Bonjour à tous,

Je suis sur Microsoft Windows XP Édition familiale Service Pack 3 - Mon navigateur internet est Mozilla Firefox 3.0.11. Mon Anti-virus est F-Secure Internet Security 2009.

En faisant une analyse de mon disque dur par mon anti-virus F-Secure Internet Security 2009, celui-ci a découvert un virus : Backdoor.Win32.Prorat.19.bkw.
* C:\Documents and Settings\guyot\Local Settings\Application Data\IM\Identities\{85E26297-B1D4-490E-B7EA-7D7A1821D3C3}\Message Store\Attachments\TCPOPTIMIZER.ZIP\tcpoptimizer_v2.0.2.exe

J' ai également effectué une analyse avec Random's system information tool (RSIT) figurant ci-dessous en (2).

1/ Voici le rapport d'analyse de mon anti-virus F-Secure Internet Security 2009 Le
vendredi 3 juillet 2009 19:03:15 - 20:51:56

Nom de l'ordinateur : GUYOT-DF18F196B
Type d'analyse : Effectuer une analyse complète de l'ordinateur
Cible : C:\ + système + rootkits
Résultat: 1 antiprogramme(s) détecté(s)
Backdoor.Win32.Prorat.19.bkw (virus)

* C:\Documents and Settings\guyot\Local Settings\Application Data\IM\Identities\{85E26297-B1D4-490E-B7EA-7D7A1821D3C3}\Message Store\Attachments\TCPOPTIMIZER.ZIP\tcpoptimizer_v2.0.2.exe

Statistiques
Analysés :

* Fichiers : 92702
* Non analysés : 73

Résultat :

* Virus : 1
* Spyware : 0
* Eléments suspects : 0
* Programme à risque : 0

Actions :

* Nettoyés : 0
* Renommés : 0
* Supprimés : 0
* Quarantaine : 0
* Echec : 0

Secteurs d'amorçage :

* Analysés : 2
* Infectés : 0
* Eléments suspects : 0
* Nettoyés : 0

Fichiers non analysés :

* Erreur d'ouverture du fichier (cliquez ici pour plus d'infos) C:\PAGEFILE.SYS
* Le fichier C:\WINDOWS\uninstallMOH.exe\AutoPlay\autorun.cdd\_detect.dat est crypté.
* Le fichier C:\WINDOWS\uninstallMOH.exe\AutoPlay\autorun.cdd\_proj.dat est crypté.
* Erreur d'ouverture du fichier (cliquez ici pour plus d'infos) C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* Erreur d'ouverture du fichier (cliquez ici pour plus d'infos) C:\WINDOWS\SYSTEM32\CONFIG\SAM
* Erreur d'ouverture du fichier (cliquez ici pour plus d'infos) C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* Erreur d'ouverture du fichier (cliquez ici pour plus d'infos) C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* Erreur d'ouverture du fichier (cliquez ici pour plus d'infos) C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\1B05D29F.cab\GCFilterC677FE2F.ax.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\1B05D29F.cab\GCFX9538E86B.DLL.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\1B05D29F.cab\GCHWCfgE46596EB.DLL.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\1B05D29F.cab\GCLib6F8EAA22.DLL.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\1B05D29F.cab\GCLocale9D907DCB.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\1B05D29F.cab\GDIPainterB4035259.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\1B05D29F.cab\HDCC1194CEC3.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\1B05D29F.cab\HTMLGallery65449C25.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\1B05D29F.cab\MMTools9249D9CD.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\1B05D29F.cab\NeroVisionB5EC2E2A.exe.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\1B05D29F.cab\NeroVisionAPIC9AD27B6.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\1B05D29F.cab\NeVideoFX58BFC8BE.bitmaps.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\1B05D29F.cab\NeVideoFXFFBFB02C.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\1B05D29F.cab\NVDV50D516A7.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\1B05D29F.cab\NVECommonFXAF325D1E.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\1B05D29F.cab\VCDDoc9640972E.DLL.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\1B05D29F.cab\VCDEngine0944D317.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\1B05D29F.cab\VCDLib6535AEDE.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\1B05D29F.cab\VCDUI10A8739B.DLL.
* Erreur d'ouverture du fichier (cliquez ici pour plus d'infos) C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\49B52B36.cab\NMCoFoundation83B7A230.dll [F-Secure AVP]
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\49B52B36.cab\NMDataServices0958A224.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\49B52B36.cab\NMFirstStartD9B4E50E.exe.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\49B52B36.cab\NMIndexStoreSvr3BA72ABB.exe.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\49B52B36.cab\NMIndexStoreSvrPSBEC1BEF1.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\49B52B36.cab\NMLogCxxF8AF0D60.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\49B52B36.cab\NMPluginBaseE1507844.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\49B52B36.cab\NMSearch9D90DEFF.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\49B52B36.cab\NMSearchPluginFileSystem899397DB.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\49B52B36.cab\NMSearchPluginMediaLibraryD5A14319.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\49B52B36.cab\NMSQLDB9877E5EB.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\49B52B36.cab\NMThumbnailIconsGen377E388B.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\49B52B36.cab\NMUPnPBrowser67A1B119.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\49B52B36.cab\NMUPnPServicesLibPSD1C67436.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\49B52B36.cab\NMVDS27562014.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\4D801849.cab\NeroSearchD058B1F2.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\5D2B53A4.cab\MFC716251E7FF.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\5D2B53A4.cab\msvcp710E7F954E.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\5D2B53A4.cab\msvcr716A7F987A.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\648763B4.cab\msvcr7149E661ED.dll.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\648763B4.cab\Msvcrt1C8C9592.dll.
* Erreur d'ouverture du fichier (cliquez ici pour plus d'infos) C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe\Cab\7E74347D.cab\msvcr71402AC422.dll [F-Secure AVP]
* L'analyse de C:\Documents and Settings\guyot\Mes documents\Néro 7.0.1.2\Nero-7.0.1.2_fra.exe a été interrompue. [F-Secure AVP]
* L'analyse de C:\Documents and Settings\guyot\Mes documents\DRIVERS\Pilotes open office 2.4.1\OOo_2.4.1_Win32Intel_install_wJRE_fr.exe a été interrompue. [F-Secure AVP]
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Bureau\NINTENDO\bureau de jeux a telecharger\JEUX NITENDO DS\Children of Mana.rar\Children of Mana (E).nds.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Bureau\NINTENDO\bureau de jeux a telecharger\JEUX NITENDO DS\custom arena.rar\Custom Robo Arena.nds.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Bureau\NINTENDO\bureau de jeux a telecharger\JEUX NITENDO DS\elite beat agents.rar\Elite Beat Agents.nds.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Bureau\NINTENDO\bureau de jeux a telecharger\JEUX NITENDO DS\final fantasy 3.rar\Final Fantasy III.nds.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Bureau\NINTENDO\bureau de jeux a telecharger\JEUX NITENDO DS\hotel dust.rar\Hotel Dusk - Room 215.nds.
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Bureau\NINTENDO\bureau de jeux a telecharger\JEUX NITENDO DS\Practice English.rar\Practice English.nds.
* L'analyse de C:\Documents and Settings\guyot\Bureau\NINTENDO\bureau de jeux a telecharger\JEUX NITENDO DS\Project Rub (fr).zip a été interrompue. [F-Secure AVP]
* Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\guyot\Bureau\NINTENDO\bureau de jeux a telecharger\JEUX NITENDO DS\Simpsons le Jeu.rar\1583 - Simpsons le Jeu, Les (FR).nds.
* Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip\sbRecovery.reg est crypté.
* Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip\sbRecovery.ini est crypté.
* Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride1.zip\sbRecovery.reg est crypté.
* Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride1.zip\sbRecovery.ini est crypté.
* Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride2.zip\sbRecovery.reg est crypté.
* Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride2.zip\sbRecovery.ini est crypté.
* Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride3.zip\sbRecovery.reg est crypté.
* Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride5.zip\sbRecovery.reg est crypté.
* Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride5.zip\sbRecovery.ini est crypté.
* Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride4.zip\sbRecovery.reg est crypté.
* Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride3.zip\sbRecovery.ini est crypté.
* Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride4.zip\sbRecovery.ini est crypté.
* Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride6.zip\sbRecovery.reg est crypté.
* Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride6.zip\sbRecovery.ini est crypté.

