

253 --- E O F --- 2008-11-30 02:01:24

c'est fait....

-------------- UsbFix V2.413.4 ---------------

* User : Compaq_Propri‚taire - DUCROS
* Outils mis a jours le 11/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 10:25:16 le 14/12/2008
* Windows Xp - Internet Explorer 7.0.5730.11


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\userinit.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\1.tmp\b2e.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur de CD-ROM


+- Contenu de l'autorun : E:\autorun.inf

[autorun]
open=autorun.exe
icon=dragon.ico


[CONFIG]
BITMAP=emperor_setup.bmp
EXENAME=emperor.exe
INSTKEY=Empereur : L'Empire du Milieu
SPECIALFILE=customuninstall.dll








--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe


+- Listing des fichiers présents :

[23/11/2004 15:21][--a------] C:\AUTOEXEC.BAT
[04/08/2004 22:00][-rahs----] C:\NTDETECT.COM
[27/06/2004 11:55][--a------] C:\cdbxp.exe
[27/06/2004 11:55][--a------] C:\mpsn.exe
[27/06/2004 11:55][--a------] C:\osy.exe
[27/06/2004 11:55][--a------] C:\pr2.exe
[27/06/2004 11:55][--a------] C:\sdfgh.exe
[27/06/2004 11:55][--a------] C:\wax.exe
[23/08/2006 15:40][-rahs----] C:\boot.ini
[13/12/2008 20:07][--a------] C:\ComboFix.txt
[13/12/2008 20:07][--a------] C:\DBS.TXT
[13/12/2008 20:07][--a------] C:\log.txt
[13/12/2008 20:07][--a------] C:\lopR.txt
[13/12/2008 20:07][--a------] C:\UsbFix.txt
[23/11/2004 15:21][--a------] C:\CONFIG.SYS
[23/11/2004 15:21][--a------] C:\IO.SYS
[23/11/2004 15:21][--a------] C:\MSDOS.SYS
[23/11/2004 15:21][--a------] C:\pagefile.sys

--------------- [ Lecteur D ] ----------------

D: - Lecteur fixe


+- Listing des fichiers présents :

[27/07/2001 15:07][---hs----] D:\AUTOEXEC.BAT
[25/07/2001 22:00][---hs----] D:\NTDETECT.COM
[30/11/2004 04:01][---hs----] D:\Info.exe
[09/01/2002 18:52][---hs----] D:\BOOT.INI
[09/01/2002 18:52][---hs----] D:\Desktop.ini
[09/01/2002 18:52][---hs----] D:\WINBOM.INI
[10/09/2002 09:21][---hs----] D:\Folder.htt
[28/07/2001 06:07][---hs----] D:\CONFIG.SYS
[28/07/2001 06:07][---hs----] D:\IO.SYS
[28/07/2001 06:07][---hs----] D:\MSDOS.SYS

--------------- [ Lecteur E ] ----------------

E: - Lecteur de CD-ROM


+- Listing des fichiers présents :

[11/08/2000 18:46][-r-------] E:\Autorun.exe
[11/08/2000 18:46][-r-------] E:\Setup.exe
[29/08/2002 15:14][-r-------] E:\Setup.ini
[07/08/2000 15:02][-r-------] E:\autorun.inf
[07/08/2000 15:02][-r-------] E:\sierra.inf
[22/08/2002 18:47][-r-------] E:\EULA.txt
[22/08/2002 18:47][-r-------] E:\Lisezmoi.txt

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Creative WebCam Tray="C:\Program Files\Creative\Shared Files\CamTray.exe"
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="c:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
updateMgr="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
RTHDCPL=RTHDCPL.EXE
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz=nwiz.exe /install
PCMService="C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
Recguard=C:\WINDOWS\SMINST\RECGUARD.EXE
HPBootOp="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
Easy-PrintToolBox=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
REGSHAVE=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
GrooveMonitor="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
au=C:\Program Files\Dealio\DealioAU.exe
SearchSettings=C:\Program Files\Search Settings\SearchSettings.exe
NeroFilterCheck=c:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
NBKeyScan="c:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
ISUSPM Startup=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cf4df24-e840-11dc-9d80-0007cb0000ff}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cf4df24-e840-11dc-9d80-0007cb0000ff}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cf4df24-e840-11dc-9d80-0007cb0000ff}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77322e8e-0628-11dd-9d9a-0007cb0000ff}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77322e8e-0628-11dd-9d9a-0007cb0000ff}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{998033e0-6c24-11db-9c46-00161782cd80}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab519f5d-b213-11db-9c8b-00161782cd80}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af76b74b-68ce-11db-9c40-00161782cd80}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af76b74b-68ce-11db-9c40-00161782cd80}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af76b74b-68ce-11db-9c40-00161782cd80}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfef6fc4-87bd-11dd-9ddb-0007cb0000ff}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee1e96a0-7e6d-11dd-9dd6-0007cb0000ff}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee1e96a0-7e6d-11dd-9dd6-0007cb0000ff}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee1e96a0-7e6d-11dd-9dd6-0007cb0000ff}\Shell\open\Command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [08/12/2008 22:04][--a------] C:\osy.exe
Supprimé ! - [11/12/2008 17:32][--a------] C:\wax.exe
Supprimé ! - [10/09/2002 09:21][---hs----] D:\Folder.htt
Supprimé ! - [30/11/2004 04:01][---hs----] D:\info.exe
Echec de la supression !! - [07/08/2000 15:02] E:\autorun.inf
Echec de la supression !! - [11/08/2000 18:46] E:\autorun.exe
Echec de la supression !! - [07/08/2000 15:02] E:\autorun.inf
Echec de la supression !! - [07/08/2000 15:02] E:\autorun.inf

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[23/11/2004 15:21][--a------] C:\AUTOEXEC.BAT
[04/08/2004 22:00][-rahs----] C:\NTDETECT.COM
[27/06/2004 11:55][--a------] C:\cdbxp.exe
[27/06/2004 11:55][--a------] C:\mpsn.exe
[27/06/2004 11:55][--a------] C:\pr2.exe
[27/06/2004 11:55][--a------] C:\sdfgh.exe
[23/08/2006 15:40][-rahs----] C:\boot.ini
[27/07/2001 15:07][---hs----] D:\AUTOEXEC.BAT
[25/07/2001 22:00][---hs----] D:\NTDETECT.COM
[09/01/2002 18:52][---hs----] D:\BOOT.INI
[09/01/2002 18:52][---hs----] D:\Desktop.ini
[09/01/2002 18:52][---hs----] D:\WINBOM.INI
[11/08/2000 18:46][-r-------] E:\Autorun.exe
[11/08/2000 18:46][-r-------] E:\Setup.exe
[29/08/2002 15:14][-r-------] E:\Setup.ini
[07/08/2000 15:02][-r-------] E:\autorun.inf
[07/08/2000 15:02][-r-------] E:\sierra.inf

--------------- ! Fin du rapport ! ----------------

suite....

-------------- UsbFix V2.413.4 ---------------

* User : Compaq_Propri‚taire - DUCROS
* Outils mis a jours le 11/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 10:25:16 le 14/12/2008
* Windows Xp - Internet Explorer 7.0.5730.11


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\userinit.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\1.tmp\b2e.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur de CD-ROM


+- Contenu de l'autorun : E:\autorun.inf

[autorun]
open=autorun.exe
icon=dragon.ico


[CONFIG]
BITMAP=emperor_setup.bmp
EXENAME=emperor.exe
INSTKEY=Empereur : L'Empire du Milieu
SPECIALFILE=customuninstall.dll








--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe


+- Listing des fichiers présents :

[23/11/2004 15:21][--a------] C:\AUTOEXEC.BAT
[04/08/2004 22:00][-rahs----] C:\NTDETECT.COM
[27/06/2004 11:55][--a------] C:\cdbxp.exe
[27/06/2004 11:55][--a------] C:\mpsn.exe
[27/06/2004 11:55][--a------] C:\osy.exe
[27/06/2004 11:55][--a------] C:\pr2.exe
[27/06/2004 11:55][--a------] C:\sdfgh.exe
[27/06/2004 11:55][--a------] C:\wax.exe
[23/08/2006 15:40][-rahs----] C:\boot.ini
[13/12/2008 20:07][--a------] C:\ComboFix.txt
[13/12/2008 20:07][--a------] C:\DBS.TXT
[13/12/2008 20:07][--a------] C:\log.txt
[13/12/2008 20:07][--a------] C:\lopR.txt
[13/12/2008 20:07][--a------] C:\UsbFix.txt
[23/11/2004 15:21][--a------] C:\CONFIG.SYS
[23/11/2004 15:21][--a------] C:\IO.SYS
[23/11/2004 15:21][--a------] C:\MSDOS.SYS
[23/11/2004 15:21][--a------] C:\pagefile.sys

