Démarrage Windows aléatoire (XP SP3) (résolu)

gil90 gil90
90 contributions
Membre depuis le 14/11/2009
Envoyé le 14/11/2009 à 14:45


Bonjour,
Depuis quelque temps, j\'ai beaucoup de peine à mettre en marche mon PC. Il commence normalement à se lancer, puis, le ventilo s\'arrête et je ne parviens pas à la page d\'accueil.
Ne sachant comment faire, j\'arrête le PC au bouton de mise en marche, et relance à la dernière bonne configuration : même problème.
Je redémarre en lançant le mode sans échec, en profite pour passer Ccleaner,.
Je redémarre ensuite normalement une, deux parfois trois fois et, sans comprendre pourquoi, tout se lance normalement.
J\'ai vérifié dans le gestionnaire du panneau de config le rapport d\'erreur. En voici le texte :

Source : Service Control Manager ID évènement 7026
Le pilote de démarrage système ou d\'amorçage suivant n\'a pas pu se charger :
eeCtrl
Fips
intelppm
SAVRT
SYMTDI


Est-ce la cause de mon problème et que dois-je faire pour la corriger ?
Se pourrait-il que les barrettes de RAM soient en cause ?
Merci d\'avance

Pour information :
PC Médion / 3,4 GHz / 250 Go / Ws XP SP3
carte mère MSI MS-7091 (Medion OEM) / processeur Intel Pentium 4 550
RAM 1535 Mo (barrettes ci-dessous)
- DIMM1: MemorySolutioN BD512TEC513K (512 Mo)
- DIMM2: Samsung M3 68L3223FTN-CCC (256 Mo)
- DIMM3: Kingston K (512 Mo)
- DIMM4: Samsung M3 68L3223FTN-CCC (256 Mo)
gil90
malwarebleach malwarebleach
2 125 contributions
Membre depuis le 12/09/2009
Envoyé le 14/11/2009 à 15:06


Salut,

Tu as plusieurs processus de démarrage qui ne se lancent pas:


  • eeCtrl = norton de symantec
  • Fips = programme de gestion des partitions
  • intelppm = programme de gestion de l\'alimentation du processeur
  • SAVRT = Système Antivirus de symantec
  • SYMTDI = et toujours symantec....


Comme ton démarrage en mode sans échec ce fait, je commencerais à ta place par supprimer norton de ton ordinateur, s\'il s\'agit bien de ton antivirus actuelle, je t\'en proposerai un autre plus efficace est gratuit.
Si tu ne sais pas demande, si tu sais partage !!
gil90 gil90
90 contributions
Membre depuis le 14/11/2009
Envoyé le 14/11/2009 à 15:46




Merci pour la réponse rapide.
C\'est en effet Symantec qui est installé sur mon PC (j\'ignorais que c\'était Norton).Je joins une copie d\'écran.

Avant Symantec,j\'utilisais Avast qui me semblait être une passoire.
Je suis tout disposé à suivre tes conseils (surtout si c\'est un freeware).

Mes connaissances en informatique sont très limitées, dès que tu évoques \"programme de gestion de l\'alimentation du processeur\" ou \"programme de gestion des partitions\", je suis perdu.

Pour ce qui est de la gestion des partitions, je présume que c\'est le DD et j\'ai trouvé ces informations qui te seront peut-être utiles :
Informations de Partitions
Partition 1 : MBR Démarrage IFS-NTFS 125.46Go
Partition 0 : MBR Ext 107.42Go
Partition 2 : MBR IFS-NTFS 97.65Go
Partition 0 : MBR Ext 9.77Go
Partition 3 : MBR FAT32 9.77Go

Lecteur C: (boot) 125 Go dont 57,7 Go libres

J\'avoue avoir peur d\'une coupure et n\'ose plus éteindre mon PC. Je suis prêt à suivre tes conseils et j\'espère que je ne devrai pas rebooter.
J\'en suis au point d\'avoir bloqué les MAJ Microsoft (alors que Secuser signale des pb.) pour ne pas rebooter.

A bientôt
gil90
malwarebleach malwarebleach
2 125 contributions
Membre depuis le 12/09/2009
Envoyé le 14/11/2009 à 18:39


Il ne faut pas s\'inquiéter plus que ça.

Je n\'ai fait que rechercher la correspondance des services qui ne démarrent pas lors de l\'allumage de windows.

Il s\'agit bien donc de symantec antivirus. Ton pc est-il connecté à un réseau ou pas ??
Si tu ne sais pas demande, si tu sais partage !!
gil90 gil90
90 contributions
Membre depuis le 14/11/2009
Envoyé le 14/11/2009 à 19:05


Non, il est seulement raccordé en RJ45 à la Freebox et apparemment en WiFi, puisque je vois en plus l\'icône avec un signal de 54 Mbits.

Pour info. j\'ai un débit ultra faible (> 7800 mètes du NRA).
gil90
malwarebleach malwarebleach
2 125 contributions
Membre depuis le 12/09/2009
Envoyé le 14/11/2009 à 19:23


En relisant ton premier message, j\'ai un doute.

Il est possible que ton problème soit plutôt matériel.

Je laisse pour le moment la place aux bénévoles de mémoclic qui maîtrisent ce domaine. je suis tout de même ton sujet.

Mieux vaut explorer d\'abord la piste matériel avant de faire un changement d\'antivirus.

A plus tard.
Si tu ne sais pas demande, si tu sais partage !!
gil90 gil90
90 contributions
Membre depuis le 14/11/2009
Envoyé le 14/11/2009 à 19:30


Merci, j\'attends donc les BNV et je ne touche à rien.
à +
gil90
gil90 gil90
90 contributions
Membre depuis le 14/11/2009
Envoyé le 16/11/2009 à 17:59


Bonsoir,
Pas de réponse ?
Dois-je craindre le pire si personne ne peux m\'aider ?

Merci de vous pencher sur mon problème.
gil90
jllg jllg
2 741 contributions
Membre depuis le 24/04/2004
Envoyé le 23/11/2009 à 12:19


dans un premier temps essaie de décocher ce qui concerne symantec (norton) et Fips dans msconfig
pour cela:
  • à partir du menu démarrer
  • clique sur exécuter
  • saisis ensuite: msconfig
  • rends toi sur l\'onglet démarrage
  • décoche les cases correspondantes à symantec et Fips
  • redémarre et coche la case du message d\'alerte qui va apparaitre puis OK
gil90 gil90
90 contributions
Membre depuis le 14/11/2009
Envoyé le 23/11/2009 à 12:42


Merci, je vais tenter, même si je panique quand je vois \"redémarre\"
gil90
* Gil90
Anonyme
Envoyé le 23/11/2009 à 14:41

je suis un vrai béotien, je sais.
Je ne trouve pas Symantec ni Fips.

msconfig me donne :









Si tu as besoin du contenu des 3 autres fenêtres : Services, Démarrage et Outils, je devrai faire un montage à partir de copies d\'écran.

A +


* Gil90
Anonyme
Envoyé le 23/11/2009 à 14:41

Oups ! j\'ai mangé une partie de la consigne.

Mais ça ne change pas ma réponse, les lignes symantec et Fips n\'existent pas.
Voici le montage du contenu :


A +

jllg jllg
2 741 contributions
Membre depuis le 24/04/2004
Envoyé le 23/11/2009 à 15:30


tu peux déjà décocher tout ce qui est dans C:\\program files\\... et C:\\PROGRA~1\\...
je te rappelle que rien dans cette action est définitif,tu pourras toujours recocher les cases des log que tu veux lancer au démarrage.

après redémarrage fais ce qui suit pour que nous fassions une analyse détaillée de ton PC:
  • Télécharge Random\'s system information tool ,(RSIT) et enregistre le sur ton bureau.
  • Sauvegarde tout travail en cours et fermes toutes les fenêtre actives
    avant de lancer RSIT
  • Double clique sur RSIT.exe pour lancer l\'outil. (il est possible que
    le .exe ne soit pas visible sur ton ordinateur)
  • Sous vista ,clique droit sur le fichier et choisis \"Exécuter en tant
    qu\'administrateur\".
  • Clique sur \"continue\" à l\'écran Disclaimer.
  • Si l\'outil HijackThis (version à jour) n\'est pas présent ou non
    détecté sur l\'ordinateur, RSIT le téléchargera et tu devras accepter la
    licence.
  • Une fois le scan fini , deux rapports vont être générés, un seul va
    apparaitre,c\'est le log.txt, le second info.txt sera ouvert mais dans la
    barre de tache.



les deux rapports sont enregistrés sur ton disque dur, à la racine de C:\\

voici les chemins d\'accès=> C:\\RSIT\\log.txt & C:\\RSIT\\info.txt

poste les dans ta réponse sur ce forum dans deux messages distincts,stp .