Options
Version des définitions :

* Virus : 2009-07-03_03
* Spyware : 2009-07-02_08

Moteurs d'analyse :

* F-Secure AVP: 7.00.171, 2009-07-02
* F-Secure Hydra: 4.00.9222, 2009-07-03
* F-Secure BlackLight: 2.04.1093

Options d'analyse :

* Analyser les fichiers définis : COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ANI AVB BAT CEO CMD JOB JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TGZ ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
* Analyser le contenu des archives

Actions :

* Virus : Interroger après analyse
* Spyware : Interroger après analyse

Erreur d'informations
Une erreur "Impossible d'ouvrir le fichier" s'est produite :
Le message d'erreur "Impossible d'ouvrir le fichier" signifie que le moteur d'analyse n'a pas pu ouvrir de fichier et que ce dernier n'a pas pu être analysé. Vous pouvez généralement ignorer ce message d'erreur car il peut être dû à de nombreuses causes autres qu'une menace de sécurité, notamment :

* Le fichier est un fichier système. Par principe, les fichiers système sont protégés par le système d'exploitation. Dans ce cas, ignorez le message.
* Vous n'êtes pas autorisé à lire le fichier. Pour analyser le fichier, connectez-vous avec un compte utilisateur disposant des autorisations suffisantes (le compte administrateur de l'ordinateur par exemple) et réexécutez l'analyse.
* Le fichier était utilisé par une application pendant la tentative d'analyse. Pour l'analyser, fermez toutes les applications et réessayez.


2/ RAPPORT ANALYSE DE random's system information tool 1.06 (log.txt et info.txt) :

Logfile of random's system information tool 1.06 (written by random/random)
Run by guyot at 2009-07-04 06:33:08
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 16 GB (10%) free of 157 GB
Total RAM: 3006 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:33:20, on 04/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\CPUCooL\CPUCooL.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\MediaDICO4Ut.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CPUCooL\CooLSrv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\Rac4Ut.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\F-Secure Internet Security\FSGUI\scanwizard.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\DllHost.exe
C:\Documents and Settings\guyot\Bureau\RSIT.exe
C:\Program Files\trend micro\HijackThis\guyot.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101677&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: Mirar - {0A6788FD-D836-436E-ADF9-669B1D025A83} - C:\WINDOWS\system32\wina578.dll
O2 - BHO: BestShoppingTipsEver - {14E7799C-8E96-159A-C194-84A00F1C262D} - C:\Program Files\BestShoppingTipsEver\BestShoppingTipsEver.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Mirar - {0A6788FC-D836-436E-ADF9-669B1D025A83} - C:\WINDOWS\system32\wina578.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MediaDICO4Ut] C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe Lancement
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CPUCooL.lnk = C:\Program Files\CPUCooL\CPUCooL.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Traduire (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191886826203
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192066908906
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_3_1.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe
O23 - Service: Service Google Update (gupdate1c9eb24a1f511f4) (gupdate1c9eb24a1f511f4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/guyot/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 13349 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Maintenance en 1 clic.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A6788FD-D836-436E-ADF9-669B1D025A83}]
Mirar - C:\WINDOWS\system32\wina578.dll [2009-06-16 524288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14E7799C-8E96-159A-C194-84A00F1C262D}]
BestShoppingTipsEver - C:\Program Files\BestShoppingTipsEver\BestShoppingTipsEver.dll [2009-06-15 154624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-08 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-03-27 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
P2P Energy Toolbar - C:\Program Files\P2P_Energy\tbP2P_.dll [2009-03-10 2079256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{95daa571-4def-4a6d-97d8-98a346672a24} - SYSTRAN Toolbar - C:\WINDOWS\system32\mscoree.dll [2007-10-24 282112]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{2bae58c2-79f9-45d1-a286-81f911301c3a} - P2P Energy Toolbar - C:\Program Files\P2P_Energy\tbP2P_.dll [2009-03-10 2079256]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-08 279944]
{0A6788FC-D836-436E-ADF9-669B1D025A83} - Mirar - C:\WINDOWS\system32\wina578.dll [2009-06-16 524288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"=C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE [2008-10-15 182936]
"F-Secure TNB"=C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe [2008-10-15 957024]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-11-19 1970176]
"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]
"nwiz"=nwiz.exe /install []
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-09-07 716800]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-17 19968]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-02-18 13680640]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-06-12 198160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MediaDICO4Ut"=C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe [2004-03-03 252416]
"SuperCopier.exe"=C:\Program Files\SuperCopier\SuperCopier.exe [2003-04-25 683520]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^guyot^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
[]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Post-it® Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe

C:\Documents and Settings\guyot\Menu Démarrer\Programmes\Démarrage
CPUCooL.lnk - C:\Program Files\CPUCooL\CPUCooL.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-27 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrivesL"=1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
"NoDriveAutoRun"=67107751
"NoDriveTypeAutoRun"=145
"NoDrives"=00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e57fe2c-5e9c-11dd-b0a1-001a92780b88}]
shell\AutoRun\command - J:\wdsync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d13dc1a-18ae-11dd-afb5-001a92780b88}]
shell\AutoRun\command - copetttt.com
shell\explore\command - copetttt.com
shell\open\command - copetttt.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7eb6eb4-3c1f-11de-b80d-001e58e74984}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL


======List of files/folders created in the last 1 months======

2009-07-04 06:33:08 ----D---- C:\rsit
2009-06-20 13:20:20 ----D---- C:\Program Files\Sega
2009-06-19 07:05:13 ----D---- C:\WINDOWS\ie8updates
2009-06-19 07:02:29 ----HDC---- C:\WINDOWS\ie8
2009-06-18 13:42:22 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-06-18 13:42:21 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-06-16 22:03:55 ----A---- C:\WINDOWS\system32\wina578.dll
2009-06-16 21:57:25 ----D---- C:\Program Files\PlayMP3z
2009-06-16 21:57:25 ----D---- C:\Program Files\BestShoppingTipsEver
2009-06-16 21:42:31 ----D---- C:\Documents and Settings\guyot\Application Data\FrostWire
2009-06-16 21:42:04 ----D---- C:\Program Files\AskBarDis
2009-06-13 11:21:08 ----D---- C:\Program Files\Audiogalaxy Rhapsody
2009-06-13 10:05:48 ----D---- C:\Program Files\P2P_Energy
2009-06-13 10:04:52 ----D---- C:\Documents and Settings\guyot\Application Data\MP3Torpedo
2009-06-13 10:04:35 ----D---- C:\Program Files\MP3Torpedo
2009-06-12 21:32:57 ----D---- C:\Program Files\eMule
2009-06-12 17:44:12 ----A---- C:\WINDOWS\cdplayer.ini
2009-06-12 17:17:58 ----D---- C:\Program Files\Fichiers communs\xing shared
2009-06-12 17:17:47 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-06-12 17:17:29 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-06-12 17:17:29 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-06-12 17:17:28 ----D---- C:\Program Files\Real
2009-06-12 17:17:27 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-06-12 17:17:22 ----D---- C:\Program Files\Fichiers communs\Real
2009-06-12 17:17:20 ----D---- C:\Documents and Settings\guyot\Application Data\Real
2009-06-11 21:26:05 ----D---- C:\Program Files\Kazaa

======List of files/folders modified in the last 1 months======

2009-07-04 06:33:20 ----D---- C:\WINDOWS\temp
2009-07-04 06:33:12 ----D---- C:\WINDOWS\Prefetch
2009-07-04 06:31:08 ----D---- C:\WINDOWS\Debug
2009-07-04 06:31:08 ----AD---- C:\WINDOWS
2009-07-04 06:25:33 ----D---- C:\Program Files\Mozilla Firefox
2009-07-04 06:10:46 ----D---- C:\Program Files\F-Secure Internet Security
2009-07-04 06:08:50 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-04 06:08:02 ----D---- C:\WINDOWS\Registration
2009-07-03 21:25:54 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-07-03 06:40:37 ----D---- C:\Program Files\TuneUp Utilities 2009
2009-07-03 05:55:15 ----D---- C:\Program Files\Outlook Express
2009-06-30 20:45:55 ----SD---- C:\WINDOWS\Tasks
2009-06-30 20:45:54 ----SHD---- C:\WINDOWS\Installer
2009-06-21 09:12:21 ----AC---- C:\WINDOWS\NeroDigital.ini
2009-06-21 08:38:52 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-06-21 07:59:25 ----D---- C:\Program Files\DVD Shrink
2009-06-20 14:36:26 ----D---- C:\Program Files\Secret Maryo Chronicles
2009-06-20 13:20:20 ----RD---- C:\Program Files
2009-06-19 07:11:21 ----D---- C:\WINDOWS\system32
2009-06-19 07:10:40 ----HD---- C:\WINDOWS\inf
2009-06-19 07:10:40 ----D---- C:\WINDOWS\system32\fr-fr
2009-06-19 07:10:40 ----D---- C:\WINDOWS\Media
2009-06-19 07:10:40 ----D---- C:\Program Files\Internet Explorer
2009-06-19 07:10:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-19 07:10:39 ----D---- C:\WINDOWS\Help
2009-06-19 07:05:35 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-17 14:25:28 ----AC---- C:\WINDOWS\hpqcopy.INI
2009-06-16 21:57:25 ----D---- C:\Program Files\Windows Media Player
2009-06-15 19:25:20 ----D---- C:\Documents and Settings
2009-06-15 06:14:07 ----D---- C:\WINDOWS\Minidump
2009-06-12 17:17:58 ----D---- C:\Program Files\Fichiers communs
2009-06-12 17:12:16 ----D---- C:\Program Files\Google
2009-06-10 23:54:43 ----AC---- C:\WINDOWS\win.ini
2009-06-10 11:13:54 ----D---- C:\Program Files\Windows Desktop Search