--------------- [ Lecteur D ] ----------------

D: - Lecteur fixe


+- Listing des fichiers présents :

[27/07/2001 15:07][---hs----] D:\AUTOEXEC.BAT
[25/07/2001 22:00][---hs----] D:\NTDETECT.COM
[30/11/2004 04:01][---hs----] D:\Info.exe
[09/01/2002 18:52][---hs----] D:\BOOT.INI
[09/01/2002 18:52][---hs----] D:\Desktop.ini
[09/01/2002 18:52][---hs----] D:\WINBOM.INI
[10/09/2002 09:21][---hs----] D:\Folder.htt
[28/07/2001 06:07][---hs----] D:\CONFIG.SYS
[28/07/2001 06:07][---hs----] D:\IO.SYS
[28/07/2001 06:07][---hs----] D:\MSDOS.SYS

--------------- [ Lecteur E ] ----------------

E: - Lecteur de CD-ROM


+- Listing des fichiers présents :

[11/08/2000 18:46][-r-------] E:\Autorun.exe
[11/08/2000 18:46][-r-------] E:\Setup.exe
[29/08/2002 15:14][-r-------] E:\Setup.ini
[07/08/2000 15:02][-r-------] E:\autorun.inf
[07/08/2000 15:02][-r-------] E:\sierra.inf
[22/08/2002 18:47][-r-------] E:\EULA.txt
[22/08/2002 18:47][-r-------] E:\Lisezmoi.txt

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Creative WebCam Tray="C:\Program Files\Creative\Shared Files\CamTray.exe"
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="c:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
updateMgr="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
RTHDCPL=RTHDCPL.EXE
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz=nwiz.exe /install
PCMService="C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
Recguard=C:\WINDOWS\SMINST\RECGUARD.EXE
HPBootOp="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
Easy-PrintToolBox=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
REGSHAVE=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
GrooveMonitor="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
au=C:\Program Files\Dealio\DealioAU.exe
SearchSettings=C:\Program Files\Search Settings\SearchSettings.exe
NeroFilterCheck=c:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
NBKeyScan="c:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
ISUSPM Startup=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cf4df24-e840-11dc-9d80-0007cb0000ff}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cf4df24-e840-11dc-9d80-0007cb0000ff}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cf4df24-e840-11dc-9d80-0007cb0000ff}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77322e8e-0628-11dd-9d9a-0007cb0000ff}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77322e8e-0628-11dd-9d9a-0007cb0000ff}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{998033e0-6c24-11db-9c46-00161782cd80}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab519f5d-b213-11db-9c8b-00161782cd80}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af76b74b-68ce-11db-9c40-00161782cd80}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af76b74b-68ce-11db-9c40-00161782cd80}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af76b74b-68ce-11db-9c40-00161782cd80}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfef6fc4-87bd-11dd-9ddb-0007cb0000ff}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee1e96a0-7e6d-11dd-9dd6-0007cb0000ff}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee1e96a0-7e6d-11dd-9dd6-0007cb0000ff}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee1e96a0-7e6d-11dd-9dd6-0007cb0000ff}\Shell\open\Command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [08/12/2008 22:04][--a------] C:\osy.exe
Supprimé ! - [11/12/2008 17:32][--a------] C:\wax.exe
Supprimé ! - [10/09/2002 09:21][---hs----] D:\Folder.htt
Supprimé ! - [30/11/2004 04:01][---hs----] D:\info.exe
Echec de la supression !! - [07/08/2000 15:02] E:\autorun.inf
Echec de la supression !! - [11/08/2000 18:46] E:\autorun.exe
Echec de la supression !! - [07/08/2000 15:02] E:\autorun.inf
Echec de la supression !! - [07/08/2000 15:02] E:\autorun.inf

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[23/11/2004 15:21][--a------] C:\AUTOEXEC.BAT
[04/08/2004 22:00][-rahs----] C:\NTDETECT.COM
[27/06/2004 11:55][--a------] C:\cdbxp.exe
[27/06/2004 11:55][--a------] C:\mpsn.exe
[27/06/2004 11:55][--a------] C:\pr2.exe
[27/06/2004 11:55][--a------] C:\sdfgh.exe
[23/08/2006 15:40][-rahs----] C:\boot.ini
[27/07/2001 15:07][---hs----] D:\AUTOEXEC.BAT
[25/07/2001 22:00][---hs----] D:\NTDETECT.COM
[09/01/2002 18:52][---hs----] D:\BOOT.INI
[09/01/2002 18:52][---hs----] D:\Desktop.ini
[09/01/2002 18:52][---hs----] D:\WINBOM.INI
[11/08/2000 18:46][-r-------] E:\Autorun.exe
[11/08/2000 18:46][-r-------] E:\Setup.exe
[29/08/2002 15:14][-r-------] E:\Setup.ini
[07/08/2000 15:02][-r-------] E:\autorun.inf
[07/08/2000 15:02][-r-------] E:\sierra.inf

--------------- ! Fin du rapport ! ----------------

OUP'S EXCUSE... VOICI RAPPORT COMBOFIX


ComboFix 08-12-12.05 - Compaq_Propri‚taire 2008-12-14 13:55:01.2 - NTFSx86
Lancé depuis: c:\documents and settings\Compaq_Propri‚taire\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-14 au 2008-12-14 ))))))))))))))))))))))))))))))))))))
.

2008-12-14 10:22 . 2008-12-14 10:25 <REP> d-------- c:\program files\UsbFix
2008-12-13 22:12 . 2008-12-13 22:16 1,393 --a------ c:\windows\imsins.BAK
2008-12-13 18:17 . 2008-12-13 18:43 <REP> d-------- C:\Lop SD
2008-12-13 10:47 . 2008-12-13 10:47 <REP> d-------- C:\rsit
2008-12-12 23:56 . 2008-12-12 23:56 <REP> d-------- c:\program files\Trend Micro
2008-12-12 23:53 . 2008-12-12 23:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-12 23:44 . 2008-12-12 23:44 <REP> d-------- c:\program files\Yahoo!
2008-12-12 23:44 . 2008-12-12 23:45 <REP> d-------- c:\program files\CCleaner
2008-12-12 23:05 . 2006-01-02 23:05 <REP> d-------- c:\documents and settings\Administrateur\WINDOWS
2008-12-12 23:05 . 2005-10-20 20:05 <REP> d-------- c:\documents and settings\Administrateur\Voisinage r‚seau
2008-12-12 23:05 . 2005-10-20 20:05 <REP> d-------- c:\documents and settings\Administrateur\Voisinage d'impression
2008-12-12 23:05 . 2005-10-26 23:35 <REP> d-------- c:\documents and settings\Administrateur\ModŠles
2008-12-12 23:05 . 2005-10-26 23:35 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2008-12-12 23:05 . 2005-10-26 23:35 <REP> d-------- c:\documents and settings\Administrateur\Menu D‚marrer
2008-12-12 23:05 . 2006-08-23 13:45 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2008-12-12 23:05 . 2005-10-20 20:05 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2008-12-12 23:05 . 2008-12-12 23:05 <REP> d-------- c:\documents and settings\Administrateur
2008-12-11 20:30 . 2008-12-11 20:30 <REP> d-------- c:\windows\Profiles
2008-12-11 17:36 . 2008-12-11 17:36 410,976 --a------ c:\windows\system32\deploytk.dll
2008-12-10 17:38 . 2008-12-10 17:38 59,904 --a------ C:\pr2.exe
2008-12-09 01:51 . 2008-12-09 01:51 12,288 --a------ C:\sdfgh.exe
2008-12-08 23:02 . 2008-12-08 23:02 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\Search Settings
2008-12-08 23:00 . 2008-12-08 23:00 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\Dealio
2008-12-08 22:55 . 2008-12-08 22:55 <REP> dr-hs---- C:\CONFIG
2008-12-08 22:55 . 2008-12-08 22:55 12,288 --a------ C:\mpsn.exe
2008-11-29 18:57 . 2008-11-29 18:57 <REP> d-------- c:\windows\system32\fr
2008-11-29 18:57 . 2008-11-29 18:57 <REP> d-------- c:\windows\system32\bits
2008-11-29 18:57 . 2008-11-29 18:57 <REP> d-------- c:\windows\l2schemas
2008-11-29 18:54 . 2008-11-29 18:57 <REP> d-------- c:\windows\ServicePackFiles
2008-11-29 18:46 . 2008-11-29 18:46 <REP> d-------- c:\windows\EHome