Rappel: (CTRL+A Pour tout sélectionner , CTRL+C pour
copier et CTRL+V pour coller )
* gil90
Anonyme
Envoyé le 23/11/2009 à 16:29

J\'ai téléchargé et installé sur le bureau RSIT.exe.
J\'ai suivi tes instructions et ai du démarrer en mode sans échec avec prise en charge réseau.
Le gestionnaire d\'évènement me donne toujours la même erreur (7026)
Faut-il lancer RSIT maintenant ?


jllg jllg
2 741 contributions
Membre depuis le 24/04/2004
Envoyé le 23/11/2009 à 16:40


si tu ne peux pas faire autrement oui,mais je préfèrerais un diagnostic rsit en mode normal (si possible)
* gil90
Anonyme
Envoyé le 23/11/2009 à 17:01

voici le premier (qui s\'est affiché seul à l\'écran). Je suis toujours en mode sans échec.
Logfile of random\'s system information tool 1.06 (written by random/random)
Run by Gilbert at 2009-11-23 16:37:12
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 57 GB (45%) free of 128 GB
Total RAM: 1535 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:37:55, on 23/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\downloads\\RSIT.exe
C:\\Program Files\\trend micro\\Gilbert.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.google.fr/webhp?rls=ig
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\\Program Files\\Orbitdownloader\\orbitcth.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\\WINDOWS\\system32\\gigagetbho_v10.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Fichiers communs\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.3.4501.1418\\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\\Program Files\\PDFCreator Toolbar\\v3.3.0.1\\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\\Program Files\\Google\\Google Gears\\Internet Explorer\\0.5.33.0\\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\\Program Files\\AskTBar\\bar\\1.bin\\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\program files\\google\\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\\Program Files\\AskTBar\\bar\\1.bin\\ASKTBAR.DLL
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\\Program Files\\Orbitdownloader\\GrabPro.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\\Program Files\\PDFCreator Toolbar\\v3.3.0.1\\PDFCreator_Toolbar.dll
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [nwiz] nwiz.exe /install
O4 - HKLM\\..\\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\\..\\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\\..\\Run: [Dit] Dit.exe
O4 - HKLM\\..\\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\\..\\Run: [CHotkey] mHotkey.exe
O4 - HKLM\\..\\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\\..\\Run: [TkBellExe] \"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot
O4 - HKLM\\..\\Run: [MSConfig] C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto
O4 - HKLM\\..\\RunServices: [RegisterDropHandler] C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\RunOnce: [BullguardoptIn] C:\\WINDOWS\\Temp\\BullGuard\\bulldownload.exe
O4 - HKUS\\S-1-5-19\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SERVICE LOCAL\')
O4 - HKUS\\S-1-5-20\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SERVICE RÉSEAU\')
O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Download All by Gigaget - C:\\Program Files\\Giganology\\Gigaget\\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\\Program Files\\Giganology\\Gigaget\\geturl.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\\WINDOWS\\system32\\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/202
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\\Program Files\\Google\\Google Gears\\Internet Explorer\\0.5.33.0\\gears.dll
O9 - Extra \'Tools\' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\\Program Files\\Google\\Google Gears\\Internet Explorer\\0.5.33.0\\gears.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O9 - Extra \'Tools\' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\\Program Files\\Dealio\\kb127\\Dealio.dll
O9 - Extra \'Tools\' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\\Program Files\\Dealio\\kb127\\Dealio.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O15 - Trusted IP range: http://194.206.164.165
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097702632093
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215425572093
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://fr.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} (Java Plug-in 1.6.0_16) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{7EC343CE-D76A-4494-9934-2B3EE78B9133}: Domain = Free.fr
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\FICHIE~1\\Skype\\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\\Program Files\\IVT Corporation\\BlueSoleil\\BTNtService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\lic98rmt.exe (file missing)
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\lic98rmtd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\\Program Files\\Symantec AntiVirus\\DefWatch.exe
O23 - Service: Google Update Service (gupdate1c97228ea2a95cc) (gupdate1c97228ea2a95cc) - Google Inc. - C:\\Program Files\\Google\\Update\\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Fichiers communs\\InstallShield\\Driver\\1150\\Intel 32\\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\LogWatNT.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\\Program Files\\Fichiers communs\\Nero\\Nero BackItUp 4\\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\\Program Files\\CDBurnerXP\\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\\WINDOWS\\system32\\IoctlSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\RpcAgentSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\\Program Files\\Symantec AntiVirus\\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\\Program Files\\Fichiers communs\\Symantec Shared\\SNDSrvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\\Program Files\\SPAMfighter\\sfus.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\\PROGRA~1\\COMMON~1\\X10\\Common\\x10nets.exe

--
End of file - 11288 bytes

======Scheduled tasks folder======

C:\\WINDOWS\\tasks\\AppleSoftwareUpdate.job
C:\\WINDOWS\\tasks\\GoogleUpdateTaskMachineCore.job
C:\\WINDOWS\\tasks\\GoogleUpdateTaskMachineUA.job
C:\\WINDOWS\\tasks\\NeroLiveEpgUpdate-GILBERT70_Gilbert.job
C:\\WINDOWS\\tasks\\User_Feed_Synchronization-{F4CBAF48-CDD9-4FA0-BEF2-D2ED1D85186A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\\Program Files\\Orbitdownloader\\orbitcth.dll [2009-10-14 179472]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{111CAA23-6F4F-42AC-8555-B48C1D87BBAB}]
GigagetIEHelper Class - C:\\WINDOWS\\system32\\gigagetbho_v10.dll [2006-01-09 86016]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\\Program Files\\Fichiers communs\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\\program files\\google\\googletoolbar1.dll [2007-11-07 2436160]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.3.4501.1418\\swg.dll [2009-10-09 762864]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\\Program Files\\PDFCreator Toolbar\\v3.3.0.1\\PDFCreator_Toolbar.dll [2008-09-26 806912]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\\Program Files\\Google\\Google Gears\\Internet Explorer\\0.5.33.0\\gears.dll [2009-10-16 2101248]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO - C:\\Program Files\\AskTBar\\bar\\1.bin\\ASKTBAR.DLL [2008-06-20 245760]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\\program files\\google\\googletoolbar1.dll [2007-11-07 2436160]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} - Ask Toolbar - C:\\Program Files\\AskTBar\\bar\\1.bin\\ASKTBAR.DLL [2008-06-20 245760]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\\Program Files\\Orbitdownloader\\GrabPro.dll [2009-10-14 662720]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\\Program Files\\PDFCreator Toolbar\\v3.3.0.1\\PDFCreator_Toolbar.dll [2008-09-26 806912]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"NvCplDaemon\"=C:\\WINDOWS\\system32\\NvCpl.dll [2004-09-20 4583424]
\"nwiz\"=nwiz.exe /install []
\"Raccourci vers la page des propriétés de High Definition Audio\"=C:\\WINDOWS\\system32\\HDAudPropShortcut.exe [2004-03-17 61952]
\"Cmaudio\"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
\"Dit\"=C:\\WINDOWS\\Dit.exe [2004-07-20 90112]
\"AGRSMMSG\"=C:\\WINDOWS\\AGRSMMSG.exe [2005-03-04 88209]
\"CHotkey\"=C:\\WINDOWS\\mHotkey.exe [2004-02-24 508416]
\"ledpointer\"=C:\\WINDOWS\\CNYHKey.exe [2004-02-03 5794816]
\"TkBellExe\"=C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe [2008-12-28 185872]
\"MSConfig\"=C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe [2008-04-14 172544]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"ctfmon.exe\"=C:\\WINDOWS\\system32\\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce]
\"BullguardoptIn\"=C:\\WINDOWS\\Temp\\BullGuard\\bulldownload.exe []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe ARM]
C:\\Program Files\\Fichiers communs\\Adobe\\ARM\\1.0\\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe Reader Speed Launcher]
C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NMBgMonitor.exe [2008-06-24 132392]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\ccApp]
C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe [2004-03-31 66656]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\InstantAccess]
C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\INSTAN~1.EXE [1999-12-14 37376]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Microsoft Works Update Detection]
C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Works Shared\\WkUFind.exe [2002-11-14 28672]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\mmtask]
C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe [2006-01-17 53248]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSMSGS]
C:\\Program Files\\Messenger\\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NBKeyScan]
C:\\Program Files\\Nero\\Nero BackItUp 4\\NBKeyScan.exe [2008-09-24 2254120]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NeroFilterCheck]
C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NeroCheck.exe [2008-06-19 570664]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PC Suite Tray]
C:\\Program Files\\Nokia\\Nokia PC Suite 7\\PCSuite.exe -onlytray []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PCMService]
C:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe [2004-10-15 81920]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\QuickTime Task]
C:\\Program Files\\QuickTime\\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\RegisterDropHandler]
C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE [1998-12-14 23040]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SPAMfighter Agent]
C:\\Program Files\\SPAMfighter\\SFAgent.exe [2009-03-12 326792]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SpybotSD TeaTimer]
C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SunJavaUpdateSched]
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\swg]
C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe [2007-04-04 68856]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\TkBellExe]
C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe [2008-12-28 185872]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Ulead AutoDetector v2]
C:\\Program Files\\Fichiers communs\\Ulead Systems\\AutoDetector\\monitor.exe [2006-11-29 90112]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\vptray]
C:\\PROGRA~1\\SYMANT~1\\VPTray.exe [2004-03-31 124128]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\WMPNSCFG]
C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
C:\\PROGRA~1\\IVTCOR~1\\BLUESO~1\\BLUESO~1.EXE [2004-10-15 1024000]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON SMART PANEL for Scanner.lnk]
C:\\PROGRA~1\\EPSON\\EPSONS~1\\ESPmain.exe [2000-05-27 180224]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
C:\\PROGRA~1\\MICROS~4\\Office\\OSA9.EXE [1999-02-17 65588]

C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage
AutorunsDisabled

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\NavLogon]
C:\\WINDOWS\\system32\\NavLogon.dll [2004-03-31 83176]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\WgaLogon]
C:\\WINDOWS\\system32\\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\\WINDOWS\\system32\\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\network\\nm]