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2008-09-17 82380]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-18 24232]
R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files\F-Secure Internet Security\HIPS\drivers\fshs.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 ntiomin;ntiomin; C:\WINDOWS\system32\drivers\ntiomin.sys [2008-04-13 11392]
R1 ntiopnp;ntiopnp; C:\WINDOWS\system32\drivers\ntiopnp.sys [2008-04-13 12800]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sonypvf2;sonypvf2; C:\WINDOWS\system32\drivers\sonypvf2.sys [2004-04-08 635017]
R1 sonypvt2;sonypvt2; C:\WINDOWS\system32\drivers\sonypvt2.sys [2003-08-20 431236]
R2 Fallback;Fallback; C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]
R2 K56;K56; C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 LANPkt;Realtek LANPkt Protocol Driver; C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2006-07-18 8399]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 SoftFax;SoftFax; C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 Tones;Tones; C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\system32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-06 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-05 127872]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-05-10 103872]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-09-21 43520]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys []
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-12-17 25505]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\Drivers\LMouFlt2.sys [2003-12-17 70801]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-02-18 6308224]
R3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2005-05-27 1317152]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RtsUStor.sys [2009-02-03 162816]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-12 393088]
R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 AdfuUd;USB 2.0 (FS) ADFU Device; C:\WINDOWS\System32\Drivers\AdfuUd.sys [2004-09-16 12634]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-05 127872]
S3 AgereSoftModem;OLITEC PCI V92 V4 Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-06-08 2410076]
S3 basic2;basic2; C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 catchme;catchme; \??\C:\DOCUME~1\guyot\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
S3 Diag69xp;Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [2006-07-11 11003]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-18 27165]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter; \??\C:\DOCUME~1\guyot\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-08-26 1041152]
S3 hsf_msft;hsf_msft; C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-08-26 207616]
S3 L8042PR2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\l8042pr2.sys [2003-12-17 51729]
S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
S3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-06-15 1127936]
S3 Rksample;Rksample; C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 RTL8023xp;D-Link DGE-528T Gigabit Ethernet Adapter NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\DLKRTXP.SYS [2006-07-31 83456]
S3 RTLVLAN;D-Link VLAN Intermediate Driver; C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS [2006-06-01 16384]
S3 Rts516xIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SQTECH913D;913D Camera; C:\WINDOWS\System32\Drivers\Capt913D.sys [2007-08-21 29824]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\Rts5161ccid.sys []
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2006-02-08 244352]
S3 whmice2k;WheelMouse Upper Filter Driver; C:\WINDOWS\system32\DRIVERS\whmice2k.sys [2001-10-02 5973]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-08-26 675840]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys []
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-11 611664]
R2 CPUCooLServer;CPUCooLServer Service; C:\Program Files\CPUCooL\CooLSrv.exe [2008-04-13 118784]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe [2008-10-15 215648]
R2 FSMA;F-Secure Management Agent; C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE [2008-10-15 117400]
R2 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-02-18 163908]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-05-06 604416]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe [2008-10-15 490080]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe [2008-10-15 510560]
R3 FSORSPClient;F-Secure ORSP Client; C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe [2008-10-15 55904]
S2 gupdate1c9eb24a1f511f4;Service Google Update (gupdate1c9eb24a1f511f4); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-12 133104]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-06-27 69120]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-01-24 216232]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-05-06 361216]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.06 2009-07-04 06:33:23