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 21:18 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-12 21:59 --------- d-----w c:\program files\GameSpy Arcade
2008-12-11 19:16 --------- d-----w c:\program files\eMule
2008-12-11 16:36 --------- d-----w c:\program files\Java
2008-11-29 17:38 --------- d-----w c:\program files\MSN Messenger
2008-11-29 17:37 --------- d-----w c:\program files\Messenger Plus! Live
2008-10-30 17:31 --------- d-----w c:\program files\Sun
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-17 00:48 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:26 1,846,528 ------w c:\windows\system32\dllcache\win32k.sys
2007-12-25 11:38 92,064 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmmdm.sys
2007-12-25 11:38 9,232 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmmdfl.sys
2007-12-25 11:38 79,328 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmserd.sys
2007-12-25 11:38 66,656 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmbus.sys
2007-12-25 11:38 6,208 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmcmnt.sys
2007-12-25 11:38 5,936 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmwhnt.sys
2007-12-25 11:38 4,048 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmcr.sys
2007-12-25 11:38 25,600 -c--a-w c:\documents and settings\Compaq_Propriétaire\usbsermptxp.sys
2007-12-25 11:38 22,768 -c--a-w c:\documents and settings\Compaq_Propriétaire\usbsermpt.sys
2007-02-01 17:21 1,104 -c--a-w c:\documents and settings\Compaq_Propriétaire\Application Data\wklnhst.dat
2004-10-06 19:50 15,772,525 -c--a-w c:\program files\Sims2.exe
.

((((((((((((((((((((((((((((( snapshot@2008-12-13_20.05.49.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-26 08:11:45 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 08:11:45 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 08:11:45 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 08:11:45 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 08:11:45 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:39:40 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 08:11:45 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 08:11:45 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 08:11:46 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 08:11:46 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:12:27 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 08:11:48 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 08:11:48 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 08:11:49 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 08:11:49 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 08:11:49 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 09:11:52 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 08:11:52 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 08:11:52 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 08:11:52 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 08:11:52 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 08:11:52 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 08:11:52 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 08:11:53 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 08:11:53 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 08:11:54 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
- 2008-11-13 02:05:54 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-12-13 21:18:17 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-11-13 02:05:55 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-13 21:18:18 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-11-13 02:05:54 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-12-13 21:18:18 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-11-13 02:05:54 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-12-13 21:18:18 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-11-13 02:05:55 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-13 21:18:18 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-11-13 02:05:56 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-13 21:18:18 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-11-13 02:05:56 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-12-13 21:18:19 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-11-13 02:05:55 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-12-13 21:18:18 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-11-13 02:05:55 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-12-13 21:18:18 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-11-13 02:05:55 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-12-13 21:18:18 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-11-13 02:05:56 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-12-13 21:18:19 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-11-13 02:05:54 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-13 21:18:17 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-08-26 08:11:45 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:18:31 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-08-26 08:11:45 124,928 ----a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:18:31 124,928 ----a-w c:\windows\system32\dllcache\advpack.dll
- 2008-08-26 08:11:45 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:18:31 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 08:11:45 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:18:31 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 08:11:45 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:18:31 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-08-26 08:11:45 63,488 ------w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:18:32 63,488 ------w c:\windows\system32\dllcache\icardie.dll
- 2008-08-26 08:11:45 153,088 ----a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:18:32 153,088 ----a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 08:11:45 230,400 ----a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:18:32 230,400 ----a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-26 08:11:46 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:18:32 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 08:11:46 384,512 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:18:32 384,512 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:12:27 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:18:35 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 08:11:48 44,544 ----a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:18:35 44,544 ----a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 08:11:48 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:18:35 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-26 08:11:49 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:18:36 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-18 18:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 00:09:22 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-26 08:11:49 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:18:37 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 08:11:49 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:18:37 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-26 08:11:52 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:18:40 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 08:11:52 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:18:40 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 08:11:52 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:18:41 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
- 2008-08-26 08:11:52 102,912 ----a-w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:18:41 102,912 ----a-w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 08:11:52 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:18:41 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-08-26 08:11:52 105,984 ----a-w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:18:41 105,984 ----a-w c:\windows\system32\dllcache\url.dll
- 2008-08-26 08:11:53 1,159,680 ----a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:18:42 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-26 08:11:53 233,472 ----a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:18:42 233,472 ----a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 08:11:54 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:18:43 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
- 2006-10-18 19:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 04:03:08 938,496 ----a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-18 19:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 04:03:14 2,458,112 ----a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-08-26 08:11:45 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:18:31 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 08:11:45 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:18:31 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-26 08:11:45 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:18:31 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-08-26 08:11:45 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:18:32 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-08-25 08:39:40 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:12:20 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-08-26 08:11:45 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:18:32 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-08-26 08:11:45 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:18:32 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-08-26 08:11:46 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:18:32 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 08:11:46 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:18:32 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:12:27 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:18:35 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-26 08:11:48 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:18:35 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-08-26 08:11:48 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:18:35 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-08-26 08:11:49 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:18:36 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2006-10-18 18:03:58 100,864 -c--a-w c:\windows\system32\logagent.exe
+ 2008-06-18 00:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
- 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-08-26 08:11:49 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:18:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 08:11:49 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:18:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-08-27 09:11:52 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-10-17 00:48:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 08:11:52 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:18:40 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-26 08:11:52 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 20:18:40 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-08-26 08:11:52 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 20:18:41 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-08-26 08:11:52 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-10-16 20:18:41 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-08-26 08:11:52 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:18:41 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2007-11-30 12:39:29 18,296 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
- 2008-04-14 02:34:25 60,416 ------w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ------w c:\windows\system32\tzchange.exe
- 2008-08-26 08:11:52 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:18:41 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 08:11:53 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:18:42 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-26 08:11:53 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:18:42 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-08-26 08:11:54 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 20:18:43 826,368 ----a-w c:\windows\system32\wininet.dll
- 2006-10-18 19:47:20 937,984 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-18 04:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-18 19:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 04:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-12-14 09:25:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_62c.dat
+ 2008-12-14 09:25:19 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_698.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 147456]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"au"="c:\program files\Dealio\DealioAU.exe" [2007-11-22 546144]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2007-11-26 1066336]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-01-25 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-19 54888]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-01-02 27136]

c:\documents and settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-01-02 27136]

c:\documents and settings\Compaq_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=jzgvzp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 PzWDM;PzWDM;c:\windows\system32\Drivers\PzWDM.sys [2007-08-16 15172]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-31 20560]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\DRIVERS\V0260Vid.sys [2007-08-25 178913]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX5C574571}]
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
.
Contenu du dossier 'Tâches planifiées'

2008-12-14 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-19 16:07]
.
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PRESARIO&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Compare Prices with &Dealio - c:\documents and settings\Compaq_Propriétaire\Application Data\Dealio\kb125\res\DealioSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?003d7528cef9402eb7c4d829afea03ec
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?003d7528cef9402eb7c4d829afea03ec

c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 13:58:03
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-12-14 13:59:02
ComboFix-quarantined-files.txt 2008-12-14 12:58:59
ComboFix2.txt 2008-12-13 19:07:28

Avant-CF: 116ÿ839ÿ788ÿ544 octets libres
AprÞs-CF: 116,894,314,496 octets libres

388 --- E O F --- 2008-12-13 21:18:23

TU AS EU LE BON ??? suis un peu gauche !