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\network\\nm.sys]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]
\"dontdisplaylastusername\"=0
\"legalnoticecaption\"=
\"legalnoticetext\"=
\"shutdownwithoutlogon\"=1
\"undockwithoutlogon\"=1
\"PromptOnSecureDesktop\"=0

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"NoDriveTypeAutoRun\"=145

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"HonorAutoRunSetting\"=

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"%ProgramFiles%\\Messenger\\msmsgs.exe\"=\"%ProgramFiles%\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger\"
\"%ProgramFiles%\\AOL 9.0\\AOL.exe\"=\"%ProgramFiles%\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0\"
\"%ProgramFiles%\\AOL 9.0\\WAOL.exe\"=\"%ProgramFiles%\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0\"
\"%CommonProgramFiles%\\AOL\\ACS\\AOLACSD.exe\"=\"%CommonProgramFiles%\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)\"
\"%CommonProgramFiles%\\AOL\\ACS\\AOLDIAL.exe\"=\"%CommonProgramFiles%\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)\"
\"%WinDir%\\system32\\fxsclnt.exe\"=\"%WinDir%\\system32\\fxsclnt.exe:*:enabled:Microsoft Fax Console\"
\"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe\"=\"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:enabled:BlueSoleil\"
\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\"=\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:MSN Messenger\"
\"C:\\Program Files\\Kazaa\\kazaa.exe\"=\"C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa Media Desktop\"
\"C:\\WINDOWS\\system32\\dpvsetup.exe\"=\"C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test\"
\"C:\\WINDOWS\\system32\\rundll32.exe\"=\"C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu\'application\"
\"C:\\Program Files\\Ratajik Software\\StationRipper\\StationRipperConsole.exe\"=\"C:\\Program Files\\Ratajik Software\\StationRipper\\StationRipperConsole.exe:*:Enabled:StationRipperConsole\"
\"C:\\Program Files\\CA\\eTrust Antivirus\\InoNmSrv.exe\"=\"C:\\Program Files\\CA\\eTrust Antivirus\\InoNmSrv.exe:*:Disabled:eTrust Antivirus - Admin Server\"
\"C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe\"=\"C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe:*:Disabled:eTrust Antivirus - Local Scanner\"
\"C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe\"=\"C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe:*:Disabled:eTrust Antivirus - Realtime monitor\"
\"C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe\"=\"C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe:*:Disabled:eTrust Antivirus - RPC Server\"
\"C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe\"=\"C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe:*:Enabled:Gigaget\"
\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\"=\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk\"
\"C:\\Program Files\\Fichiers communs\\AOL\\1172389140\\ee\\aolsoftware.exe\"=\"C:\\Program Files\\Fichiers communs\\AOL\\1172389140\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components\"
\"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe\"=\"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home\"
\"C:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe\"=\"C:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime\"
\"C:\\TDdownload\\incredimail_install.exe\"=\"C:\\TDdownload\\incredimail_install.exe:*:Enabled:IncrediMail Installer\"
\"C:\\Documents and Settings\\Gilbert\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe\"=\"C:\\Documents and Settings\\Gilbert\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe:*:Enabled:IncrediMail Installer\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"
\"C:\\Program Files\\eMule\\emule.exe\"=\"C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule\"
\"C:\\Program Files\\Internet Explorer\\iexplore.exe\"=\"C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer\"
\"C:\\TDdownload\\microtorrent_torrent_1.8_build_11742_anglais_18245.exe\"=\"C:\\TDdownload\\microtorrent_torrent_1.8_build_11742_anglais_18245.exe:*:Enabled:µTorrent\"
\"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\RpcAgentSrv.exe\"=\"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service\"
\"C:\\Program Files\\Skype\\Phone\\Skype.exe\"=\"C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype\"
\"C:\\Program Files\\Orbitdownloader\\orbitdm.exe\"=\"C:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit\"
\"C:\\Program Files\\Orbitdownloader\\orbitnet.exe\"=\"C:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit\"
\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe\"=\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe:*:Enabled:Render Manager\"
\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe\"=\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile\"
\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe\"=\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe:*:Enabled:umi\"
\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe\"=\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin\"
\"C:\\Program Files\\Bonjour\\mDNSResponder.exe\"=\"C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour\"
\"C:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe\"=\"C:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe:*:Enabled:MxDownloadServer\"
\"C:\\Program Files\\utorrent.exe\"=\"C:\\Program Files\\utorrent.exe:*:Enabled:µTorrent\"
\"C:\\Program Files\\Maïdo Production\\IziSpot 4\\IziSpot.exe\"=\"C:\\Program Files\\Maïdo Production\\IziSpot 4\\IziSpot.exe:*:Enabled:IziSpot\"
\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe\"=\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer\"
\"C:\\dolibarr\\bin\\apache\\apache2.2.6\\bin\\httpd.exe\"=\"C:\\dolibarr\\bin\\apache\\apache2.2.6\\bin\\httpd.exe:*:Disabled:Apache HTTP Server\"
\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\"=\"C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox\"
\"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\WNt500x86\\RpcSandraSrv.exe\"=\"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\WNt500x86\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service\"

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\domainprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"%ProgramFiles%\\Messenger\\msmsgs.exe\"=\"%ProgramFiles%\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger\"
\"%ProgramFiles%\\MSN Messenger\\msnmsgr.exe\"=\"%ProgramFiles%\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger\"
\"%ProgramFiles%\\AOL 9.0\\AOL.exe\"=\"%ProgramFiles%\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0\"
\"%ProgramFiles%\\AOL 9.0\\WAOL.exe\"=\"%ProgramFiles%\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0\"
\"%CommonProgramFiles%\\AOL\\ACS\\AOLACSD.exe\"=\"%CommonProgramFiles%\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)\"
\"%CommonProgramFiles%\\AOL\\ACS\\AOLDIAL.exe\"=\"%CommonProgramFiles%\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)\"
\"%WinDir%\\system32\\fxsclnt.exe\"=\"%WinDir%\\system32\\fxsclnt.exe:*:enabled:Microsoft Fax Console\"
\"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe\"=\"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner\"
\"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe\"=\"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor\"
\"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe\"=\"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server\"
\"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe\"=\"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:enabled:BlueSoleil\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{3e99e8a7-3468-11dd-9656-0011094e1888}]
shell\\AutoRun\\command - H:\\LaunchU3.exe

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{3e99e8a8-3468-11dd-9656-0011094e1888}]
shell\\verb1\\command - desktop.exe

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{52d219bd-881c-11de-978b-0011094e1888}]
shell\\AutoRun\\command - H:\\ClickMe.exe

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{8637ccbc-03e6-11dc-9472-0011094e1888}]
shell\\AutoRun\\command - H:\\groupeIBT.exe

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{cb47aeda-edcf-11dd-9700-0011094e1888}]
shell\\AutoRun\\command - PLAY.EXE \"playlist.m3u\"


======List of files/folders created in the last 1 months======

2009-11-23 16:37:12 ----D---- C:\\rsit
2009-11-22 19:07:53 ----HDC---- C:\\WINDOWS\\$NtUninstallKB969947$
2009-11-15 09:54:41 ----D---- C:\\Documents and Settings\\Gilbert\\Application Data\\Smart PC Solutions
2009-11-15 09:54:33 ----D---- C:\\Program Files\\Smart PC Solutions
2009-11-10 16:11:42 ----A---- C:\\Documents and Settings\\All Users\\Application Data\\xmlC8.tmp
2009-11-04 07:02:12 ----A---- C:\\WINDOWS\\system32\\javaws.exe
2009-11-04 07:02:12 ----A---- C:\\WINDOWS\\system32\\javaw.exe
2009-11-04 07:02:12 ----A---- C:\\WINDOWS\\system32\\java.exe
2009-10-24 09:21:42 ----D---- C:\\WINDOWS\\Performance