======Uninstall list======

-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS2"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ISP News"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ORSP Client"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter"
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
913D Camera-->C:\Program Files\InstallShield Installation Information\{3F927DF0-D056-466F-B4B8-61804D5B6351}\setup.exe -runfromtemp -l0x040c -removeonly
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Add-In des 7 Dictionnaires Utiles-->MsiExec.exe /I{DAF8AA96-3D93-4FF6-9EC0-608EF4FA363D}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Audiogalaxy Rhapsody-->"C:\Program Files\Audiogalaxy Rhapsody\Unwise32.exe" C:\PROGRA~1\AUDIOG~1\Install.log
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Calculatrice (CalcCF) Standart 1.01-->"C:\Program Files\CalcCF_Standart\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
CPUCooL (remove only)-->"C:\Program Files\CPUCooL\CPUCooL-uninst.exe"
Dietetik 5.3-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\GLD\Dietetik 5.3\DeIsL1.isu" -c"C:\Program Files\GLD\Dietetik 5.3\_ISREG32.DLL"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Genius Professional Edition-->"C:\Program Files\Driver-Soft\DriverGenius\unins000.exe"
DVD Decoder Pak for Windows XP-->MsiExec.exe /X{92C5DB3D-9D6F-4324-BB11-57825F4C2635}
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVD2one V2.2.2-->C:\Program Files\DVD2one V2\uninst.exe
Encyclopédie Universelle Larousse 2008-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D334AC80-9E0E-426D-9931-9DE779779422}\Setup.exe" -l0x40c
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Express Rip-->C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
FFBestShoppingTipsEver-->C:\Program Files\Mozilla Firefox\extensions\BestShoppingTipsEver@BestShoppingTipsEver\uninstall.exe uninstall=bestshoppingtipseverff
F-Secure Internet Security 2009-->"C:\Program Files\F-Secure Internet Security\FSGUI\PostInstall.exe" /tUnInstall
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.33\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Happyland Adventures - Xmas Edition v1.3-->c:\games\happy\unins000.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
hp deskjet 840c series (Supprimer uniquement)-->C:\Program Files\hp deskjet 840c series\hpfiui.exe -c -vdivid=HPF -vpnum=90 -vinstport=LPT1: -vproduct=840c -huninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Java DB 10.3.1.4-->MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Development Kit 6 Update 7-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160070}
Jazz Jackrabbit 2-->C:\Games\Jazz2\UnInst.exe C:\Games\Jazz2\UnInst.j2
Jewel Quest 3 fr-->"C:\Program Files\BoontyGames\Jewel Quest 3\unins000.exe"
JMicron JMB36X Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x40c -removeonly
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logiciel QuickCam de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c
Logitech MouseWare 9.79.1 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x40c -l040c UNINSTALL
LudoRace-->C:\Program Files\LudoRace\uninstall.exe
Luxor - Amun Rising-->"C:\Program Files\Gamenext\Luxor - Amun Rising\Uninstall.exe" "C:\Program Files\Gamenext\Luxor - Amun Rising\install.log"
Luxor 2-->"C:\Program Files\Gamenext\Luxor 2\Uninstall.exe" "C:\Program Files\Gamenext\Luxor 2\install.log"
Luxor 3 fr-->"C:\Program Files\BoontyGames\Luxor 3\unins000.exe"
Ma-Config.com-->MsiExec.exe /X{8AFB8FC4-3EBA-4C67-943F-CF43DB2180F1}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Micro Application - 7 Dictionnaires Utiles-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67302631-380D-4E15-8275-013214EEA343}\setup.exe" -l0x40c -uninst
Micro Application - Faire-part-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C47A5846-81B0-4123-9365-0E99695DD9C4}\SETUP.EXE" -l0x40c
Micro Application - Intérieur-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4CB12F3-4406-4AAC-8E43-F161F5BCC87C}\SETUP.EXE" -l0x40c
Micro Application - Junior Récré-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Micro Application\Junior Récré\Uninst.isu"
Micro Application - MediaDICO Les 4 Dictionnaires Utiles-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\Uninst.isu"
Micro Application - Voeux et Félicitations-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Micro Application\Voeux et Félicitations\Uninst.isu" -c"C:\Program Files\Micro Application\Voeux et Félicitations\_UNODBC.DLL"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{9085040C-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Works 6-9 Converter-->MsiExec.exe /X{172423F9-522A-483A-AD65-03600CE4CA4F}
Mirar-->mshta.exe http://remove.getmirar.com/
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour pour Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (3.0b1)-->C:\Program Files\Mozilla Thunderbird 3 Beta 1\uninstall\helper.exe
MP3 Player Utilities-->MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}
MP3Torpedo-->C:\Program Files\MP3Torpedo\uninstall.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Multi-Jeux-->C:\Disney\Jungle\uninstal.exe
Nero 7 Demo-->MsiExec.exe /I{C985153C-3801-EB63-1432-088E71801036}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OLITEC PCI V92 Ready V2 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_200014F1\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F00&SUBSYS_200014F1
OLITEC PCI V92 V4 Modem-->agrsmdel
OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
P2P_Energy Toolbar-->C:\PROGRA~1\P2P_EN~1\UNWISE.EXE /U C:\PROGRA~1\P2P_EN~1\INSTALL.LOG
Pacman 2005 1.1-->C:\Program Files\Pacman 2005\uninst.exe
PaperPort 7.02-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\ScanSoft\PaperPort\Config\DeIsL1.isu" -y -c"C:\Program Files\ScanSoft\PaperPort\UnInstl2.dll"
PaperPort Printer Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0E1EFC2-FE99-11D3-99C7-0040F6982C20}\setup.exe" UninstallUninstall
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x40c
PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"
PIXELA ImageMixer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13413C6C-C640-40B8-917E-CA3062826B18}\setup.exe"
PlayMP3z-->C:\Program Files\PlayMP3z\uninstall.exe uninstall=playmp3z
PopCap Browser Plugin-->C:\Program Files\PopCap Games\PopCap Browser Plugin\Uninstall.exe
PortTrigger 1.0.60-->C:\Program Files\PortTrigger\uninst.exe
Post-it® Software Notes Lite-->"C:\Program Files\3M\PSNLite\Uninstall.exe" -Prog"C:\Program Files\3M\PSNLite\PsnLite.exe" -INI"C:\Program Files\3M\PSNLite\uninst.ini"
Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Readiris 7.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}\setup.exe" -l0x40c
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek USB 2.0 Card Reader-->C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe -runfromtemp -l0x040c -removeonly
SCRABBLE® 2005 DEMO FR-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07CE148E-1523-46E8-A22E-120954477135}\Setup.exe" -l0x40c
Secret Maryo Chronicles-->"C:\Program Files\Secret Maryo Chronicles\uninstall.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SoftV92 Data Fax Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F00
SONIC HEROES TRIAL-->C:\Program Files\Sega\SONICHEROES TRIAL\unsetup.exe
Sony DVD Handycam USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F845B05-8B76-4302-A808-7FB21E2BC5E6}\Setup.exe" UNINSTALL
SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x40c -removeonly
SuperCopier-->"C:\Program Files\SuperCopier\SCUninst.exe"
SYSTRAN-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{4C94F105-81D0-4AFC-8F0A-38949DC07F65} /l1036
Tarzan Jeu D'Action-->C:\WINDOWS\IsUn040c.exe -fC:\PROGRA~1\DISNEY~1\TARZAN~1\DeIsL1.isu
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
USB2.0 Card Reader Software-->"C:\Program Files\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -l0x040c -removeonly
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Version 2-->"C:\Program Files\deo\unins000.exe"
VIA Platform Device Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast-Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VirginMega.Fr Premium-->MsiExec.exe /I{EE467474-04A8-48D5-8DDF-0F8D3A3CCBE5}
Visual C++ CRT 9.0-->MsiExec.exe /I{9ED38F62-7A50-4145-8C5D-0FCFFBF10A7B}
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WIA and Minimal TWAIN for hp Scanjet 4500-5550-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7E0C9B44-8587-4F90-8588-F7DAC5E1A5D1} /l1036
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Zuma Deluxe 1.0-->C:\Program Files\PopCap Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma Deluxe\Install.log"
Zylom Games Player Plugin-->"C:\Program Files\Zylom Games\UninstallPlugin.exe" --uninstall

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: F-Secure Internet Security 2009 9.00
FW: F-Secure Internet Security 2009 9.00

======System event log======

Computer Name: GUYOT-DF18F196B
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\Harddisk1\D au cours d'une opération de pagination.

Record Number: 718934
Source Name: Disk
Time Written: 20090528102841.000000+660
Event Type: Avertissement
User:

Computer Name: GUYOT-DF18F196B
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\Harddisk1\D au cours d'une opération de pagination.

Record Number: 718933
Source Name: Disk
Time Written: 20090528102841.000000+660
Event Type: Avertissement
User:

Computer Name: GUYOT-DF18F196B
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\Harddisk1\D au cours d'une opération de pagination.

Record Number: 718932
Source Name: Disk
Time Written: 20090528102841.000000+660
Event Type: Avertissement
User:

Computer Name: GUYOT-DF18F196B
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\Harddisk1\D au cours d'une opération de pagination.

Record Number: 718931
Source Name: Disk
Time Written: 20090528102841.000000+660
Event Type: Avertissement
User:

Computer Name: GUYOT-DF18F196B
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\Harddisk1\D au cours d'une opération de pagination.

Record Number: 718930
Source Name: Disk
Time Written: 20090528102841.000000+660
Event Type: Avertissement
User:

=====Application event log=====

Computer Name: GUYOT-DF18F196B
Event Code: 300
Message: Windows (2732) Windows: Le moteur de base de données initialise la procédure de récupération.

Record Number: 5
Source Name: ESENT
Time Written: 20090119111710.000000+660
Event Type: Informations
User:

Computer Name: GUYOT-DF18F196B
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 4
Source Name: SecurityCenter
Time Written: 20090119111710.000000+660
Event Type: Informations
User:

Computer Name: GUYOT-DF18F196B
Event Code: 102
Message: Windows (2732) Windows: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 3
Source Name: ESENT
Time Written: 20090119111708.000000+660
Event Type: Informations
User:

Computer Name: GUYOT-DF18F196B
Event Code: 100
Message: SearchIndexer (2732) Le moteur de base de données 5.01.2600.5512 est démarré.

Record Number: 2
Source Name: ESENT
Time Written: 20090119111708.000000+660
Event Type: Informations
User:

Computer Name: GUYOT-DF18F196B
Event Code: 105
Message:
Record Number: 1
Source Name: Creative Service for CDROM Access
Time Written: 20090119111656.000000+660
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Fichiers communs\ArcSoft\Bin;%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

désolé mais tu est hacké par un stupide serveur de Prorat !!

ésseye d'installer Kaspersky antivirus ou bien Avast 4.8 et scan ton ordinateur !!

// edit de modération \\
voici ce que je conseille en matière d'Antivirus gratuit.
Si c'est du gratuit, je conseille Antivir.
Ceci est à lire:
sujet-30062.html

Winx

salut
Ce message présente un danger potentiel pour le système. Faites attention si vous n'êtes pas sûr(e) de vous .
@danitech on ne conseil pas l'installation d'un anti virus quand il y en a déjà un.
@franrosi ne tiens pas compte du post précédent, patiente jusqu'à l'arrivée d'un spécialiste sécurité.

La collision entre son antivirus actuel et Kaspersky/Avast/etc. peut donner lieu à bien des surprises...

Salut à toi et bienvenue,

Plusieurs types d'infections dans cette machine.

infection de type SD
+ infection de type BT
+ infection via clé usb possible

fais ceci:

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
***Si le lien ne fonctionne pas, essaie ceux-ci :
http://download.bleepingcomputer.com/an ... /SDFix.exe
http://sdfix.net/SDFix.exe

Double clique sur SDFix.exe . L'outil sera extrait à la racine du lecteur système (généralement le C:\).
Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.