-----------\\ ToolBar S&D 1.2.6 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
BIOS : BIOS Ver: A7225NH5 V3.12 06/29/06 17:32:37
USER : Compaq_Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 081213-0] 4.8.1296 (Activated)
Firewall : Norton Internet Worm Protection 2006 (Not Activated)
C:\ (Local Disk) - NTFS - Total:143 Go (Free:108 Go)
D:\ (Local Disk) - FAT32 - Total:5 Go (Free:0 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
Option : [1] ( 14/12/2008|14:15 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\temp
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\blank.gif
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\DealioSearch.html
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\deals-endcap.gif
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\deals-leftcap.gif
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\deal_report.jpg
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\ebay_login.jpg
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\endcap22-bg.png
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\endcap22-left.png
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\endcap22-right-arrow.png
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\endcap22-right.png
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\err_mainwindow.html
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\err_toolbar.html
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\global_scripts.js
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\headerbgthin.jpg
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\logo.png
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\logo_over.png
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\man_toolbar.html
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\man_toolbar.js
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\pill_bg.gif
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\post-this-deal.gif
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\post-this-deal_over.gif
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\scripts.js
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\scroller.js
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\search-chevron.gif
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\search_bg_blink.gif
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\separator.gif
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\settings.gif
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\settings_over.gif
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\steals_bg.gif
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\toolbar_background.gif
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\res\yahoo_search.gif
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\index.76.35
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.10.76
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.109.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.110.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.12.52
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.13.58
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.130.58
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.135.50
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.153.44
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.155.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.156.49
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.16.60
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.161.52
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.178.66
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.184.55
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.188.52
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.189.45
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.196.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.198.56
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.199.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.200.53
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.201.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.202.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.203.71
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.205.62
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.213.71
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.214.49
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.215.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.216.67
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.217.67
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.218.52
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.219.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.220.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.221.57
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.222.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.223.68
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.226.68
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.227.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.228.62
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.229.76
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.23.63
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.239.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.24.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.240.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.241.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.242.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.243.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.244.63
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.245.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.247.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.248.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.249.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.250.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.251.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.252.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.253.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.254.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.255.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.256.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.257.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.279.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.28.58
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.282.75
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.283.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.284.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.289.67
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.290.62
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.291.61
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.296.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.297.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.304.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.307.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.308.75
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.31.47
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.310.46
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.311.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.315.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.316.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.317.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.318.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.319.49
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.32.48
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.334.44
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.335.60
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.336.44
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.337.44
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.338.75
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.339.47
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.34.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.340.47
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.341.47
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.349.50
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.35.48
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.350.50
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.351.51
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.352.54
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.353.51
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.354.51
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.357.62
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.358.52
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.359.52
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.360.53
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.361.54
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.362.68
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.363.58
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.364.54
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.365.53
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.367.56
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.368.58
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.369.55
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.370.56
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.371.56
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.372.57
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.373.55
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.375.56
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.376.57
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.377.55
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.378.65
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.384.58
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.386.71
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.387.59
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.388.59
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.389.59
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.390.60
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.391.60
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.392.60
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.393.60
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.394.60
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.396.61
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.397.61
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.398.60
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.399.60
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.403.61
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.404.63
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.405.61
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.406.61
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.407.76
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.408.63
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.409.61
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.412.62
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.413.62
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.414.62
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.415.62
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.416.62
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.417.62
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.418.62
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.419.62
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.420.62
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.421.62
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.423.63
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.424.63
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.425.63
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.426.63
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.427.63
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.428.65
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.429.63
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.430.63
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.432.65
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.433.64
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.434.65
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.435.64
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.436.76
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.437.64
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.438.71
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.439.71
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.440.75
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.442.73
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.443.73
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.444.73
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.445.68
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.446.69
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.450.67
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.451.67
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.452.68
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.453.68
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.454.69
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.456.69
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.457.75
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.458.70
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.459.70
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.460.69
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.462.74
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.463.69
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.464.70
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.465.68
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.468.70
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.469.70
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.470.70
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.471.73
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.472.70
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.478.74
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.479.73
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.480.68
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.481.71
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.482.74
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.49.67
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.50.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.500.71
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.501.74
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.502.71
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.51.69
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.52.72
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.520.76
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.521.76
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.522.76
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.53.51
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.531.76
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.532.75
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.534.75
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.54.47
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.55.45
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.56.69
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.57.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.58.47