======List of files/folders modified in the last 1 months======

2009-11-23 16:37:55 ----D---- C:\\Program Files\\Trend Micro
2009-11-23 16:31:41 ----A---- C:\\WINDOWS\\ntbtlog.txt
2009-11-23 15:48:00 ----D---- C:\\Program Files\\Mozilla Firefox
2009-11-23 15:41:58 ----D---- C:\\Program Files\\Symantec AntiVirus
2009-11-23 15:41:55 ----A---- C:\\WINDOWS\\SchedLgU.Txt
2009-11-23 15:41:38 ----D---- C:\\Documents and Settings\\Gilbert\\Application Data\\Orbit
2009-11-23 15:41:03 ----D---- C:\\downloads
2009-11-23 15:39:24 ----D---- C:\\WINDOWS\\Prefetch
2009-11-23 15:38:53 ----RASH---- C:\\boot.ini
2009-11-23 15:38:53 ----A---- C:\\WINDOWS\\win.ini
2009-11-23 15:38:53 ----A---- C:\\WINDOWS\\system.ini
2009-11-23 15:38:17 ----D---- C:\\WINDOWS\\pss
2009-11-23 15:31:19 ----AD---- C:\\WINDOWS\\Temp
2009-11-23 08:40:24 ----D---- C:\\Program Files\\SPAMfighter
2009-11-23 01:07:56 ----D---- C:\\Documents and Settings\\Gilbert\\Application Data\\vlc
2009-11-22 21:18:20 ----D---- C:\\Program Files\\Mozilla Thunderbird
2009-11-22 21:04:22 ----HD---- C:\\WINDOWS\\inf
2009-11-22 21:02:48 ----D---- C:\\WINDOWS\\system32\\CatRoot2
2009-11-22 20:40:08 ----D---- C:\\WINDOWS
2009-11-22 20:40:00 ----A---- C:\\WINDOWS\\ModemLog_Bluetooth Fax Modem.txt
2009-11-22 20:40:00 ----A---- C:\\WINDOWS\\ModemLog_Bluetooth DUN Modem.txt
2009-11-22 20:39:54 ----A---- C:\\WINDOWS\\ModemLog_Agere Systems PCI Soft Modem.txt
2009-11-22 19:07:55 ----RSHDC---- C:\\WINDOWS\\system32\\dllcache
2009-11-22 19:07:55 ----D---- C:\\WINDOWS\\system32
2009-11-22 19:06:57 ----SHD---- C:\\WINDOWS\\Installer
2009-11-22 19:03:53 ----HD---- C:\\WINDOWS\\$hf_mig$
2009-11-19 11:29:55 ----A---- C:\\WINDOWS\\NeroDigital.ini
2009-11-15 09:59:03 ----D---- C:\\Documents and Settings\\Gilbert\\Application Data\\Real
2009-11-15 09:54:33 ----D---- C:\\Program Files
2009-11-14 19:01:40 ----A---- C:\\WINDOWS\\IE4 Error Log.txt
2009-11-14 12:46:59 ----D---- C:\\WINDOWS\\system32\\NtmsData
2009-11-14 12:46:36 ----D---- C:\\WINDOWS\\Registration
2009-11-10 16:11:44 ----A---- C:\\Documents and Settings\\All Users\\Application Data\\xml8D.tmp
2009-11-10 16:11:42 ----A---- C:\\Documents and Settings\\All Users\\Application Data\\xml59C7.tmp
2009-11-10 13:42:33 ----A---- C:\\WINDOWS\\system32\\PerfStringBackup.INI
2009-11-05 18:36:21 ----A---- C:\\WINDOWS\\system32\\MRT.exe
2009-11-04 23:22:46 ----A---- C:\\WINDOWS\\imsins.BAK
2009-11-04 07:01:41 ----D---- C:\\Program Files\\Java
2009-11-04 02:49:34 ----D---- C:\\Program Files\\Google
2009-10-30 06:46:29 ----D---- C:\\WINDOWS\\Help
2009-10-25 07:08:32 ----DC---- C:\\WINDOWS\\system32\\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Pilote HID de clavier; C:\\WINDOWS\\system32\\DRIVERS\\kbdhid.sys [2008-04-14 14720]
R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\\WINDOWS\\System32\\drivers\\ws2ifsl.sys [2004-08-05 12032]
R3 Afc;PPdus ASPI Shell; C:\\WINDOWS\\system32\\drivers\\Afc.sys [2005-02-22 11776]
R3 BT;Bluetooth PAN Network Adapter; C:\\WINDOWS\\system32\\DRIVERS\\btnetdrv.sys [2004-09-21 10804]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\\WINDOWS\\system32\\DRIVERS\\vbtenum.sys [2004-09-21 11604]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\\WINDOWS\\system32\\DRIVERS\\fetnd5b.sys [2004-04-15 42496]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\\WINDOWS\\system32\\DRIVERS\\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\hidusb.sys [2008-04-13 10368]
R3 mouhid;Pilote HID de souris; C:\\WINDOWS\\system32\\DRIVERS\\mouhid.sys [2004-08-05 12288]
R3 pfc;Padus ASPI Shell; C:\\WINDOWS\\system32\\drivers\\pfc.sys [2003-12-05 10368]
R3 RT2500USB;RT2500 USB Wireless LAN Driver; C:\\WINDOWS\\system32\\DRIVERS\\rt2500usb.sys [2004-08-13 140544]
R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\tunmp.sys [2008-04-13 12288]
R3 UKBFLT;UKBFLT; C:\\WINDOWS\\system32\\DRIVERS\\UKBFLT.sys [2003-12-19 11672]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d\'hôte amélioré Microsoft USB 2.0; C:\\WINDOWS\\system32\\DRIVERS\\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbhub.sys [2008-04-13 59520]
R3 usbstor;Pilote de stockage de masse USB; C:\\WINDOWS\\system32\\DRIVERS\\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbuhci.sys [2008-04-13 20608]
R3 XUIF;X10 USB Wireless Transceiver; C:\\WINDOWS\\System32\\Drivers\\x10ufx2.sys [2004-01-16 17408]
S1 eeCtrl;Symantec Eraser Control driver; \\??\\C:\\Program Files\\Fichiers communs\\Symantec Shared\\EENGINE\\eeCtrl.sys []
S1 intelppm;Pilote de processeur Intel; C:\\WINDOWS\\system32\\DRIVERS\\intelppm.sys [2008-04-14 40576]
S1 SAVRT;SAVRT; \\??\\C:\\Program Files\\Symantec AntiVirus\\savrt.sys []
S1 SYMTDI;SYMTDI; C:\\WINDOWS\\System32\\Drivers\\SYMTDI.SYS [2004-03-11 263616]
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.0.0.5; C:\\WINDOWS\\system32\\DRIVERS\\AegisP.sys [2004-10-13 15939]
S2 Ca536av;DV 4100M(Video); C:\\WINDOWS\\System32\\Drivers\\Ca536av.sys []
S2 SAVRTPEL;SAVRTPEL; \\??\\C:\\Program Files\\Symantec AntiVirus\\Savrtpel.sys []
S3 AgereSoftModem;Agere Systems Soft Modem; C:\\WINDOWS\\system32\\DRIVERS\\AGRSM.sys [2006-01-25 1149888]
S3 Arp1394;Protocole client ARP 1394; C:\\WINDOWS\\system32\\DRIVERS\\arp1394.sys [2008-04-13 60800]
S3 BlueletAudio;Bluetooth Audio Service; C:\\WINDOWS\\system32\\DRIVERS\\blueletaudio.sys [2004-09-21 19712]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\\WINDOWS\\System32\\Drivers\\btcusb.sys [2004-10-12 23896]
S3 Cap7134;MEDION (7134) WDM Video Capture; C:\\WINDOWS\\system32\\DRIVERS\\Cap7134.sys [2003-06-05 350752]
S3 CardReaderFilter;Card Reader Filter; \\??\\C:\\WINDOWS\\system32\\Drivers\\USBCRFT.SYS []
S3 CCDECODE;Décodeur sous-titre fermé; C:\\WINDOWS\\system32\\DRIVERS\\CCDECODE.sys [2008-04-13 17024]
S3 cmudax;C-Media High Definition Audio Interface; C:\\WINDOWS\\system32\\drivers\\cmudax.sys [2004-10-01 1272000]
S3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\\WINDOWS\\system32\\DRIVERS\\el90xbc5.sys [2001-08-17 66591]
S3 fbxusb;Carte réseau virtuelle FreeBox USB; C:\\WINDOWS\\system32\\DRIVERS\\fbxusb32.sys [2004-10-20 21344]
S3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio; C:\\WINDOWS\\system32\\drivers\\HdAudio.sys [2004-03-17 113664]
S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\\WINDOWS\\system32\\drivers\\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\\WINDOWS\\system32\\drivers\\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\\WINDOWS\\system32\\DRIVERS\\NABTSFEC.sys [2008-04-13 85248]
S3 NAVENG;NAVENG; \\??\\C:\\PROGRA~1\\FICHIE~1\\SYMANT~1\\VIRUSD~1\\20091122.003\\naveng.sys []
S3 NAVEX15;NAVEX15; \\??\\C:\\PROGRA~1\\FICHIE~1\\SYMANT~1\\VIRUSD~1\\20091122.003\\navex15.sys []
S3 NdisIP;Connection TV/vidéo Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;Pilote réseau 1394; C:\\WINDOWS\\system32\\DRIVERS\\nic1394.sys [2008-04-13 61824]
S3 NPF;Netgroup Packet Filter; \\??\\C:\\WINDOWS\\system32\\drivers\\packet.sys []
S3 NTSIM;NTSIM; \\??\\C:\\WINDOWS\\system32\\ntsim.sys []
S3 nv;nv; C:\\WINDOWS\\system32\\DRIVERS\\nv4_mini.sys [2004-09-20 2738592]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3; C:\\WINDOWS\\system32\\DRIVERS\\PhTVTune.sys [2003-06-12 24704]
S3 PsSdk31;PsSdk31; \\??\\C:\\WINDOWS\\system32\\Drivers\\pssdk31.drv []
S3 PsSdkLBF;PsSdkLBF; \\??\\C:\\WINDOWS\\system32\\Drivers\\pssdklbf.drv []
S3 RivaTuner32;RivaTuner32; \\??\\C:\\Program Files\\RivaTuner v2.23\\RivaTuner32.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\\WINDOWS\\System32\\Drivers\\RootMdm.sys [2004-08-05 5888]
S3 SANDRA;SANDRA; \\??\\C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\WNt500x86\\Sandra.sys []
S3 SLIP;Détrameur décalage BDA; C:\\WINDOWS\\system32\\DRIVERS\\SLIP.sys [2008-04-13 11136]
S3 StillCam;Pilote d\'appareil photo numérique série; C:\\WINDOWS\\system32\\DRIVERS\\serscan.sys [2001-08-23 6912]
S3 streamip;BDA IPSink; C:\\WINDOWS\\system32\\DRIVERS\\StreamIP.sys [2008-04-13 15232]
S3 SymEvent;SymEvent; \\??\\C:\\Program Files\\Symantec\\SYMEVENT.SYS []
S3 SYMREDRV;SYMREDRV; C:\\WINDOWS\\System32\\Drivers\\SYMREDRV.SYS [2004-03-11 16288]
S3 TVICHW32;TVICHW32; \\??\\C:\\WINDOWS\\system32\\DRIVERS\\TVICHW32.SYS []
S3 usbaudio;Pilote USB audio (WDM); C:\\WINDOWS\\system32\\drivers\\usbaudio.sys [2008-04-13 60032]
S3 USBCamera;DV 4100M(Still); C:\\WINDOWS\\System32\\Drivers\\Bulk536.sys []
S3 usbprint;Classe d\'imprimantes USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\\WINDOWS\\system32\\DRIVERS\\usbscan.sys [2008-04-13 15104]
S3 VComm;Virtual Serial port driver; C:\\WINDOWS\\system32\\DRIVERS\\VComm.sys [2004-09-21 61048]
S3 VcommMgr;Bluetooth VComm Manager Service; C:\\WINDOWS\\System32\\Drivers\\VcommMgr.sys [2004-09-22 81548]
S3 wanatw;WAN Miniport (ATW); C:\\WINDOWS\\system32\\DRIVERS\\wanatw4.sys [2003-01-10 33588]
S3 wbscr;Winbond Smartcard Reader for I/O; C:\\WINDOWS\\system32\\drivers\\wbscr.sys [2002-04-24 19928]
S3 WpdUsb;WpdUsb; C:\\WINDOWS\\system32\\DRIVERS\\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\\WINDOWS\\system32\\DRIVERS\\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\\WINDOWS\\system32\\DRIVERS\\wudfrd.sys [2006-09-28 82944]
S4 INO_FLPY;INO_FLPY; C:\\WINDOWS\\system32\\Drivers\\ino_flpy.sys [2003-06-19 19712]
S4 INO_FLTR;INO_FLTR; \\??\\C:\\WINDOWS\\system32\\Drivers\\ino_fltr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 6to4;Service d\'application d\'assistance IPv6; C:\\WINDOWS\\system32\\svchost.exe [2008-04-14 14336]
S2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\\Program Files\\IVT Corporation\\BlueSoleil\\BTNtService.exe [2004-10-12 106496]
S2 Bonjour Service;Service Bonjour; C:\\Program Files\\Bonjour\\mDNSResponder.exe [2008-08-29 238888]
S2 ccEvtMgr;Symantec Event Manager; C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccEvtMgr.exe [2004-03-31 255072]
S2 ccSetMgr;Symantec Settings Manager; C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccSetMgr.exe [2004-03-31 242784]
S2 DefWatch;Symantec AntiVirus Definition Watcher; C:\\Program Files\\Symantec AntiVirus\\DefWatch.exe [2004-03-31 29928]
S2 Fax;Fax; C:\\WINDOWS\\system32\\fxssvc.exe [2008-04-14 268800]
S2 gupdate1c97228ea2a95cc;Google Update Service (gupdate1c97228ea2a95cc); C:\\Program Files\\Google\\Update\\GoogleUpdate.exe [2009-01-09 133104]
S2 JavaQuickStarterService;Java Quick Starter; C:\\Program Files\\Java\\jre6\\bin\\jqs.exe [2009-10-11 153376]
S2 LogWatch;Event Log Watch; C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\LogWatNT.exe []
S2 NMSAccessU;NMSAccessU; C:\\Program Files\\CDBurnerXP\\NMSAccessU.exe [2008-10-20 71096]
S2 NVSvc;NVIDIA Display Driver Service; C:\\WINDOWS\\system32\\nvsvc32.exe [2004-09-20 127043]
S2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\\WINDOWS\\system32\\IoctlSvc.exe [2006-12-19 81920]
S2 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\RpcAgentSrv.exe [2008-04-17 98488]
S2 SPAMfighter Update Service;SPAMfighter Update Service; C:\\Program Files\\SPAMfighter\\sfus.exe [2009-03-12 184968]
S2 Symantec AntiVirus;Symantec AntiVirus; C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe [2004-03-31 1234152]
S2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\\Program Files\\Windows Media Player\\WMPNetwk.exe [2006-11-03 918016]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\\WINDOWS\\system32\\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Service d\'état ASP.NET; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\aspnet_state.exe [2008-07-25 34312]
S3 CA_LIC_CLNT;Client de licence CA; C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\lic98rmt.exe []
S3 CA_LIC_SRVR;Serveur de licence CA; C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\lic98rmtd.exe []
S3 ccPwdSvc;Symantec Password Validation; C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccPwdSvc.exe [2004-03-31 87136]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\WPF\\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe [2009-03-24 183280]
S3 IDriverT;InstallDriver Table Manager; C:\\Program Files\\Fichiers communs\\InstallShield\\Driver\\1150\\Intel 32\\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE [2006-02-20 2041536]
S3 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBService.exe [2008-06-08 877864]
S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\\Program Files\\Fichiers communs\\Nero\\Nero BackItUp 4\\NBService.exe [2008-09-30 935208]
S3 NMIndexingService;NMIndexingService; C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NMIndexingService.exe [2008-06-24 537896]
S3 SavRoam;SAVRoam; C:\\Program Files\\Symantec AntiVirus\\SavRoam.exe [2004-03-31 169192]
S3 ServiceLayer;ServiceLayer; C:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe [2008-11-11 620544]
S3 SNDSrvc;Symantec Network Drivers Service; C:\\Program Files\\Fichiers communs\\Symantec Shared\\SNDSrvc.exe [2004-03-11 193760]
S3 x10nets;X10 Device Network Service; C:\\PROGRA~1\\COMMON~1\\X10\\Common\\x10nets.exe [2001-11-12 20480]
S4 InoRPC;eTrust Antivirus RPC Server; C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe []
S4 InoRT;eTrust Antivirus Realtime Server; C:\\Program Files\\CA\\eTrust Antivirus\\InoRT.exe []
S4 InoTask;eTrust Antivirus Job Server; C:\\Program Files\\CA\\eTrust Antivirus\\InoTask.exe []
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Et voici info.text
info.txt logfile of random\'s system information tool 1.06 2009-11-23 16:37:58