Déroule la liste des instructions ci-dessous :

• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il est possible que l'outil demande un redémarrage en mode Sans Échec en début de routine, si une infection particulière est détectée; valide et tapote la touche F8 au redémarrage pour accéder aux options de démarrage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

// ! Important ! \\
=======================


Ps:
======
Conseil d'ordre général
ne pas aller sur le Net avec Internet Explorer
télécharger Mozilla-Firefox 3.0. X. (le X représente évidemment la dernière version ) et le mettre à l'install comme Navigateur par défaut.
http://www.mozilla-europe.org/fr/firefox/
-->source ici de conseils
Eviter à tous prix de poster dans plusieurs Forum à la fois...pas de multi-postage donc !
sujet-29815.html


Poster les 2 rapports demandés (log.txt et info.txt)
En cas de fichier trop gros, suffit de le diviser sur deux réponses, ou plus.....

re, salut,
voici le rapport :

SDFix: Version 1.240
Run by guyot on 05/07/2009 at 03:09

Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\guyot\Bureau\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Program Files\PlayMP3z\PlayMP3.exe - Deleted
C:\Program Files\PlayMP3z\uninstall.exe - Deleted



Folder C:\Program Files\PlayMP3z - Removed


Removing Temp Files

ADS Check :

C:\WINDOWS
FD843FB56A0CB50 72
Total size: 72 bytes.
WINDOWS: deleted 72 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS
No streams found.



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-05 03:24:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="86795A23F2F7F933AC526E73B14DF6AE1DBE4685C1EB29ECE548AA5F0DB9080BB567A1145FB94346D983773716123240930212DD15258A4234DF173410B3F29811695C9E22965C833FEC30E9398330A728156C114B644A21E8BDDB0EDFBDC79981E7ECBC69A5A2F35AB8B6CEECC89C080C03514A7B8280E7876BF1A0F9812A44039269CEB60263CA3B56DE8ED88E922A051F6E1C935BB51A2BBC85082E2DB0F2A2DB19176049E4D886792EB577FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794BA7FD869164D6794A9C6AECB7A5D14079E50C001D95436C9915FBDFAF9D5EDB91AF26B605478625ADEAE99BC83D130D500DDDEC65FC74BCC8899456900937DFD792C0C8DCA1CE0BFDB5567C18F12F5C76850E2A3B86B4445C0B4462286A58E47B3A11993E2D814F594BB1F8E3B1E639C1E74001F7141BC00702B6B44594A8586109DD5C3C7CCC9358017BD49318F4E716A8D8E54D6FE349E51EF057D07742B05D85A2C83EA4633891E93662BE33370B79B5308F37B0E8C98A3630613E2C82ADBDE8B29CA7EC9E5526C4DDD030708693383718D3FB58A8FB5286008DD842415F9F4D5FD287C8D5B4371580F331545BAFCF685DE0F9EC76694A73144494694DDA273D1FEBC217D7065B5B807324AD0CA81CF23E5CD954A22A6EA969C56475BDFECB60CA53E6B39E692C4687989A8C86403EBD12B7BBBCCB433C1C495186CEFD5429C058EF41F15E37B3056B9D774FC35152D0CDEAAF73CF6D17D63D4B85AFCDE628A33793EC59771238BE4C3D039F1D1A0F7C05483F3B8A371F68E27727E610261667FCD0D2B7D7C63F069B338BF61AD62B7D301BF9E9A5A5487D6FD96862EA6A21C479264DEB357E5FBAD4D699C36A4EBD99A0030A9E81E8F8DBFEB88652B98E39D59F45E3660B5ABCDF074D3A491F5A0CEE291B78AE1560DECC028C253D288335CFC4628C85B33088BE235776F4842BA0D6897CCFCF6CE0A8A47104FCB528B72CF6AFA04F12D4AA2DCACBC6DDBE291C58DE0997CFC4EB6195232A24F0C0E1959F44F2C46D1185FF7EDE55CDD891D4C234F71C1E3CE41A19F33D58477981C8D724BCA17D7CD0EB6D6729D0A86DEE843075237DFB7F6DD86D79E7AFC8F39C62A1D55751C370E38F7639AD5DE3C0569A7FB9D3EE53F4163C0CF8B5B7673F68B140B1C5440757DF0B39623849A64E7778F5DB90C6A55BAC99167F42A0594A31E51C22AE62CB7CCC7D83946149F773AA0F5DB3597A968B5BA99D5D909D8F550E44F20101DAEB570803EED456171056FA4397B224A82FC471262253C914B31547ADFD1605CB53E20129C28E4BEBAAF42771B979404F52ACBE15533A34E5771CBAC365AB3FDD8B258A9912EED73C9AD2EC1C25AA719AD"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ABC01469-5802-0C78-1F79-9F0A28A8437E}]
"abplmcmepblffiofjopfkhclmkneeklapi"=hex:61,61,00,00
"bbplmcmepblffiofjocgbjjpgloamoojlbkf"=hex:61,61,00,00

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

Remaining Files :


File Backups: - C:\DOCUME~1\guyot\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 12 Oct 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 12 Oct 2007 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv12.bak"
Fri 24 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 12 Oct 2007 4,348 ...H. --- "C:\Documents and Settings\guyot\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Fri 12 Oct 2007 20 A..H. --- "C:\Documents and Settings\guyot\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Mon 8 Oct 2007 312 A.SH. --- "C:\Documents and Settings\guyot\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

Finished!


VOICI LE RAPPORT DE random's system information tool 1.06

Logfile of random's system information tool 1.06 (written by random/random)
Run by guyot at 2009-07-05 03:32:56
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 16 GB (10%) free of 157 GB
Total RAM: 3006 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:33:11, on 05/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CPUCooL\CooLSrv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\MediaDICO4Ut.EXE
C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\Rac4Ut.EXE
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\CPUCooL\CPUCooL.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\guyot\Bureau\RSIT.exe
C:\Program Files\trend micro\HijackThis\guyot.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101677&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: Mirar - {0A6788FD-D836-436E-ADF9-669B1D025A83} - C:\WINDOWS\system32\wina578.dll
O2 - BHO: BestShoppingTipsEver - {14E7799C-8E96-159A-C194-84A00F1C262D} - C:\Program Files\BestShoppingTipsEver\BestShoppingTipsEver.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Mirar - {0A6788FC-D836-436E-ADF9-669B1D025A83} - C:\WINDOWS\system32\wina578.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MediaDICO4Ut] C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe Lancement
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CPUCooL.lnk = C:\Program Files\CPUCooL\CPUCooL.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Traduire (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1886826203
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2066908906
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fich ... _0_3_1.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe
O23 - Service: Service Google Update (gupdate1c9eb24a1f511f4) (gupdate1c9eb24a1f511f4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/guyot/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 13231 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Maintenance en 1 clic.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A6788FD-D836-436E-ADF9-669B1D025A83}]
Mirar - C:\WINDOWS\system32\wina578.dll [2009-06-16 524288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14E7799C-8E96-159A-C194-84A00F1C262D}]
BestShoppingTipsEver - C:\Program Files\BestShoppingTipsEver\BestShoppingTipsEver.dll [2009-06-15 154624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-08 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-03-27 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
P2P Energy Toolbar - C:\Program Files\P2P_Energy\tbP2P_.dll [2009-03-10 2079256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{95daa571-4def-4a6d-97d8-98a346672a24} - SYSTRAN Toolbar - C:\WINDOWS\system32\mscoree.dll [2007-10-24 282112]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{2bae58c2-79f9-45d1-a286-81f911301c3a} - P2P Energy Toolbar - C:\Program Files\P2P_Energy\tbP2P_.dll [2009-03-10 2079256]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-08 279944]
{0A6788FC-D836-436E-ADF9-669B1D025A83} - Mirar - C:\WINDOWS\system32\wina578.dll [2009-06-16 524288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"=C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE [2008-10-15 182936]
"F-Secure TNB"=C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe [2008-10-15 957024]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-11-19 1970176]
"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]
"nwiz"=nwiz.exe /install []
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-09-07 716800]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-17 19968]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-02-18 13680640]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-06-12 198160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MediaDICO4Ut"=C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe [2004-03-03 252416]
"SuperCopier.exe"=C:\Program Files\SuperCopier\SuperCopier.exe [2003-04-25 683520]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^guyot^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
[]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Post-it® Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe

C:\Documents and Settings\guyot\Menu Démarrer\Programmes\Démarrage
CPUCooL.lnk - C:\Program Files\CPUCooL\CPUCooL.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-27 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrivesL"=1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
"NoDriveAutoRun"=67107751
"NoDriveTypeAutoRun"=145
"NoDrives"=00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e57fe2c-5e9c-11dd-b0a1-001a92780b88}]
shell\AutoRun\command - J:\wdsync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d13dc1a-18ae-11dd-afb5-001a92780b88}]
shell\AutoRun\command - copetttt.com
shell\explore\command - copetttt.com
shell\open\command - copetttt.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7eb6eb4-3c1f-11de-b80d-001e58e74984}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL