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.593.76
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.595.76
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.63.57
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.66.47
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.70.75
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\rules\rules.1.71.43
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\temp\dealio-14224.log
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\temp\dealio-14225.log
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\temp\dealio-14226.log
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\temp\dealio-14227.log
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125\temp\dod_cache.xml
C:\Program Files\Dealio
C:\Program Files\Dealio\DealioAU.exe
C:\Program Files\Dealio\kb125
C:\Program Files\Dealio\SearchSettingsKit.exe
C:\Program Files\Dealio\kb125\Dealio Deskbar.exe
C:\Program Files\Dealio\kb125\Dealio.dll
C:\Program Files\Dealio\kb125\res
C:\Program Files\Dealio\kb125\rules
C:\Program Files\Dealio\kb125\temp
C:\Program Files\Dealio\kb125\res\blank.gif
C:\Program Files\Dealio\kb125\res\DealioSearch.html
C:\Program Files\Dealio\kb125\res\deals-endcap.gif
C:\Program Files\Dealio\kb125\res\deals-leftcap.gif
C:\Program Files\Dealio\kb125\res\deal_report.jpg
C:\Program Files\Dealio\kb125\res\ebay_login.jpg
C:\Program Files\Dealio\kb125\res\endcap22-bg.png
C:\Program Files\Dealio\kb125\res\endcap22-left.png
C:\Program Files\Dealio\kb125\res\endcap22-right-arrow.png
C:\Program Files\Dealio\kb125\res\endcap22-right.png
C:\Program Files\Dealio\kb125\res\err_mainwindow.html
C:\Program Files\Dealio\kb125\res\err_toolbar.html
C:\Program Files\Dealio\kb125\res\global_scripts.js
C:\Program Files\Dealio\kb125\res\headerbgthin.jpg
C:\Program Files\Dealio\kb125\res\logo.png
C:\Program Files\Dealio\kb125\res\logo_over.png
C:\Program Files\Dealio\kb125\res\man_toolbar.html
C:\Program Files\Dealio\kb125\res\man_toolbar.js
C:\Program Files\Dealio\kb125\res\pill_bg.gif
C:\Program Files\Dealio\kb125\res\post-this-deal.gif
C:\Program Files\Dealio\kb125\res\post-this-deal_over.gif
C:\Program Files\Dealio\kb125\res\scripts.js
C:\Program Files\Dealio\kb125\res\scroller.js
C:\Program Files\Dealio\kb125\res\search-chevron.gif
C:\Program Files\Dealio\kb125\res\search_bg_blink.gif
C:\Program Files\Dealio\kb125\res\separator.gif
C:\Program Files\Dealio\kb125\res\settings.gif
C:\Program Files\Dealio\kb125\res\settings_over.gif
C:\Program Files\Dealio\kb125\res\steals_bg.gif
C:\Program Files\Dealio\kb125\res\toolbar_background.gif
C:\Program Files\Dealio\kb125\res\yahoo_search.gif
C:\Program Files\Dealio\kb125\rules\index.76.35
C:\Program Files\Dealio\kb125\rules\rules.1.10.76
C:\Program Files\Dealio\kb125\rules\rules.1.109.43
C:\Program Files\Dealio\kb125\rules\rules.1.110.43
C:\Program Files\Dealio\kb125\rules\rules.1.12.52
C:\Program Files\Dealio\kb125\rules\rules.1.13.58
C:\Program Files\Dealio\kb125\rules\rules.1.130.58
C:\Program Files\Dealio\kb125\rules\rules.1.135.50
C:\Program Files\Dealio\kb125\rules\rules.1.153.44
C:\Program Files\Dealio\kb125\rules\rules.1.155.43
C:\Program Files\Dealio\kb125\rules\rules.1.156.49
C:\Program Files\Dealio\kb125\rules\rules.1.16.60
C:\Program Files\Dealio\kb125\rules\rules.1.161.52
C:\Program Files\Dealio\kb125\rules\rules.1.178.66
C:\Program Files\Dealio\kb125\rules\rules.1.184.55
C:\Program Files\Dealio\kb125\rules\rules.1.188.52
C:\Program Files\Dealio\kb125\rules\rules.1.189.45
C:\Program Files\Dealio\kb125\rules\rules.1.196.43
C:\Program Files\Dealio\kb125\rules\rules.1.198.56
C:\Program Files\Dealio\kb125\rules\rules.1.199.43
C:\Program Files\Dealio\kb125\rules\rules.1.200.53
C:\Program Files\Dealio\kb125\rules\rules.1.201.43
C:\Program Files\Dealio\kb125\rules\rules.1.202.43
C:\Program Files\Dealio\kb125\rules\rules.1.203.71
C:\Program Files\Dealio\kb125\rules\rules.1.205.62
C:\Program Files\Dealio\kb125\rules\rules.1.213.71
C:\Program Files\Dealio\kb125\rules\rules.1.214.49
C:\Program Files\Dealio\kb125\rules\rules.1.215.43
C:\Program Files\Dealio\kb125\rules\rules.1.216.67
C:\Program Files\Dealio\kb125\rules\rules.1.217.67
C:\Program Files\Dealio\kb125\rules\rules.1.218.52
C:\Program Files\Dealio\kb125\rules\rules.1.219.43
C:\Program Files\Dealio\kb125\rules\rules.1.220.43
C:\Program Files\Dealio\kb125\rules\rules.1.221.57
C:\Program Files\Dealio\kb125\rules\rules.1.222.43
C:\Program Files\Dealio\kb125\rules\rules.1.223.68
C:\Program Files\Dealio\kb125\rules\rules.1.226.68
C:\Program Files\Dealio\kb125\rules\rules.1.227.43
C:\Program Files\Dealio\kb125\rules\rules.1.228.62
C:\Program Files\Dealio\kb125\rules\rules.1.229.76
C:\Program Files\Dealio\kb125\rules\rules.1.23.63
C:\Program Files\Dealio\kb125\rules\rules.1.239.43
C:\Program Files\Dealio\kb125\rules\rules.1.24.43
C:\Program Files\Dealio\kb125\rules\rules.1.240.43
C:\Program Files\Dealio\kb125\rules\rules.1.241.43
C:\Program Files\Dealio\kb125\rules\rules.1.242.43
C:\Program Files\Dealio\kb125\rules\rules.1.243.43
C:\Program Files\Dealio\kb125\rules\rules.1.244.63
C:\Program Files\Dealio\kb125\rules\rules.1.245.43
C:\Program Files\Dealio\kb125\rules\rules.1.247.43
C:\Program Files\Dealio\kb125\rules\rules.1.248.43
C:\Program Files\Dealio\kb125\rules\rules.1.249.43
C:\Program Files\Dealio\kb125\rules\rules.1.250.43
C:\Program Files\Dealio\kb125\rules\rules.1.251.43
C:\Program Files\Dealio\kb125\rules\rules.1.252.43
C:\Program Files\Dealio\kb125\rules\rules.1.253.43
C:\Program Files\Dealio\kb125\rules\rules.1.254.43
C:\Program Files\Dealio\kb125\rules\rules.1.255.43
C:\Program Files\Dealio\kb125\rules\rules.1.256.43
C:\Program Files\Dealio\kb125\rules\rules.1.257.43
C:\Program Files\Dealio\kb125\rules\rules.1.279.43
C:\Program Files\Dealio\kb125\rules\rules.1.28.58
C:\Program Files\Dealio\kb125\rules\rules.1.282.75
C:\Program Files\Dealio\kb125\rules\rules.1.283.43
C:\Program Files\Dealio\kb125\rules\rules.1.284.43
C:\Program Files\Dealio\kb125\rules\rules.1.289.67
C:\Program Files\Dealio\kb125\rules\rules.1.290.62
C:\Program Files\Dealio\kb125\rules\rules.1.291.61
C:\Program Files\Dealio\kb125\rules\rules.1.296.43
C:\Program Files\Dealio\kb125\rules\rules.1.297.43
C:\Program Files\Dealio\kb125\rules\rules.1.304.43
C:\Program Files\Dealio\kb125\rules\rules.1.307.43
C:\Program Files\Dealio\kb125\rules\rules.1.308.75
C:\Program Files\Dealio\kb125\rules\rules.1.31.47
C:\Program Files\Dealio\kb125\rules\rules.1.310.46
C:\Program Files\Dealio\kb125\rules\rules.1.311.43
C:\Program Files\Dealio\kb125\rules\rules.1.315.43
C:\Program Files\Dealio\kb125\rules\rules.1.316.43
C:\Program Files\Dealio\kb125\rules\rules.1.317.43
C:\Program Files\Dealio\kb125\rules\rules.1.318.43
C:\Program Files\Dealio\kb125\rules\rules.1.319.49
C:\Program Files\Dealio\kb125\rules\rules.1.32.48
C:\Program Files\Dealio\kb125\rules\rules.1.334.44
C:\Program Files\Dealio\kb125\rules\rules.1.335.60
C:\Program Files\Dealio\kb125\rules\rules.1.336.44
C:\Program Files\Dealio\kb125\rules\rules.1.337.44
C:\Program Files\Dealio\kb125\rules\rules.1.338.75
C:\Program Files\Dealio\kb125\rules\rules.1.339.47
C:\Program Files\Dealio\kb125\rules\rules.1.34.43
C:\Program Files\Dealio\kb125\rules\rules.1.340.47
C:\Program Files\Dealio\kb125\rules\rules.1.341.47
C:\Program Files\Dealio\kb125\rules\rules.1.349.50
C:\Program Files\Dealio\kb125\rules\rules.1.35.48
C:\Program Files\Dealio\kb125\rules\rules.1.350.50
C:\Program Files\Dealio\kb125\rules\rules.1.351.51
C:\Program Files\Dealio\kb125\rules\rules.1.352.54
C:\Program Files\Dealio\kb125\rules\rules.1.353.51
C:\Program Files\Dealio\kb125\rules\rules.1.354.51
C:\Program Files\Dealio\kb125\rules\rules.1.357.62
C:\Program Files\Dealio\kb125\rules\rules.1.358.52
C:\Program Files\Dealio\kb125\rules\rules.1.359.52
C:\Program Files\Dealio\kb125\rules\rules.1.360.53
C:\Program Files\Dealio\kb125\rules\rules.1.361.54
C:\Program Files\Dealio\kb125\rules\rules.1.362.68
C:\Program Files\Dealio\kb125\rules\rules.1.363.58
C:\Program Files\Dealio\kb125\rules\rules.1.364.54
C:\Program Files\Dealio\kb125\rules\rules.1.365.53
C:\Program Files\Dealio\kb125\rules\rules.1.367.56
C:\Program Files\Dealio\kb125\rules\rules.1.368.58
C:\Program Files\Dealio\kb125\rules\rules.1.369.55
C:\Program Files\Dealio\kb125\rules\rules.1.370.56
C:\Program Files\Dealio\kb125\rules\rules.1.371.56
C:\Program Files\Dealio\kb125\rules\rules.1.372.57
C:\Program Files\Dealio\kb125\rules\rules.1.373.55
C:\Program Files\Dealio\kb125\rules\rules.1.375.56
C:\Program Files\Dealio\kb125\rules\rules.1.376.57
C:\Program Files\Dealio\kb125\rules\rules.1.377.55
C:\Program Files\Dealio\kb125\rules\rules.1.378.65
C:\Program Files\Dealio\kb125\rules\rules.1.384.58
C:\Program Files\Dealio\kb125\rules\rules.1.386.71
C:\Program Files\Dealio\kb125\rules\rules.1.387.59
C:\Program Files\Dealio\kb125\rules\rules.1.388.59
C:\Program Files\Dealio\kb125\rules\rules.1.389.59
C:\Program Files\Dealio\kb125\rules\rules.1.390.60
C:\Program Files\Dealio\kb125\rules\rules.1.391.60
C:\Program Files\Dealio\kb125\rules\rules.1.392.60
C:\Program Files\Dealio\kb125\rules\rules.1.393.60
C:\Program Files\Dealio\kb125\rules\rules.1.394.60
C:\Program Files\Dealio\kb125\rules\rules.1.396.61
C:\Program Files\Dealio\kb125\rules\rules.1.397.61
C:\Program Files\Dealio\kb125\rules\rules.1.398.60
C:\Program Files\Dealio\kb125\rules\rules.1.399.60
C:\Program Files\Dealio\kb125\rules\rules.1.403.61
C:\Program Files\Dealio\kb125\rules\rules.1.404.63
C:\Program Files\Dealio\kb125\rules\rules.1.405.61
C:\Program Files\Dealio\kb125\rules\rules.1.406.61
C:\Program Files\Dealio\kb125\rules\rules.1.407.76
C:\Program Files\Dealio\kb125\rules\rules.1.408.63
C:\Program Files\Dealio\kb125\rules\rules.1.409.61
C:\Program Files\Dealio\kb125\rules\rules.1.412.62
C:\Program Files\Dealio\kb125\rules\rules.1.413.62
C:\Program Files\Dealio\kb125\rules\rules.1.414.62
C:\Program Files\Dealio\kb125\rules\rules.1.415.62
C:\Program Files\Dealio\kb125\rules\rules.1.416.62
C:\Program Files\Dealio\kb125\rules\rules.1.417.62
C:\Program Files\Dealio\kb125\rules\rules.1.418.62
C:\Program Files\Dealio\kb125\rules\rules.1.419.62
C:\Program Files\Dealio\kb125\rules\rules.1.420.62
C:\Program Files\Dealio\kb125\rules\rules.1.421.62
C:\Program Files\Dealio\kb125\rules\rules.1.423.63
C:\Program Files\Dealio\kb125\rules\rules.1.424.63
C:\Program Files\Dealio\kb125\rules\rules.1.425.63
C:\Program Files\Dealio\kb125\rules\rules.1.426.63
C:\Program Files\Dealio\kb125\rules\rules.1.427.63
C:\Program Files\Dealio\kb125\rules\rules.1.428.65
C:\Program Files\Dealio\kb125\rules\rules.1.429.63
C:\Program Files\Dealio\kb125\rules\rules.1.430.63
C:\Program Files\Dealio\kb125\rules\rules.1.432.65
C:\Program Files\Dealio\kb125\rules\rules.1.433.64
C:\Program Files\Dealio\kb125\rules\rules.1.434.65
C:\Program Files\Dealio\kb125\rules\rules.1.435.64
C:\Program Files\Dealio\kb125\rules\rules.1.436.76
C:\Program Files\Dealio\kb125\rules\rules.1.437.64
C:\Program Files\Dealio\kb125\rules\rules.1.438.71
C:\Program Files\Dealio\kb125\rules\rules.1.439.71
C:\Program Files\Dealio\kb125\rules\rules.1.440.75
C:\Program Files\Dealio\kb125\rules\rules.1.442.73
C:\Program Files\Dealio\kb125\rules\rules.1.443.73
C:\Program Files\Dealio\kb125\rules\rules.1.444.73
C:\Program Files\Dealio\kb125\rules\rules.1.445.68
C:\Program Files\Dealio\kb125\rules\rules.1.446.69
C:\Program Files\Dealio\kb125\rules\rules.1.450.67
C:\Program Files\Dealio\kb125\rules\rules.1.451.67
C:\Program Files\Dealio\kb125\rules\rules.1.452.68
C:\Program Files\Dealio\kb125\rules\rules.1.453.68
C:\Program Files\Dealio\kb125\rules\rules.1.454.69
C:\Program Files\Dealio\kb125\rules\rules.1.456.69
C:\Program Files\Dealio\kb125\rules\rules.1.457.75
C:\Program Files\Dealio\kb125\rules\rules.1.458.70
C:\Program Files\Dealio\kb125\rules\rules.1.459.70
C:\Program Files\Dealio\kb125\rules\rules.1.460.69
C:\Program Files\Dealio\kb125\rules\rules.1.462.74
C:\Program Files\Dealio\kb125\rules\rules.1.463.69
C:\Program Files\Dealio\kb125\rules\rules.1.464.70
C:\Program Files\Dealio\kb125\rules\rules.1.465.68
C:\Program Files\Dealio\kb125\rules\rules.1.468.70
C:\Program Files\Dealio\kb125\rules\rules.1.469.70
C:\Program Files\Dealio\kb125\rules\rules.1.470.70
C:\Program Files\Dealio\kb125\rules\rules.1.471.73
C:\Program Files\Dealio\kb125\rules\rules.1.472.70
C:\Program Files\Dealio\kb125\rules\rules.1.478.74
C:\Program Files\Dealio\kb125\rules\rules.1.479.73
C:\Program Files\Dealio\kb125\rules\rules.1.480.68
C:\Program Files\Dealio\kb125\rules\rules.1.481.71
C:\Program Files\Dealio\kb125\rules\rules.1.482.74
C:\Program Files\Dealio\kb125\rules\rules.1.49.67
C:\Program Files\Dealio\kb125\rules\rules.1.50.43
C:\Program Files\Dealio\kb125\rules\rules.1.500.71
C:\Program Files\Dealio\kb125\rules\rules.1.501.74
C:\Program Files\Dealio\kb125\rules\rules.1.502.71
C:\Program Files\Dealio\kb125\rules\rules.1.51.69
C:\Program Files\Dealio\kb125\rules\rules.1.52.72
C:\Program Files\Dealio\kb125\rules\rules.1.520.76
C:\Program Files\Dealio\kb125\rules\rules.1.521.76
C:\Program Files\Dealio\kb125\rules\rules.1.522.76
C:\Program Files\Dealio\kb125\rules\rules.1.53.51
C:\Program Files\Dealio\kb125\rules\rules.1.531.76
C:\Program Files\Dealio\kb125\rules\rules.1.532.75
C:\Program Files\Dealio\kb125\rules\rules.1.534.75
C:\Program Files\Dealio\kb125\rules\rules.1.54.47
C:\Program Files\Dealio\kb125\rules\rules.1.55.45
C:\Program Files\Dealio\kb125\rules\rules.1.56.69
C:\Program Files\Dealio\kb125\rules\rules.1.57.43
C:\Program Files\Dealio\kb125\rules\rules.1.58.47
C:\Program Files\Dealio\kb125\rules\rules.1.593.76
C:\Program Files\Dealio\kb125\rules\rules.1.595.76
C:\Program Files\Dealio\kb125\rules\rules.1.63.57
C:\Program Files\Dealio\kb125\rules\rules.1.66.47
C:\Program Files\Dealio\kb125\rules\rules.1.70.75
C:\Program Files\Dealio\kb125\rules\rules.1.71.43
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\Dealio
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\res
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\temp
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\res\ErrorPageTemplate.css
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\res\help.gif
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\res\tabdata.js
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\res\tablib.js
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\res\tabwelcome_en.html
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\res\tab_icon.png
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\res\toolbar_background.gif
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\res\yahoo_search.gif
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\temp\ws-14223.log
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\temp\ws-14224.log
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\temp\ws-14225.log
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125\temp\ws-14226.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb125
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb125\res
C:\Program Files\Search Settings\kb125\SearchSettings.dll
C:\Program Files\Search Settings\kb125\temp
C:\Program Files\Search Settings\kb125\res\ErrorPageTemplate.css
C:\Program Files\Search Settings\kb125\res\help.gif
C:\Program Files\Search Settings\kb125\res\tabdata.js
C:\Program Files\Search Settings\kb125\res\tablib.js
C:\Program Files\Search Settings\kb125\res\tabwelcome_en.html
C:\Program Files\Search Settings\kb125\res\tab_icon.png
C:\Program Files\Search Settings\kb125\res\toolbar_background.gif
C:\Program Files\Search Settings\kb125\res\yahoo_search.gif