======Uninstall list======

-->C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\\Program Files\\Nero\\Nero8\\\\nero\\uninstall\\UNNERO.exe /UNINSTALL
-->C:\\WINDOWS\\IsUn040c.exe -fC:\\WINDOWS\\orun32.isu
-->C:\\WINDOWS\\UNNeroBackItUp.exe /UNINSTALL
-->C:\\WINDOWS\\UNNeroMediaHome.exe /UNINSTALL
-->C:\\WINDOWS\\UNNeroShowTime.exe /UNINSTALL
-->C:\\WINDOWS\\UNNeroVision.exe /UNINSTALL
-->C:\\WINDOWS\\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\\WINDOWS\\INF\\PCHealth.inf
7-Zip 9.07 beta-->\"C:\\Program Files\\7-Zip\\Uninstall.exe\"
AC3Filter (remove only)-->C:\\Program Files\\AC3Filter\\uninstall.exe
Adobe Flash Player 10 ActiveX-->C:\\WINDOWS\\system32\\Macromed\\Flash\\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\\WINDOWS\\system32\\Macromed\\Flash\\uninstall_plugin.exe
Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
Adobe Shockwave Player 11.5-->\"C:\\WINDOWS\\system32\\Adobe\\Shockwave 11\\uninstaller.exe\"
Agere Systems PCI Soft Modem-->agrsmdel
AltoMP3 Maker 3.20-->\"C:\\Program Files\\AltoMP3 Maker\\unins000.exe\"
AnmanieSMP 2.4 i-->\"C:\\Program Files\\AnmSMP\\unins000.exe\"
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\\Program Files\\WinRAR\\uninstall.exe
ArcSoft Software Suite-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{41F71B19-4F04-49A9-99BE-7348AA1EA665}\\setup.exe\" -l0x40c
Ask Toolbar-->rundll32 C:\\PROGRA~1\\AskTBar\\bar\\1.bin\\AskTBar.dll,O
Audacity 1.2.6-->\"C:\\Program Files\\Audacity\\unins000.exe\"
Avidemux 2.4-->C:\\Program Files\\Avidemux 2.4\\uninstall.exe
AVS Audio Converter version 6.1-->\"C:\\Program Files\\AVS4YOU\\AVSAudioConverter6\\unins000.exe\"
AVS Audio Editor version 4.1-->\"C:\\Program Files\\AVS4YOU\\AVSAudioEditor\\unins000.exe\"
AVS Capture Wizard 1.5.1-->\"C:\\Program Files\\AVS4YOU\\AVSCaptureWizard\\unins000.exe\"
AVS DVDMenu Editor 1.2.1.19-->\"C:\\Program Files\\Fichiers communs\\AVSMedia\\AVS DVDMenu Editor\\unins000.exe\"
AVS Update Manager 1.0-->\"C:\\Program Files\\AVS4YOU\\AVSUpdateManager\\unins000.exe\"
AVS Video Converter 6-->\"C:\\Program Files\\AVS4YOU\\AVSVideoConverter6\\unins000.exe\"
AVS Video Editor 3.5-->\"C:\\Program Files\\AVS4YOU\\AVSVideoEditor\\unins000.exe\"
AVS4YOU Software Navigator 1.3-->\"C:\\Program Files\\AVS4YOU\\AVSSoftwareNavigator\\unins000.exe\"
B-Association-->C:\\Program Files\\B-Association\\uninstall.exe
BlueSoleil-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\\setup.exe\" -l0x40c
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CA eTrust Antivirus-->C:\\WINDOWS\\IsUn040c.exe -f\"C:\\Program Files\\CA\\eTrust Antivirus\\Uninst.isu\" -c\"C:\\Program Files\\CA\\eTrust Antivirus\\InoSetup.dll\"
Calendrier Xtra v10.030-->\"C:\\Program Files\\Calendrier\\unins000.exe\"
CCleaner-->\"C:\\Program Files\\CCleaner\\uninst.exe\"
CD Jaquette 5.0-->\"C:\\JSAL Software\\CD Jaquette\\uninstall.exe\"
CDBurnerXP-->\"C:\\Program Files\\CDBurnerXP\\unins000.exe\"
Clean My Registry v5.0-->\"C:\\Program Files\\Smart PC Solutions\\Clean My Registry\\unins000.exe\"
C-Media High Definition Audio Driver-->C:\\WINDOWS\\system32\\cmirmdrv.exe
Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE}
Complément Microsoft Word pour Microsoft Works Suite-->MsiExec.exe /I{17E57E89-DDB3-4f76-9AF1-A8E01CC633E4}
ConvertHelper 2.2-->\"C:\\Program Files\\ConvertHelper\\unins000.exe\"
Correctif pour Windows Internet Explorer 7 (KB947864)-->\"C:\\WINDOWS\\ie7updates\\KB947864-IE7\\spuninst\\spuninst.exe\"
Correctif pour Windows XP (KB952287)-->\"C:\\WINDOWS\\$NtUninstallKB952287$\\spuninst\\spuninst.exe\"
Correctif pour Windows XP (KB961118)-->\"C:\\WINDOWS\\$NtUninstallKB961118$\\spuninst\\spuninst.exe\"
Correctif pour Windows XP (KB970653-v3)-->\"C:\\WINDOWS\\$NtUninstallKB970653-v3$\\spuninst\\spuninst.exe\"
Creatix V.92 Data Fax Modem-->agrsmdel
DBX Backup v.1.1-->\"C:\\Program Files\\DBX Backup\\uninstall.exe\"
Dealio Toolbar 3.4-->MsiExec.exe /X{6105648C-0C3C-481D-8C11-1F4952D6FB53}
DeepBurner v1.8.0.224-->\"C:\\Program Files\\Astonsoft\\DeepBurner\\Uninstall.exe\" \"C:\\Program Files\\Astonsoft\\DeepBurner\\install.log\"
DeviceControl-->MsiExec.exe /I{EABE2A27-9452-472E-9389-EFF410E956E1}
DivX Player-->C:\\Program Files\\DivX\\DivXPlayerUninstall.exe /PLAYER
DivX Pro-->C:\\Program Files\\DivX\\DivXCodecUninstall.exe /CODEC
DriverAgent by TouchStone Software-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
DVD Flick-->\"C:\\Program Files\\DVD Flick\\unins000.exe\"
DVD Shrink 3.2-->\"C:\\Program Files\\DVD Shrink\\unins000.exe\"
EasyCleaner-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\PROFES~1\\RunTime\\10\\01\\Intel32\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{F5346614-B7C4-4E94-826A-E2363155233D}\\setup.exe\" -l0x9 -removeonly
EnvPrint 3.5.2-->\"C:\\Program Files\\EnvPrint\\unins000.exe\"
EPSON SMART PANEL for Scanner-->C:\\WINDOWS\\unin040c.exe -f\"C:\\Program Files\\EPSON\\EPSON SMART PANEL for Scanner\\DeIsL1.isu\"
EPSON TWAIN 5-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\\Setup.exe\" -l0x40c UNINSTALL
EtiketaGoGo v3.3.2-->\"C:\\Program Files\\EtiketaGoGo\\unins000.exe\"
EVEREST Home Edition v2.20-->\"C:\\Program Files\\Lavalys\\EVEREST Home Edition\\unins000.exe\"
Exstora 2.3-->C:\\Program Files\\Exstora\\Uninstall.exe
Extension HighMAT pour l\'Assistant Graver un CD de Microsoft Windows XP-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
FileZilla Client 3.2.1-->C:\\Program Files\\FileZilla FTP Client\\uninstall.exe
Free Video to MP3 Converter version 3.2-->\"C:\\Program Files\\DVDVideoSoft\\Free Video to MP3 Converter\\unins000.exe\"
Generic USB CardReader 2.0-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\\Setup.exe\" -l0x9 -wUninst
Gigaget-->\"C:\\Program Files\\Giganology\\Gigaget\\unins000.exe\"
Gimp 2.6.0-->\"C:\\Program Files\\GIMP-2.0\\setup\\unins000.exe\"
Google Earth Plug-in-->MsiExec.exe /X{FE24D361-A3E8-11DE-88F3-005056806466}
Google Gears-->MsiExec.exe /I{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}
Google Gmail Notifier-->\"C:\\Program Files\\Google\\Gmail Notifier\\UninstallGmail.exe\"
Google SketchUp 6-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\PROFES~1\\RunTime\\11\\50\\Intel32\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\\setup.exe\" -l0x40c -removeonly
Google SketchUp 6-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\PROFES~1\\RunTime\\11\\50\\Intel32\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\\setup.exe\" -l0x40c -removeonly
Google SketchUp-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\PROFES~1\\RunTime\\09\\01\\Intel32\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{E1423608-F529-40A1-93CA-C7F396F30DF0}\\setup.exe\" -l0x9
Google Talk (remove only)-->\"C:\\Program Files\\Google\\Google Talk\\uninstall.exe\"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s \"c:\\program files\\google\\googletoolbar1.dll\"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Grisbi 0.5.9-->C:\\Program Files\\Grisbi\\uninstall.exe
GTK+ 2.8.9 runtime environment-->\"C:\\Program Files\\Fichiers communs\\GTK\\2.0\\unins000.exe\"
HijackThis 2.0.2-->\"C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe\" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\\WINDOWS\\system32\\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=\"\"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\\WINDOWS\\system32\\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=\"\"
Informations sur votre PC-->MsiExec.exe /I{36D6F663-DF15-45BD-B0C6-4B909308E3B6}
IrfanView (remove only)-->C:\\Program Files\\IrfanView\\iv_uninstall.exe
IziSpot 4-->MsiExec.exe /X{117F577F-E35E-458A-87C5-FBF96879C5CE}
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Learn2 Player (Uninstall Only)-->C:\\Program Files\\Learn2.com\\StRunner\\stuninst.exe
Lecteur Windows Media 11-->\"C:\\Program Files\\Windows Media Player\\Setup_wm.exe\" /Uninstall
LiveUpdate 3.0 (Symantec Corporation)-->\"C:\\Program Files\\Symantec\\LiveUpdate\\LSETUP.EXE\" /U
Logiciel de Photoreflex-->\"C:\\Program Files\\Photoreflex\\Logiciel de Photoreflex\\uninstall.exe\"
logicieltv Uninstall-->C:\\logicieltv\\logicieltv\\ACCSIM~1.EXE /c
LUMIX Simple Viewer-->C:\\Program Files\\InstallShield Installation Information\\{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}\\setup.exe -runfromtemp -l0x040c -removeonly
MaCalculatrice 2.3-->MsiExec.exe /I{48D87CF2-9E6A-47B3-980B-2C1D3EF56819}
Macromedia Shockwave Player-->C:\\WINDOWS\\system32\\Macromed\\SHOCKW~1\\UNWISE.EXE C:\\WINDOWS\\system32\\Macromed\\SHOCKW~1\\Install.log
Magnifier Powertoy for Windows XP-->MsiExec.exe /I{2FBF04DC-404C-4FA4-BA28-99903080D2B9}
Malwarebytes\' Anti-Malware-->\"C:\\Program Files\\Malwarebytes\' Anti-Malware\\unins000.exe\"
MediaCoder 0.6.1-->C:\\Program Files\\MediaCoder\\uninst.exe