======List of files/folders created in the last 1 months======

2009-07-05 02:55:57 ----D---- C:\SDFix
2009-07-05 02:34:53 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-04 06:33:08 ----D---- C:\rsit
2009-06-20 13:20:20 ----D---- C:\Program Files\Sega
2009-06-19 07:05:13 ----D---- C:\WINDOWS\ie8updates
2009-06-19 07:02:29 ----HDC---- C:\WINDOWS\ie8
2009-06-18 13:42:22 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-06-18 13:42:21 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-06-16 22:03:55 ----A---- C:\WINDOWS\system32\wina578.dll
2009-06-16 21:57:25 ----D---- C:\Program Files\BestShoppingTipsEver
2009-06-16 21:42:31 ----D---- C:\Documents and Settings\guyot\Application Data\FrostWire
2009-06-16 21:42:04 ----D---- C:\Program Files\AskBarDis
2009-06-13 11:21:08 ----D---- C:\Program Files\Audiogalaxy Rhapsody
2009-06-13 10:05:48 ----D---- C:\Program Files\P2P_Energy
2009-06-13 10:04:52 ----D---- C:\Documents and Settings\guyot\Application Data\MP3Torpedo
2009-06-13 10:04:35 ----D---- C:\Program Files\MP3Torpedo
2009-06-12 21:32:57 ----D---- C:\Program Files\eMule
2009-06-12 17:44:12 ----A---- C:\WINDOWS\cdplayer.ini
2009-06-12 17:17:58 ----D---- C:\Program Files\Fichiers communs\xing shared
2009-06-12 17:17:47 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-06-12 17:17:29 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-06-12 17:17:29 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-06-12 17:17:28 ----D---- C:\Program Files\Real
2009-06-12 17:17:27 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-06-12 17:17:22 ----D---- C:\Program Files\Fichiers communs\Real
2009-06-12 17:17:20 ----D---- C:\Documents and Settings\guyot\Application Data\Real
2009-06-11 21:26:05 ----D---- C:\Program Files\Kazaa

======List of files/folders modified in the last 1 months======

2009-07-05 03:33:11 ----D---- C:\WINDOWS\temp
2009-07-05 03:30:14 ----D---- C:\Program Files\Mozilla Firefox
2009-07-05 03:28:33 ----D---- C:\WINDOWS\Prefetch
2009-07-05 03:24:26 ----RD---- C:\Program Files
2009-07-05 03:15:52 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-05 03:15:18 ----D---- C:\WINDOWS\Registration
2009-07-05 02:59:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-05 02:51:53 ----AD---- C:\WINDOWS
2009-07-05 02:16:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-05 02:16:02 ----D---- C:\WINDOWS\system32\drivers
2009-07-04 19:49:13 ----AC---- C:\WINDOWS\NeroDigital.ini
2009-07-04 06:31:08 ----D---- C:\WINDOWS\Debug
2009-07-04 06:10:46 ----D---- C:\Program Files\F-Secure Internet Security
2009-07-03 06:40:37 ----D---- C:\Program Files\TuneUp Utilities 2009
2009-07-03 05:55:15 ----D---- C:\Program Files\Outlook Express
2009-06-30 20:45:55 ----SD---- C:\WINDOWS\Tasks
2009-06-30 20:45:54 ----SHD---- C:\WINDOWS\Installer
2009-06-21 08:38:52 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-06-21 07:59:25 ----D---- C:\Program Files\DVD Shrink
2009-06-20 14:36:26 ----D---- C:\Program Files\Secret Maryo Chronicles
2009-06-19 07:11:21 ----D---- C:\WINDOWS\system32
2009-06-19 07:10:40 ----HD---- C:\WINDOWS\inf
2009-06-19 07:10:40 ----D---- C:\WINDOWS\system32\fr-fr
2009-06-19 07:10:40 ----D---- C:\WINDOWS\Media
2009-06-19 07:10:40 ----D---- C:\Program Files\Internet Explorer
2009-06-19 07:10:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-19 07:10:39 ----D---- C:\WINDOWS\Help
2009-06-19 07:05:35 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-17 14:25:28 ----AC---- C:\WINDOWS\hpqcopy.INI
2009-06-16 21:57:25 ----D---- C:\Program Files\Windows Media Player
2009-06-15 19:25:20 ----D---- C:\Documents and Settings
2009-06-15 06:14:07 ----D---- C:\WINDOWS\Minidump
2009-06-12 17:17:58 ----D---- C:\Program Files\Fichiers communs
2009-06-12 17:12:16 ----D---- C:\Program Files\Google
2009-06-10 23:54:43 ----AC---- C:\WINDOWS\win.ini
2009-06-10 11:13:54 ----D---- C:\Program Files\Windows Desktop Search

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2008-09-17 82380]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-18 24232]
R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files\F-Secure Internet Security\HIPS\drivers\fshs.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 ntiomin;ntiomin; C:\WINDOWS\system32\drivers\ntiomin.sys [2008-04-13 11392]
R1 ntiopnp;ntiopnp; C:\WINDOWS\system32\drivers\ntiopnp.sys [2008-04-13 12800]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sonypvf2;sonypvf2; C:\WINDOWS\system32\drivers\sonypvf2.sys [2004-04-08 635017]
R1 sonypvt2;sonypvt2; C:\WINDOWS\system32\drivers\sonypvt2.sys [2003-08-20 431236]
R2 Fallback;Fallback; C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]
R2 K56;K56; C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 LANPkt;Realtek LANPkt Protocol Driver; C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2006-07-18 8399]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 SoftFax;SoftFax; C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 Tones;Tones; C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\system32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-06 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-05 127872]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-05-10 103872]
R3 catchme;catchme; \??\C:\DOCUME~1\guyot\LOCALS~1\Temp\catchme.sys []
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-09-21 43520]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys []
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-12-17 25505]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\Drivers\LMouFlt2.sys [2003-12-17 70801]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-02-18 6308224]
R3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2005-05-27 1317152]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RtsUStor.sys [2009-02-03 162816]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-12 393088]
R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 AdfuUd;USB 2.0 (FS) ADFU Device; C:\WINDOWS\System32\Drivers\AdfuUd.sys [2004-09-16 12634]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-05 127872]
S3 AgereSoftModem;OLITEC PCI V92 V4 Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-06-08 2410076]
S3 basic2;basic2; C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
S3 Diag69xp;Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [2006-07-11 11003]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-18 27165]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter; \??\C:\DOCUME~1\guyot\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-08-26 1041152]
S3 hsf_msft;hsf_msft; C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-08-26 207616]
S3 L8042PR2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\l8042pr2.sys [2003-12-17 51729]
S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
S3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-06-15 1127936]
S3 Rksample;Rksample; C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 RTL8023xp;D-Link DGE-528T Gigabit Ethernet Adapter NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\DLKRTXP.SYS [2006-07-31 83456]
S3 RTLVLAN;D-Link VLAN Intermediate Driver; C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS [2006-06-01 16384]
S3 Rts516xIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SQTECH913D;913D Camera; C:\WINDOWS\System32\Drivers\Capt913D.sys [2007-08-21 29824]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\Rts5161ccid.sys []
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2006-02-08 244352]
S3 whmice2k;WheelMouse Upper Filter Driver; C:\WINDOWS\system32\DRIVERS\whmice2k.sys [2001-10-02 5973]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-08-26 675840]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys []
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-11 611664]
R2 CPUCooLServer;CPUCooLServer Service; C:\Program Files\CPUCooL\CooLSrv.exe [2008-04-13 118784]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe [2008-10-15 215648]
R2 FSMA;F-Secure Management Agent; C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE [2008-10-15 117400]
R2 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-02-18 163908]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-05-06 604416]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe [2008-10-15 490080]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe [2008-10-15 510560]
R3 FSORSPClient;F-Secure ORSP Client; C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe [2008-10-15 55904]
S2 gupdate1c9eb24a1f511f4;Service Google Update (gupdate1c9eb24a1f511f4); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-12 133104]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-06-27 69120]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-01-24 216232]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-05-06 361216]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

-----------------EOF-----------------

inutile de confirmer mes posts, je sais de quoi je parles.