-----------\\ Extensions

(Compaq_Propri‚taire) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="https://fr.search.yahoo.com/?fr=cb-hp06"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr"
"Search Bar"="https://fr.search.yahoo.com/?fr=cb-hp06"


--------------------\\ Recherche d'autres infections

--------------------\\ ROGUES ..

C:\DOCUME~1\COMPAQ~1\APPLIC~1\SystemDoctor Free
C:\PROGRA~1\SystemDoctor Free




1 - "C:\ToolBar SD\TB_1.txt" - 14/12/2008|14:16 - Option : [1]

-----------\\ Fin du rapport a 14:16:18,90

-----------\\ ToolBar S&D 1.2.6 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
BIOS : BIOS Ver: A7225NH5 V3.12 06/29/06 17:32:37
USER : Compaq_Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 081213-0] 4.8.1296 (Activated)
Firewall : Norton Internet Worm Protection 2006 (Not Activated)
C:\ (Local Disk) - NTFS - Total:143 Go (Free:108 Go)
D:\ (Local Disk) - FAT32 - Total:5 Go (Free:0 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
Option : [2] ( 14/12/2008|14:28 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio\kb125
Supprime! - C:\Program Files\Dealio\DealioAU.exe
Supprime! - C:\Program Files\Dealio\kb125
Supprime! - C:\Program Files\Dealio\SearchSettingsKit.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\Dealio
Supprime! - C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings\kb125
Supprime! - C:\Program Files\Search Settings\kb125
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio
Supprime! - C:\Program Files\Dealio
Supprime! - C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Compaq_Propri‚taire) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="https://fr.search.yahoo.com/?fr=cb-hp06"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Bar"="https://fr.search.yahoo.com/?fr=cb-hp06"


--------------------\\ Recherche d'autres infections

--------------------\\ ROGUES ..

C:\DOCUME~1\COMPAQ~1\APPLIC~1\SystemDoctor Free
C:\PROGRA~1\SystemDoctor Free




1 - "C:\ToolBar SD\TB_1.txt" - 14/12/2008|14:16 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 14/12/2008|14:29 - Option : [2]

-----------\\ Fin du rapport a 14:29:59,53

ComboFix 08-12-12.05 - Compaq_Propriétaire 2008-12-14 17:44:27.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.447.121 [GMT 1:00]
Lancé depuis: c:\documents and settings\Compaq_Propriétaire\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Compaq_Propriétaire\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
C:\mpsn.exe
C:\pr2.exe
C:\sdfgh.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1\APPLIC~1\SystemDoctor Free
c:\docume~1\COMPAQ~1\APPLIC~1\SystemDoctor Free\Logs\update.log
c:\documents and settings\Compaq_Propri‚taire\Local Settings\Temporary Internet Files\
c:\documents and settings\Invit‚\Local Settings\Temporary Internet Files\
C:\mpsn.exe
C:\pr2.exe
c:\progra~1\SystemDoctor Free
c:\progra~1\SystemDoctor Free\st.dat
C:\sdfgh.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-14 au 2008-12-14 ))))))))))))))))))))))))))))))))))))
.