MediaShow 3.0-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{D5A9B7C0-8751-11D8-9D75-000129760D75}\\setup.exe\" -uninstall
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->\"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\Updates\\hotfix.exe\" \"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\Updates\\M953297\\M953297Uninstall.msp\"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Microsoft .NET Framework 3.5 SP1\\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft AutoRoute 2005-->MsiExec.exe /I{67E4EE98-59F4-4220-89A6-A20AF5BEC689}
Microsoft Money-->C:\\Program Files\\Microsoft Money 2005\\MNYCoreFiles\\Setup\\uninst.exe /s:120
Microsoft Office 2000 Professional-->MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Disque 2-->MsiExec.exe /I{0004040C-78E1-11D2-B60F-006097C998E7}
Microsoft Photo Premium 10-->\"C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Picture It!\\RmvSuite.exe\" ADDREMOVE=1 SKU=PREM
Microsoft Picture It! Express 7.0-->MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE130}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2002-->MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9}
Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
Mira version 2.7.0.1-->\"C:\\Program Files\\SoftChris\\Mira\\unins000.exe\"
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->\"C:\\WINDOWS\\$NtUninstallKB959772_WM11$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->\"C:\\WINDOWS\\$NtUninstallKB952069_WM9$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->\"C:\\WINDOWS\\$NtUninstallKB954155_WM9$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->\"C:\\WINDOWS\\$NtUninstallKB968816_WM9$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->\"C:\\WINDOWS\\$NtUninstallKB973540_WM9$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->\"C:\\WINDOWS\\$NtUninstallKB954154_WM11$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->\"C:\\WINDOWS\\ie7updates\\KB928090-IE7\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->\"C:\\WINDOWS\\ie7updates\\KB929969\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->\"C:\\WINDOWS\\ie7updates\\KB931768-IE7\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->\"C:\\WINDOWS\\ie7updates\\KB933566-IE7\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->\"C:\\WINDOWS\\ie7updates\\KB937143-IE7\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->\"C:\\WINDOWS\\ie7updates\\KB938127-IE7\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->\"C:\\WINDOWS\\ie7updates\\KB939653-IE7\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->\"C:\\WINDOWS\\ie7updates\\KB942615-IE7\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->\"C:\\WINDOWS\\ie7updates\\KB944533-IE7\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->\"C:\\WINDOWS\\ie7updates\\KB950759-IE7\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->\"C:\\WINDOWS\\ie7updates\\KB953838-IE7\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->\"C:\\WINDOWS\\ie7updates\\KB956390-IE7\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->\"C:\\WINDOWS\\ie7updates\\KB958215-IE7\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->\"C:\\WINDOWS\\ie7updates\\KB960714-IE7\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->\"C:\\WINDOWS\\ie7updates\\KB961260-IE7\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->\"C:\\WINDOWS\\ie8updates\\KB969897-IE8\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->\"C:\\WINDOWS\\ie8updates\\KB971961-IE8\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)-->\"C:\\WINDOWS\\ie8updates\\KB972260-IE8\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)-->\"C:\\WINDOWS\\ie8updates\\KB974455-IE8\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB923561)-->\"C:\\WINDOWS\\$NtUninstallKB923561$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB938464)-->\"C:\\WINDOWS\\$NtUninstallKB938464$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB946648)-->\"C:\\WINDOWS\\$NtUninstallKB946648$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB950760)-->\"C:\\WINDOWS\\$NtUninstallKB950760$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB950762)-->\"C:\\WINDOWS\\$NtUninstallKB950762$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB950974)-->\"C:\\WINDOWS\\$NtUninstallKB950974$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB951066)-->\"C:\\WINDOWS\\$NtUninstallKB951066$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB951376)-->\"C:\\WINDOWS\\$NtUninstallKB951376$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->\"C:\\WINDOWS\\$NtUninstallKB951376-v2$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB951698)-->\"C:\\WINDOWS\\$NtUninstallKB951698$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB951748)-->\"C:\\WINDOWS\\$NtUninstallKB951748$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB952004)-->\"C:\\WINDOWS\\$NtUninstallKB952004$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB952954)-->\"C:\\WINDOWS\\$NtUninstallKB952954$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB953839)-->\"C:\\WINDOWS\\$NtUninstallKB953839$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB954211)-->\"C:\\WINDOWS\\$NtUninstallKB954211$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB954459)-->\"C:\\WINDOWS\\$NtUninstallKB954459$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB954600)-->\"C:\\WINDOWS\\$NtUninstallKB954600$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB955069)-->\"C:\\WINDOWS\\$NtUninstallKB955069$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB956391)-->\"C:\\WINDOWS\\$NtUninstallKB956391$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB956572)-->\"C:\\WINDOWS\\$NtUninstallKB956572$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB956744)-->\"C:\\WINDOWS\\$NtUninstallKB956744$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB956802)-->\"C:\\WINDOWS\\$NtUninstallKB956802$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB956803)-->\"C:\\WINDOWS\\$NtUninstallKB956803$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB956841)-->\"C:\\WINDOWS\\$NtUninstallKB956841$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB956844)-->\"C:\\WINDOWS\\$NtUninstallKB956844$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB957095)-->\"C:\\WINDOWS\\$NtUninstallKB957095$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB957097)-->\"C:\\WINDOWS\\$NtUninstallKB957097$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB958644)-->\"C:\\WINDOWS\\$NtUninstallKB958644$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB958687)-->\"C:\\WINDOWS\\$NtUninstallKB958687$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB958690)-->\"C:\\WINDOWS\\$NtUninstallKB958690$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB958869)-->\"C:\\WINDOWS\\$NtUninstallKB958869$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB959426)-->\"C:\\WINDOWS\\$NtUninstallKB959426$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB960225)-->\"C:\\WINDOWS\\$NtUninstallKB960225$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB960715)-->\"C:\\WINDOWS\\$NtUninstallKB960715$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB960803)-->\"C:\\WINDOWS\\$NtUninstallKB960803$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB960859)-->\"C:\\WINDOWS\\$NtUninstallKB960859$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB961371)-->\"C:\\WINDOWS\\$NtUninstallKB961371$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB961373)-->\"C:\\WINDOWS\\$NtUninstallKB961373$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB961501)-->\"C:\\WINDOWS\\$NtUninstallKB961501$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB968537)-->\"C:\\WINDOWS\\$NtUninstallKB968537$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB969059)-->\"C:\\WINDOWS\\$NtUninstallKB969059$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB969898)-->\"C:\\WINDOWS\\$NtUninstallKB969898$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB969947)-->\"C:\\WINDOWS\\$NtUninstallKB969947$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB970238)-->\"C:\\WINDOWS\\$NtUninstallKB970238$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB971486)-->\"C:\\WINDOWS\\$NtUninstallKB971486$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB971557)-->\"C:\\WINDOWS\\$NtUninstallKB971557$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB971633)-->\"C:\\WINDOWS\\$NtUninstallKB971633$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB971657)-->\"C:\\WINDOWS\\$NtUninstallKB971657$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB973346)-->\"C:\\WINDOWS\\$NtUninstallKB973346$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB973354)-->\"C:\\WINDOWS\\$NtUninstallKB973354$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB973507)-->\"C:\\WINDOWS\\$NtUninstallKB973507$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB973525)-->\"C:\\WINDOWS\\$NtUninstallKB973525$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB973869)-->\"C:\\WINDOWS\\$NtUninstallKB973869$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB974112)-->\"C:\\WINDOWS\\$NtUninstallKB974112$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB974571)-->\"C:\\WINDOWS\\$NtUninstallKB974571$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB975025)-->\"C:\\WINDOWS\\$NtUninstallKB975025$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB975467)-->\"C:\\WINDOWS\\$NtUninstallKB975467$\\spuninst\\spuninst.exe\"