// Edit de modération \\
J'aimerai bien que les intervenants restent courtois, et de bonne humeur, cela fait partie de l'esprit de "Aidoforum", et j'y tiens beaucoup ainsi que toute l'équipe de modération.
Pas de partie de ping-pong verbale.

edit :
ceci est aussi valable pour les admin et modo.

re,

@franrosi,

fais ceci:

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

• Lance l'installation du programme en exécutant le fichier téléchargé. (double-clic dessus)
  Pour Vista, clic droit sur le fichier d'install + choisir "Exécuter comme Administrateur"
• Double-clique maintenant sur le raccourci (créé par l'install ) de Toolbar-S&D.
  
• Sélectionne la langue souhaitée (Fr ) en tapant la lettre de ton choix puis en validant avec la touche Entrée.
• Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
• Poste le rapport généré. (C:\TB.txt)

pour une aide visuelle clic ici
==========================================

re, voici le rapport :

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 3.06GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : guyot ( Administrator )
BOOT : Normal boot
Antivirus : F-Secure Internet Security 2009 9.00 9.00 (Activated)
Firewall : F-Secure Internet Security 2009 9.00 9.00 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:153 Go (Free:15 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 05/07/2009|20:33 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-08-12-19-04
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-08-12-19-04.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\7_wonders_treasures_of_seven16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\about.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\action.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\arcade.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\big_city_adventure_sydney16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\buy.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cards.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\deals.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\death_nile16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\diner_dash_flo_through_time16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\download.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\feedback.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\help.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\highlight.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jigsaw.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\luxor_quest_for_the_afterlife16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\multiplayer.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mygames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\natalie_brooks16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\newGames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\oberonconfig.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\obSearchHistory.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\partner.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\peggle_nights16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_off.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_on.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\puzzle.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search_goog.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sendafriend.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sports.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\the_hidden_object_show16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\trial.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\uninstall.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\update.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\virtualvillagers16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\webgame.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\about.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\action.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\arcade.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\big_city_adventure_sydney16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\cake_mania_316x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\cards.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\chocolatier216x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\cooking_dash16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\download.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\family_restaurant16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\feedback.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\governor_of_poker16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\go_go_gourmet16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\help.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\highlight.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\newGames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\partner.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\peril_at_end_house16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\popup_off.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\popup_on.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\puzzle.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\school_house_shuffle16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\search.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\search_goog.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\sendafriend.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\slingo_supreme16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\uninstall.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25\update.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\about.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\action.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\arcade.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\big_city_adventure_sydney16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\cake_mania_316x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\cards.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\chocolatier216x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\cooking_dash16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\download.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\family_restaurant16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\feedback.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\governor_of_poker16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\go_go_gourmet16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\help.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\highlight.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\jigsaw.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\newGames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\partner.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\peril_at_end_house16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\popup_off.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\popup_on.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\puzzle.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\school_house_shuffle16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\search.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\search_goog.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\sendafriend.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\slingo_supreme16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\uninstall.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16\update.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26\about.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26\big_city_adventure_sydney16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26\cake_mania_316x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26\chocolatier216x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26\cooking_dash16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26\download.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26\family_restaurant16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26\feedback.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26\governor_of_poker16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26\go_go_gourmet16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26\help.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26\highlight.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26\newGames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26\partner.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26\peril_at_end_house16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26\popup_off.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26\popup_on.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26\puzzle.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26\school_house_shuffle16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26\search.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26\search_goog.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26\sendafriend.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26\slingo_supreme16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26\uninstall.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26\update.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\4_elements16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\about.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\action.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\arcade.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\BigCity_SF16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\bottle_busters16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\cards.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\download.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\farm_frenzy_216x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\feedback.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\help.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\hidden_jewel16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\highlight.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\jigsaw.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\mahjong.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\multiplayer.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\mygames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\mystery_stories_island_of_hope16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\newGames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\parking_dash16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\partner.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\pet_show_craze16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\popup_off.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\popup_on.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\puzzle.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\riseAtlantis16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\search.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\search_goog.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\sendafriend.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\sports.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\uninstall.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\update.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\webgame.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48\womens_murder_club_fr16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-08-12-19-04\about.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-08-12-19-04\feedback.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-08-12-19-04\help.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-08-12-19-04\highlight.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-08-12-19-04\newGames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-08-12-19-04\partner.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-08-12-19-04\popup_off.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-08-12-19-04\popup_on.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-08-12-19-04\search.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-08-12-19-04\search_goog.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-08-12-19-04\sendafriend.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-08-12-19-04\uninstall.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-08-12-19-04\update.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\7_wonders_treasures_of_seven16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\about.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\action.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\arcade.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\big_city_adventure_sydney16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\buy.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\cards.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\deals.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\death_nile16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\diner_dash_flo_through_time16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\download.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\feedback.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\help.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\highlight.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\jigsaw.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\luxor_quest_for_the_afterlife16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\mahjong.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\multiplayer.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\mygames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\natalie_brooks16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\newGames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\partner.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\peggle_nights16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\popup_off.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\popup_on.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\puzzle.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\search.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\search_goog.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\sendafriend.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\sports.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\the_hidden_object_show16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\trial.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\uninstall.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\update.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\virtualvillagers16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02\webgame.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\7_wonders_treasures_of_seven16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\about.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\action.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\arcade.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\big_city_adventure_sydney16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\cards.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\death_nile16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\diner_dash_flo_through_time16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\download.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\feedback.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\help.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\highlight.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\jigsaw.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\luxor_quest_for_the_afterlife16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\mahjong.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\multiplayer.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\natalie_brooks16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\newGames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\partner.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\peggle_nights16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\popup_off.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\popup_on.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\puzzle.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\search.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\search_goog.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\sendafriend.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\sports.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\the_hidden_object_show16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\uninstall.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\update.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\virtualvillagers16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14\webgame.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\7_wonders_treasures_of_seven16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\about.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\action.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\arcade.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\big_city_adventure_sydney16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\buy.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\cards.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\deals.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\death_nile16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\diner_dash_flo_through_time16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\download.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\feedback.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\help.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\highlight.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\jigsaw.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\luxor_quest_for_the_afterlife16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\mahjong.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\multiplayer.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\mygames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\natalie_brooks16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\newGames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\partner.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\peggle_nights16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\popup_off.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\popup_on.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\puzzle.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\search.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\search_goog.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\sendafriend.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\sports.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\the_hidden_object_show16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\trial.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\uninstall.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\update.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\virtualvillagers16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49\webgame.gif
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\GamesBar
C:\Program Files\KaZaA
C:\Program Files\KaZaA\My Shared Folder
C:\DOCUME~1\guyot\MENUDM~1\PROGRA~1\PlayMP3z
C:\Program Files\P2P_Energy
C:\Program Files\P2P_Energy\INSTALL.LOG
C:\Program Files\P2P_Energy\P2P_EnergyToolbarHelper.exe
C:\Program Files\P2P_Energy\tbP2P_.dll
C:\Program Files\P2P_Energy\toolbar.cfg
C:\Program Files\P2P_Energy\UNWISE.EXE

-----------\\ Extensions

(guyot) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(guyot) - {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} => wot
(guyot) - {a7c6cf7f-112c-4500-a7ea-39801a327e5f} => fireftp
(guyot) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus
(guyot) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Start Page"="http://www.ask.com/?o=101677&l=dis"
"Search Bar"="http://www.mirarsearch.com/?useie5=1&q="
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Search Bar"="http://www.mirarsearch.com/?useie5=1&q="


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\guyot\Bureau\J E U X\Jeux Flash\Bon\Luxor\GameHouse Luxor + Crack By Tony Tango (2005).rar
C:\DOCUME~1\guyot\Bureau\J E U X\Trials 2\Crack
C:\DOCUME~1\guyot\Bureau\J E U X\Trials 2\Crack\data3.pak
C:\DOCUME~1\guyot\Bureau\J E U X\Trials 2\Crack\trials2.exe
C:\DOCUME~1\guyot\Bureau\J E U X\Trials 2\Crack\trials2_low.exe
C:\DOCUME~1\guyot\Bureau\J E U X\Trials 2\Crack\trials2_low2.exe
C:\DOCUME~1\guyot\Mes documents\DRIVERS\Pilotes jeu Zuma Deluxe 1.0 US\Crack
C:\DOCUME~1\guyot\Mes documents\DRIVERS\Pilotes jeu Zuma Deluxe 1.0 US\Crack\Crack
C:\DOCUME~1\guyot\Mes documents\DRIVERS\Pilotes jeu Zuma Deluxe 1.0 US\Crack\Crack\ZUMA_DELUXE_V1.0_RUZO.exe
C:\DOCUME~1\guyot\Mes documents\Pilotes jeu Zuma Deluxe 1.0 US\Crack
C:\DOCUME~1\guyot\Mes documents\Pilotes jeu Zuma Deluxe 1.0 US\Crack\Crack
C:\DOCUME~1\guyot\Mes documents\Pilotes jeu Zuma Deluxe 1.0 US\Crack\Crack\ZUMA_DELUXE_V1.0_RUZO.exe