2008-12-14 14:15 . 2008-12-14 14:29 <REP> d-------- C:\ToolBar SD
2008-12-14 10:22 . 2008-12-14 10:25 <REP> d-------- c:\program files\UsbFix
2008-12-13 22:12 . 2008-12-13 22:16 1,393 --a------ c:\windows\imsins.BAK
2008-12-13 18:17 . 2008-12-13 18:43 <REP> d-------- C:\Lop SD
2008-12-13 10:47 . 2008-12-13 10:47 <REP> d-------- C:\rsit
2008-12-12 23:56 . 2008-12-12 23:56 <REP> d-------- c:\program files\Trend Micro
2008-12-12 23:53 . 2008-12-12 23:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-12 23:44 . 2008-12-12 23:44 <REP> d-------- c:\program files\Yahoo!
2008-12-12 23:44 . 2008-12-12 23:45 <REP> d-------- c:\program files\CCleaner
2008-12-12 23:05 . 2006-01-02 23:05 <REP> d-------- c:\documents and settings\Administrateur\WINDOWS
2008-12-12 23:05 . 2005-10-20 20:05 <REP> d-------- c:\documents and settings\Administrateur\Voisinage réseau
2008-12-12 23:05 . 2005-10-20 20:05 <REP> d-------- c:\documents and settings\Administrateur\Voisinage d'impression
2008-12-12 23:05 . 2005-10-26 23:35 <REP> d-------- c:\documents and settings\Administrateur\Modèles
2008-12-12 23:05 . 2005-10-26 23:35 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2008-12-12 23:05 . 2005-10-26 23:35 <REP> d-------- c:\documents and settings\Administrateur\Menu Démarrer
2008-12-12 23:05 . 2006-08-23 13:45 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2008-12-12 23:05 . 2005-10-20 20:05 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2008-12-12 23:05 . 2008-12-12 23:05 <REP> d-------- c:\documents and settings\Administrateur
2008-12-11 20:30 . 2008-12-11 20:30 <REP> d-------- c:\windows\Profiles
2008-12-11 17:36 . 2008-12-11 17:36 410,976 --a------ c:\windows\system32\deploytk.dll
2008-12-08 23:02 . 2008-12-08 23:02 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\Search Settings
2008-12-08 23:00 . 2008-12-08 23:00 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\Dealio
2008-12-08 22:55 . 2008-12-08 22:55 <REP> dr-hs---- C:\CONFIG
2008-11-29 18:57 . 2008-11-29 18:57 <REP> d-------- c:\windows\system32\fr
2008-11-29 18:57 . 2008-11-29 18:57 <REP> d-------- c:\windows\system32\bits
2008-11-29 18:57 . 2008-11-29 18:57 <REP> d-------- c:\windows\l2schemas
2008-11-29 18:54 . 2008-11-29 18:57 <REP> d-------- c:\windows\ServicePackFiles
2008-11-29 18:46 . 2008-11-29 18:46 <REP> d-------- c:\windows\EHome

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 21:18 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-12 21:59 --------- d-----w c:\program files\GameSpy Arcade
2008-12-11 19:16 --------- d-----w c:\program files\eMule
2008-12-11 16:36 --------- d-----w c:\program files\Java
2008-11-29 17:38 --------- d-----w c:\program files\MSN Messenger
2008-11-29 17:37 --------- d-----w c:\program files\Messenger Plus! Live
2008-10-30 17:31 --------- d-----w c:\program files\Sun
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2007-12-25 11:38 92,064 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmmdm.sys
2007-12-25 11:38 9,232 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmmdfl.sys
2007-12-25 11:38 79,328 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmserd.sys
2007-12-25 11:38 66,656 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmbus.sys
2007-12-25 11:38 6,208 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmcmnt.sys
2007-12-25 11:38 5,936 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmwhnt.sys
2007-12-25 11:38 4,048 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmcr.sys
2007-12-25 11:38 25,600 -c--a-w c:\documents and settings\Compaq_Propriétaire\usbsermptxp.sys
2007-12-25 11:38 22,768 -c--a-w c:\documents and settings\Compaq_Propriétaire\usbsermpt.sys
2004-10-06 19:50 15,772,525 -c--a-w c:\program files\Sims2.exe
.

((((((((((((((((((((((((((((( snapshot_2008-12-14_13.58.36,50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-14 16:48:25 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_37c.dat
+ 2008-12-14 16:48:03 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_644.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 147456]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-01-25 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-19 54888]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
EPSON Status Monitor 3 Environment Check.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2000-09-18 121856]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=jzgvzp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 PzWDM;PzWDM;c:\windows\system32\Drivers\PzWDM.sys [2007-08-16 15172]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-31 20560]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\DRIVERS\V0260Vid.sys [2007-08-25 178913]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX5C574571}]
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
.
Contenu du dossier 'Tâches planifiées'

2008-12-14 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-19 16:07]

2008-12-14 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PRESARIO&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PRESARIO&pf=desktop
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?003d7528cef9402eb7c4d829afea03ec
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?003d7528cef9402eb7c4d829afea03ec

c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf
FF - ProfilePath - c:\documents and settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\8a3jqqjm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 17:48:11
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Heure de fin: 2008-12-14 17:53:36 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-14 16:53:32
ComboFix2.txt 2008-12-14 12:59:03
ComboFix3.txt 2008-12-13 19:07:28

Avant-CF: 116 814 807 040 octets libres
Après-CF: 116,807,544,832 octets libres

213 --- E O F --- 2008-12-13 21:18:23

ComboFix 08-12-12.05 - Compaq_Propriétaire 2008-12-14 18:42:47.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.447.119 [GMT 1:00]
Lancé depuis: c:\documents and settings\Compaq_Propriétaire\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Compaq_Propriétaire\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Propri‚taire\Local Settings\Temporary Internet Files\
c:\documents and settings\Invit‚\Local Settings\Temporary Internet Files\
c:\windows\system32\config\systemprofile\Application Data\Dealio
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\blank.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\deal_report.jpg
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\DealioSearch.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\deals-endcap.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\deals-leftcap.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\ebay_login.jpg
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\endcap22-bg.png
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\endcap22-left.png
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\endcap22-right-arrow.png
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\endcap22-right.png
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\err_mainwindow.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\err_toolbar.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\global_scripts.js
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\headerbgthin.jpg
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\logo.png
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\logo_over.png
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\man_toolbar.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\man_toolbar.js
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\pill_bg.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\post-this-deal.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\post-this-deal_over.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\scripts.js
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\scroller.js
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\search-chevron.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\search_bg_blink.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\separator.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\settings.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\settings_over.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\steals_bg.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\toolbar_background.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\res\yahoo_search.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\index.76.35
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.10.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.109.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.110.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.12.52
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.13.58
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.130.58
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.135.50
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.153.44
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.155.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.156.49
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.16.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.161.52
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.178.66
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.184.55
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.188.52
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.189.45
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.196.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.198.56
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.199.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.200.53
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.201.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.202.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.203.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.205.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.213.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.214.49
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.215.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.216.67
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.217.67
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.218.52
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.219.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.220.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.221.57
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.222.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.223.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.226.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.227.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.228.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.229.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.23.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.239.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.24.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.240.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.241.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.242.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.243.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.244.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.245.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.247.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.248.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.249.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.250.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.251.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.252.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.253.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.254.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.255.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.256.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.257.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.279.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.28.58
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.282.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.283.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.284.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.289.67
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.290.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.291.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.296.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.297.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.304.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.307.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.308.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.31.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.310.46
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.311.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.315.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.316.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.317.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.318.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.319.49
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.32.48
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.334.44
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.335.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.336.44
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.337.44
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.338.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.339.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.34.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.340.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.341.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.349.50
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.35.48
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.350.50
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.351.51
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.352.54
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.353.51
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.354.51
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.357.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.358.52
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.359.52
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.360.53
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.361.54
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.362.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.363.58
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.364.54
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.365.53
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.367.56
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.368.58
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.369.55
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.370.56
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.371.56
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.372.57
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.373.55
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.375.56
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.376.57
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.377.55
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.378.65
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.384.58
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.386.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.387.59
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.388.59
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.389.59
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.390.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.391.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.392.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.393.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.394.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.396.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.397.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.398.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.399.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.403.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.404.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.405.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.406.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.407.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.408.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.409.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.412.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.413.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.414.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.415.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.416.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.417.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.418.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.419.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.420.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.421.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.423.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.424.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.425.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.426.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.427.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.428.65
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.429.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.430.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.432.65
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.433.64
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.434.65
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.435.64
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.436.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.437.64
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.438.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.439.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.440.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.442.73
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.443.73
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.444.73
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.445.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.446.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.450.67
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.451.67
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.452.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.453.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.454.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.456.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.457.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.458.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.459.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.460.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.462.74
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.463.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.464.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.465.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.468.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.469.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.470.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.471.73
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.472.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.478.74
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.479.73
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.480.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.481.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.482.74
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.49.67
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.50.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.500.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.501.74
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.502.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.51.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.52.72
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.520.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.521.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.522.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.53.51
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.531.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.532.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.534.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.54.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.55.45
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.56.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.57.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.58.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.593.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.595.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.63.57
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.66.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.70.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\rules\rules.1.71.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\temp\dealio-14221.log
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb125\temp\dealio-14223.log
c:\windows\system32\config\systemprofile\Application Data\Search Settings
c:\windows\system32\config\systemprofile\Application Data\Search Settings\kb125\res\ErrorPageTemplate.css
c:\windows\system32\config\systemprofile\Application Data\Search Settings\kb125\res\help.gif
c:\windows\system32\config\systemprofile\Application Data\Search Settings\kb125\res\tab_icon.png
c:\windows\system32\config\systemprofile\Application Data\Search Settings\kb125\res\tabdata.js
c:\windows\system32\config\systemprofile\Application Data\Search Settings\kb125\res\tablib.js
c:\windows\system32\config\systemprofile\Application Data\Search Settings\kb125\res\tabwelcome_en.html
c:\windows\system32\config\systemprofile\Application Data\Search Settings\kb125\res\toolbar_background.gif
c:\windows\system32\config\systemprofile\Application Data\Search Settings\kb125\res\yahoo_search.gif
c:\windows\system32\config\systemprofile\Application Data\Search Settings\kb125\temp\ws-14221.log