Mise à jour pour Windows Internet Explorer 8 (KB976749)-->\"C:\\WINDOWS\\ie8updates\\KB976749-IE8\\spuninst\\spuninst.exe\"
Mise à jour pour Windows XP (KB951072-v2)-->\"C:\\WINDOWS\\$NtUninstallKB951072-v2$\\spuninst\\spuninst.exe\"
Mise à jour pour Windows XP (KB951978)-->\"C:\\WINDOWS\\$NtUninstallKB951978$\\spuninst\\spuninst.exe\"
Mise à jour pour Windows XP (KB955839)-->\"C:\\WINDOWS\\$NtUninstallKB955839$\\spuninst\\spuninst.exe\"
Mise à jour pour Windows XP (KB967715)-->\"C:\\WINDOWS\\$NtUninstallKB967715$\\spuninst\\spuninst.exe\"
Mise à jour pour Windows XP (KB968389)-->\"C:\\WINDOWS\\$NtUninstallKB968389$\\spuninst\\spuninst.exe\"
Mise à jour pour Windows XP (KB973815)-->\"C:\\WINDOWS\\$NtUninstallKB973815$\\spuninst\\spuninst.exe\"
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\\setup.exe
Mozilla Firefox (3.5.5)-->C:\\Program Files\\Mozilla Firefox\\uninstall\\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\\Program Files\\Mozilla Thunderbird\\uninstall\\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Musicmatch® Jukebox-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\PROFES~1\\RunTime\\09\\01\\Intel32\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\\setup.exe\" -l0x40c -uninst
Need2Find Bar-->rundll32 C:\\PROGRA~1\\NEED2F~1\\bar\\1.bin\\Nd2fnBar.dll,O
Nero 8-->MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041036}
Nero 9-->C:\\Program Files\\Fichiers communs\\Nero\\Nero ProductInstaller 4\\SetupX.exe REMOVESERIALNUMBER=\"9M03-019A-H88Z-PP02-0C8M-CMW7-3C6T-H48Z\"
Nero BackItUp 4-->C:\\Program Files\\Fichiers communs\\Nero\\Nero ProductInstaller 4\\SetupX.exe REMOVESERIALNUMBER=\"9M11-01A3-A5KZ-A008-K336-T471-8TT5-WXEZ\"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\\WINDOWS\\system32\\nvudisp.exe UninstallGUI
OpenOffice.org 3.1-->MsiExec.exe /I{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}
Orbit Downloader-->\"C:\\Program Files\\Orbitdownloader\\unins000.exe\"
Paramètres d\'orthographe pour le français-->RunDll32 advpack.dll,LaunchINFSection C:\\Program Files\\FrRefFra\\FrReffr.inf, Uninstall
PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
PC Inspector File Recovery-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\PROFES~1\\RunTime\\0701\\Intel32\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\\Setup.exe\" -l0x40c
PDFCreator Toolbar-->\"C:\\WINDOWS\\PDFCreator_Toolbar_Uninstaller_953.exe\" _?=C:\\Program Files\\PDFCreator Toolbar
PDFCreator-->C:\\Program Files\\PDFCreator\\unins000.exe
PHOTOfunSTUDIO -viewer--->C:\\Program Files\\InstallShield Installation Information\\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}\\Setup.exe -runfromtemp -l0x040cPackage -removeonly
PhotoNow! 1.0-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{D36DD326-7280-11D8-97C8-000129760CBE}\\setup.exe\" -uninstall
Picasa 3-->\"C:\\Program Files\\Google\\Picasa3\\Uninstall.exe\"
Pinnacle VideoSpin-->MsiExec.exe /X{4EDB1CA5-983F-4FC3-A8E3-E34981E05A60}
Pixia 3.3b-->\"C:\\Program Files\\Seagrand\\Pixia\\unins000.exe\"
Polaroid Digital 320 Camera Twain Driver-->C:\\WINDOWS\\IsUninst.exe -f\"C:\\Program Files\\Digital 320\\Uninst.isu\"
PowerCinema 3.0-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\\setup.exe\" -uninstall
PowerDirector-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\\setup.exe\" -uninstall
PowerDVD-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\\setup.exe\" -uninstall
PowerProducer-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\\setup.exe\" -uninstall
QALITEL logigramme-->C:\\PROGRA~1\\QLOGIG~1\\UNWISE.EXE C:\\PROGRA~1\\QLOGIG~1\\INSTALL.LOG
qFreeFax 0.1-->C:\\Program Files\\qFreeFax\\uninst.exe
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer-->C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 7.0-->\"C:\\Program Files\\Registry Mechanic\\unins000.exe\"
Restoration -->C:\\Program Files\\Restoration\\uninstall.exe
RivaTuner v2.23-->\"C:\\Program Files\\RivaTuner v2.23\\uninstall.exe\"
RT2500 USB Wireless LAN Card-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\PROFES~1\\RunTime\\10\\01\\Intel32\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{5490B6EF-5A48-40B7-A9E0-D3B886D17A29}\\setup.exe\" -l0x40c -removeonly
Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sélecteur d\'installation de Microsoft Works 2005-->C:\\Program Files\\Microsoft Works Suite 2005\\Setup\\Launcher.exe /ARP g:\\
ShellFTP-->\"C:\\Program Files\\ShellFTP\\uninstall.exe\"
Shockwave-->C:\\WINDOWS\\system32\\Macromed\\SHOCKW~2\\UNWISE.EXE C:\\WINDOWS\\system32\\Macromed\\SHOCKW~2\\Install.log
Sierra Print Artist 6.0-->C:\\WINDOWS\\IsUn040c.exe -fC:\\SIERRA\\PA6\\Uninst.isu -c\"C:\\SIERRA\\PA6\\PASTP.DLL\"
SILKYPIX Developer Studio 2.0 SE-->C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\Driver\\1150\\INTEL3~1\\IDriver.exe /M{5B25274F-088A-4A24-AE12-4AEE9278025A} /l1036 UNINSTALL
Simple Sudoku 4.2-->\"C:\\Program Files\\Simple Sudoku\\unins000.exe\"
SiSoftware Sandra Lite XII.SP2b-->\"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\unins000.exe\"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smart Manager-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{1E02403C-C469-4937-9B94-7DF9F78888FA}\\Setup.exe\" -l0x40c
SPAMfighter-->\"C:\\Program Files\\SPAMfighter\\uninstall.exe\" Remove
SpeedFan (remove only)-->\"C:\\Program Files\\SpeedFan\\uninstall.exe\"
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy 1.4-->\"C:\\Program Files\\Spybot - Search & Destroy\\unins000.exe\"
Spybot - Search & Destroy-->\"C:\\Program Files\\Spybot - Search & Destroy\\unins001.exe\"
StationRipper 2.91C-->C:\\Program Files\\Ratajik Software\\StationRipper\\uninstall-StationRipper.exe
STK016_V2.01-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{D5D71581-51DA-4D0B-89B1-52671AC16B74}\\Setup.exe\" -l0x9
Symantec AntiVirus-->MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
System Requirements Lab-->C:\\Program Files\\SystemRequirementsLab\\Uninstall.exe
TextBridge Pro 8.0-->\"C:\\Program Files\\TextBridge Pro 8.0\\bin\\setup.exe\" -funinst.ins
Todae - Live Media-->C:\\Program Files\\Windows Media Player\\Plugins\\Todae\\RMP\\uninstall_fr.exe
Ulead PhotoImpact 12-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\PROFES~1\\RunTime\\0701\\Intel32\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{11AFE21E-B193-430D-B57A-DFF7815BB962}\\setup.exe\" -l0x40c
Uninstall 1.0.0.1-->\"C:\\Program Files\\Fichiers communs\\DVDVideoSoft\\unins000.exe\"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\\WINDOWS\\system32\\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=\"\"
USB Wireless Keyboard Driver-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{D1955A3A-EA24-4682-8641-43B5B688B09A}\\Setup.exe\" -l0x40c
Utilitaire de sauvegarde Windows-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
videon-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\PROFES~1\\RunTime\\0701\\Intel32\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{261D0486-9127-4071-BA1D-FE784310752E}\\Setup.exe\" -l0x40c
Viewpoint Media Player (Remove Only)-->C:\\Program Files\\Viewpoint\\Viewpoint Experience Technology\\\\mtsAxInstaller.exe /u
Visionneuse Journal Windows Microsoft-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
VLC media player 1.0.1-->C:\\Program Files\\VLC1_1\\VLC\\uninstall.exe
VSO Image Resizer 2.2.2.1-->\"C:\\Program Files\\VSO\\Image Resizer\\unins000.exe\"
W83L518D-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{CD815603-AB71-4CFB-B3AC-522298037ACC}\\Setup.exe\" -l0x40c
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Internet Explorer 8-->\"C:\\WINDOWS\\ie8\\spuninst\\spuninst.exe\"
Windows Media Format 11 runtime-->\"C:\\Program Files\\Windows Media Player\\wmsetsdk.exe\" /UninstallAll
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->\"C:\\WINDOWS\\$NtServicePackUninstall$\\spuninst\\spuninst.exe\"
X10 Hardware(TM)-->C:\\WINDOWS\\UNWISE.EXE C:\\PROGRA~1\\X10HAR~1\\Install.log
XML Paper Specification Shared Components Language Pack 1.0-->\"C:\\WINDOWS\\$NtUninstallXPSEPSCLP$\\spuninst\\spuninst.exe\"
XnView 1.96.1-->\"C:\\Program Files\\XnView\\unins000.exe\"
ZipGenius 6 (6.0.3.1130)-->\"C:\\Program Files\\ZipGenius 6\\unins000.exe\"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======System event log======