1 - "C:\ToolBar SD\TB_1.txt" - 05/07/2009|20:37 - Option : [1]

-----------\\ Fin du rapport a 20:37:21,53

re,

quand même....

désinfection
-----------------------

Relance Toolbar-S&D en double-cliquant sur le raccourci.
Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici. (sur le forum )

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

re,
Voici le rapport :

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 3.06GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : guyot ( Administrator )
BOOT : Normal boot
Antivirus : F-Secure Internet Security 2009 9.00 9.00 (Activated)
Firewall : F-Secure Internet Security 2009 9.00 9.00 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:153 Go (Free:15 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 06/07/2009| 1:29 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\AskBarDis\bar
Supprime! - C:\Program Files\AskBarDis\unins000.dat
Supprime! - C:\Program Files\AskBarDis\unins000.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-06-19-24-25.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-36-16.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-08-12-59-26.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-24-16-42-48.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-08-12-19-04
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-08-12-19-04.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-02.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-23-11-45-14.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-10-54-49.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\7_wonders_treasures_of_seven16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\about.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\action.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\arcade.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\big_city_adventure_sydney16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\buy.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cards.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\deals.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\death_nile16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\diner_dash_flo_through_time16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\download.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\feedback.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\help.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\highlight.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jigsaw.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\luxor_quest_for_the_afterlife16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\multiplayer.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mygames.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\natalie_brooks16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\newGames.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\oberonconfig.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\obSearchHistory.dat
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\partner.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\peggle_nights16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_off.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_on.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\puzzle.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search_goog.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sendafriend.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sports.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\the_hidden_object_show16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\trial.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\uninstall.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\update.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\virtualvillagers16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\webgame.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\GamesBar
Supprime! - C:\Program Files\KaZaA\My Shared Folder
Supprime! - C:\DOCUME~1\guyot\MENUDM~1\PROGRA~1\PlayMP3z
Supprime! - C:\Program Files\P2P_Energy\INSTALL.LOG
Supprime! - C:\Program Files\P2P_Energy\P2P_EnergyToolbarHelper.exe
Supprime! - C:\Program Files\P2P_Energy\tbP2P_.dll
Supprime! - C:\Program Files\P2P_Energy\toolbar.cfg
Supprime! - C:\Program Files\P2P_Energy\UNWISE.EXE
Supprime! - C:\Program Files\AskBarDis
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
Supprime! - C:\Program Files\KaZaA
Supprime! - C:\Program Files\P2P_Energy

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(guyot) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(guyot) - {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} => wot
(guyot) - {a7c6cf7f-112c-4500-a7ea-39801a327e5f} => fireftp
(guyot) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus
(guyot) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Start Page"="http://www.ask.com/?o=101677&l=dis"
"Search Bar"="http://www.mirarsearch.com/?useie5=1&q="
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.msn.com/"
"Search Bar"="http://www.mirarsearch.com/?useie5=1&q="


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\guyot\Bureau\J E U X\Jeux Flash\Bon\Luxor\GameHouse Luxor + Crack By Tony Tango (2005).rar
C:\DOCUME~1\guyot\Bureau\J E U X\Trials 2\Crack
C:\DOCUME~1\guyot\Bureau\J E U X\Trials 2\Crack\data3.pak
C:\DOCUME~1\guyot\Bureau\J E U X\Trials 2\Crack\trials2.exe
C:\DOCUME~1\guyot\Bureau\J E U X\Trials 2\Crack\trials2_low.exe
C:\DOCUME~1\guyot\Bureau\J E U X\Trials 2\Crack\trials2_low2.exe
C:\DOCUME~1\guyot\Mes documents\DRIVERS\Pilotes jeu Zuma Deluxe 1.0 US\Crack
C:\DOCUME~1\guyot\Mes documents\DRIVERS\Pilotes jeu Zuma Deluxe 1.0 US\Crack\Crack
C:\DOCUME~1\guyot\Mes documents\DRIVERS\Pilotes jeu Zuma Deluxe 1.0 US\Crack\Crack\ZUMA_DELUXE_V1.0_RUZO.exe
C:\DOCUME~1\guyot\Mes documents\Pilotes jeu Zuma Deluxe 1.0 US\Crack
C:\DOCUME~1\guyot\Mes documents\Pilotes jeu Zuma Deluxe 1.0 US\Crack\Crack
C:\DOCUME~1\guyot\Mes documents\Pilotes jeu Zuma Deluxe 1.0 US\Crack\Crack\ZUMA_DELUXE_V1.0_RUZO.exe



1 - "C:\ToolBar SD\TB_1.txt" - 05/07/2009|20:37 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 06/07/2009| 1:33 - Option : [2]

-----------\\ Fin du rapport a 1:33:39,62

re,

bon maintenant autre chose,




Je vais supposer que tu as acquis ces cracks via le P2P.

C'est juste une information....pour t'informer du danger potentiel
voici de quoi il s'agit :




Bon, ceci étant mis au point...
Peux-tu supprimer manuellement les logiciels crackés et les cracks utilisés sur ta machine ?

re, c'est fait
Voci le rapport :

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 3.06GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : guyot ( Administrator )
BOOT : Normal boot
Antivirus : F-Secure Internet Security 2009 9.00 9.00 (Activated)
Firewall : F-Secure Internet Security 2009 9.00 9.00 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:153 Go (Free:16 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB) - FAT32 - Total:3904 Mo (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 06/07/2009| 9:06 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(guyot) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(guyot) - {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} => wot
(guyot) - {a7c6cf7f-112c-4500-a7ea-39801a327e5f} => fireftp
(guyot) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus
(guyot) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Start Page"="http://www.ask.com/?o=101677&l=dis"
"Search Bar"="http://www.mirarsearch.com/?useie5=1&q="
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.msn.com/"
"Search Bar"="http://www.mirarsearch.com/?useie5=1&q="


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 05/07/2009|20:37 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 06/07/2009| 1:33 - Option : [2]
3 - "C:\ToolBar SD\TB_3.txt" - 06/07/2009| 1:51 - Option : [2]
4 - "C:\ToolBar SD\TB_4.txt" - 06/07/2009| 8:54 - Option : [2]
5 - "C:\ToolBar SD\TB_5.txt" - 06/07/2009| 9:10 - Option : [2]

-----------\\ Fin du rapport a 9:10:27,95

re, winx
j'ai fait une analyse avec Malwarebytes' Anti-Malware 1.38 mis à jour,
Voici le rapport :


Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2378
Windows 5.1.2600 Service Pack 3

06/07/2009 11:11:49
mbam-log-2009-07-06 (11-11-37).txt

Type de recherche: Examen rapide
Eléments examinés: 95473
Temps écoulé: 9 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\bestshoppingtipsever.bestshoppingtipsever (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{55d5c769-6269-4944-4273-5719cb74450d} (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{70b33a1d-1dea-9fe2-783a-7f1940db9e59} (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{14e7799c-8e96-159a-c194-84a00f1c262d} (Adware.PlayMP3z) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14e7799c-8e96-159a-c194-84a00f1c262d} (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\bestshoppingtipsever.bestshoppingtipsever.1 (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0a6788fc-d836-436e-adf9-669b1d025a83} (Adware.Mirar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0a6788fc-d836-436e-adf9-669b1d025a83} (Adware.Mirar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0a6788fd-d836-436e-adf9-669b1d025a83} (Adware.Mirar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0a6788fd-d836-436e-adf9-669b1d025a83} (Adware.Mirar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0a6788fd-d836-436e-adf9-669b1d025a83} (Adware.Mirar) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0a6788fc-d836-436e-adf9-669b1d025a83} (Adware.Mirar) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\BestShoppingTipsEver (Adware.PlayMP3z) -> No action taken.

Fichier(s) infecté(s):
C:\Program Files\BestShoppingTipsEver\BestShoppingTipsEver.dll (Adware.PlayMP3z) -> No action taken.
c:\WINDOWS\system32\wina578.dll (Adware.Mirar) -> No action taken.
c:\program files\bestshoppingtipsever\uninstall.exe (Adware.PlayMP3z) -> No action taken.

re,


fais la suppression, je vois ceci:

No action taken. (aucune action effectuée )

reposte ensuite un nouveau rapport...