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-14 au 2008-12-14 ))))))))))))))))))))))))))))))))))))
.

2008-12-14 17:53 . 2008-12-14 17:53 <REP> d-------- c:\documents and settings\Invit‚
2008-12-14 17:53 . 2008-12-14 17:53 <REP> d-------- c:\documents and settings\Compaq_Propri‚taire
2008-12-14 14:15 . 2008-12-14 14:29 <REP> d-------- C:\ToolBar SD
2008-12-14 10:22 . 2008-12-14 10:25 <REP> d-------- c:\program files\UsbFix
2008-12-13 22:12 . 2008-12-13 22:16 1,393 --a------ c:\windows\imsins.BAK
2008-12-13 18:17 . 2008-12-13 18:43 <REP> d-------- C:\Lop SD
2008-12-13 10:47 . 2008-12-13 10:47 <REP> d-------- C:\rsit
2008-12-12 23:56 . 2008-12-12 23:56 <REP> d-------- c:\program files\Trend Micro
2008-12-12 23:53 . 2008-12-12 23:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-12 23:44 . 2008-12-12 23:44 <REP> d-------- c:\program files\Yahoo!
2008-12-12 23:44 . 2008-12-12 23:45 <REP> d-------- c:\program files\CCleaner
2008-12-12 23:05 . 2006-01-02 23:05 <REP> d-------- c:\documents and settings\Administrateur\WINDOWS
2008-12-12 23:05 . 2005-10-20 20:05 <REP> d-------- c:\documents and settings\Administrateur\Voisinage réseau
2008-12-12 23:05 . 2005-10-20 20:05 <REP> d-------- c:\documents and settings\Administrateur\Voisinage d'impression
2008-12-12 23:05 . 2005-10-26 23:35 <REP> d-------- c:\documents and settings\Administrateur\Modèles
2008-12-12 23:05 . 2005-10-26 23:35 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2008-12-12 23:05 . 2005-10-26 23:35 <REP> d-------- c:\documents and settings\Administrateur\Menu Démarrer
2008-12-12 23:05 . 2006-08-23 13:45 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2008-12-12 23:05 . 2005-10-20 20:05 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2008-12-12 23:05 . 2008-12-12 23:05 <REP> d-------- c:\documents and settings\Administrateur
2008-12-11 20:30 . 2008-12-11 20:30 <REP> d-------- c:\windows\Profiles
2008-12-11 17:36 . 2008-12-11 17:36 410,976 --a------ c:\windows\system32\deploytk.dll
2008-12-08 22:55 . 2008-12-08 22:55 <REP> dr-hs---- C:\CONFIG
2008-11-29 18:57 . 2008-11-29 18:57 <REP> d-------- c:\windows\system32\fr
2008-11-29 18:57 . 2008-11-29 18:57 <REP> d-------- c:\windows\system32\bits
2008-11-29 18:57 . 2008-11-29 18:57 <REP> d-------- c:\windows\l2schemas
2008-11-29 18:54 . 2008-11-29 18:57 <REP> d-------- c:\windows\ServicePackFiles
2008-11-29 18:46 . 2008-11-29 18:46 <REP> d-------- c:\windows\EHome

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 21:18 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-12 21:59 --------- d-----w c:\program files\GameSpy Arcade
2008-12-11 19:16 --------- d-----w c:\program files\eMule
2008-12-11 16:36 --------- d-----w c:\program files\Java
2008-11-29 17:38 --------- d-----w c:\program files\MSN Messenger
2008-11-29 17:37 --------- d-----w c:\program files\Messenger Plus! Live
2008-10-30 17:31 --------- d-----w c:\program files\Sun
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-17 00:48 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:26 1,846,528 ------w c:\windows\system32\dllcache\win32k.sys
2007-12-25 11:38 92,064 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmmdm.sys
2007-12-25 11:38 9,232 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmmdfl.sys
2007-12-25 11:38 79,328 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmserd.sys
2007-12-25 11:38 66,656 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmbus.sys
2007-12-25 11:38 6,208 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmcmnt.sys
2007-12-25 11:38 5,936 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmwhnt.sys
2007-12-25 11:38 4,048 -c--a-w c:\documents and settings\Compaq_Propriétaire\mqdmcr.sys
2007-12-25 11:38 25,600 -c--a-w c:\documents and settings\Compaq_Propriétaire\usbsermptxp.sys
2007-12-25 11:38 22,768 -c--a-w c:\documents and settings\Compaq_Propriétaire\usbsermpt.sys
2004-10-06 19:50 15,772,525 -c--a-w c:\program files\Sims2.exe
.

((((((((((((((((((((((((((((( snapshot_2008-12-14_13.58.36,50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-14 17:47:18 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4ec.dat
+ 2008-12-14 17:46:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_640.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 147456]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-01-25 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-19 54888]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
EPSON Status Monitor 3 Environment Check.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2000-09-18 121856]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 PzWDM;PzWDM;c:\windows\system32\Drivers\PzWDM.sys [2007-08-16 15172]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-31 20560]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\DRIVERS\V0260Vid.sys [2007-08-25 178913]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX5C574571}]
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
.
Contenu du dossier 'Tâches planifiées'

2008-12-14 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-19 16:07]

2008-12-14 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PRESARIO&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PRESARIO&pf=desktop
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?003d7528cef9402eb7c4d829afea03ec
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?003d7528cef9402eb7c4d829afea03ec

c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf
FF - ProfilePath - c:\documents and settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\8a3jqqjm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 18:47:02
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Alwil Software\Avast4\Setup\avast.setup
.
**************************************************************************
.
Heure de fin: 2008-12-14 18:53:24 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-14 17:53:18
ComboFix2.txt 2008-12-14 16:53:39
ComboFix3.txt 2008-12-14 12:59:03
ComboFix4.txt 2008-12-13 19:07:28

Avant-CF: 116 821 065 728 octets libres
Après-CF: 116,808,237,056 octets libres

497 --- E O F --- 2008-12-13 21:18:23

Logfile of random's system information tool 1.04 (written by random/random)
Run by Compaq_Propriétaire at 2008-12-14 20:33:51
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 111 GB (76%) free of 147 GB
Total RAM: 447 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:02, on 14/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Propriétaire.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] c:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "c:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?003d7528cef9402eb7c4d829afea03ec
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?003d7528cef9402eb7c4d829afea03ec
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\WINDOWS\system32\f72b1916-.txt moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4e0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_680.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_au95VbJAUgNBunu scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12142008_210725

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_4e0.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_680.dat not found!
File C:\WINDOWS\temp\sqlite_au95VbJAUgNBunu not found!

JavaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Dec 14 21:31:27 2008

Found and removed: C:\Program Files\Java\jre1.5.0_05

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: Software\JavaSoft\Java2D\1.5.0_05

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510005

Found and removed: SOFTWARE\Classes\JavaPlugin.150_05

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150050}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_05

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_02

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

------------------------------------

Finished reporting.