Computer Name: GILBERT70
Event Code: 7036
Message: Le service Gestion d\'applications est entré dans l\'état : arrêté.

Record Number: 5901
Source Name: Service Control Manager
Time Written: 20090911085238.000000+120
Event Type: Informations
User:

Computer Name: GILBERT70
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d\'applications.

Record Number: 5900
Source Name: Service Control Manager
Time Written: 20090911085238.000000+120
Event Type: Informations
User: GILBERT70\\Gilbert

Computer Name: GILBERT70
Event Code: 7023
Message: Le service Gestion d\'applications s\'est arrêté avec l\'erreur :
Le module spécifié est introuvable.


Record Number: 5899
Source Name: Service Control Manager
Time Written: 20090911085238.000000+120
Event Type: erreur
User:

Computer Name: GILBERT70
Event Code: 7036
Message: Le service Gestion d\'applications est entré dans l\'état : arrêté.

Record Number: 5898
Source Name: Service Control Manager
Time Written: 20090911085238.000000+120
Event Type: Informations
User:

Computer Name: GILBERT70
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d\'applications.

Record Number: 5897
Source Name: Service Control Manager
Time Written: 20090911085238.000000+120
Event Type: Informations
User: GILBERT70\\Gilbert

=====Application event log=====

Computer Name: GILBERT70
Event Code: 0
Message:
Record Number: 24515
Source Name: gusvc
Time Written: 20090421205856.000000+120
Event Type: Informations
User:

Computer Name: GILBERT70
Event Code: 14
Message:


Le démarrage des services Symantec AntiVirus a réussi.

Record Number: 24514
Source Name: Symantec AntiVirus
Time Written: 20090421205836.000000+120
Event Type: Informations
User:

Computer Name: GILBERT70
Event Code: 0
Message:
Record Number: 24513
Source Name: ServiceLayer
Time Written: 20090421205830.000000+120
Event Type: Informations
User:

Computer Name: GILBERT70
Event Code: 0
Message:
Record Number: 24512
Source Name: gupdate1c97228ea2a95cc
Time Written: 20090421205825.000000+120
Event Type: Informations
User:

Computer Name: GILBERT70
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 24511
Source Name: SecurityCenter
Time Written: 20090421205818.000000+120
Event Type: Informations
User:

======Environment variables======

\"ComSpec\"=%SystemRoot%\\system32\\cmd.exe
\"Path\"=C:\\Program Files\\PC Connectivity Solution\\;%SystemRoot%\\system32;%SystemRoot%;%SystemRoot%\\System32\\Wbem;C:\\PROGRA~1\\CA\\SHARED~1\\SCANEN~1;C:\\PROGRA~1\\CA\\ETRUST~1;C:\\Program Files\\Fichiers communs\\GTK\\2.0\\bin;C:\\Program Files\\ZipGenius 6\\;C:\\Program Files\\Pinnacle\\Shared Files\\;C:\\Program Files\\QuickTime\\QTSystem\\
\"windir\"=%SystemRoot%
\"FP_NO_HOST_CHECK\"=NO
\"OS\"=Windows_NT
\"PROCESSOR_ARCHITECTURE\"=x86
\"PROCESSOR_LEVEL\"=15
\"PROCESSOR_IDENTIFIER\"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
\"PROCESSOR_REVISION\"=0304
\"NUMBER_OF_PROCESSORS\"=2
\"PATHEXT\"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
\"TEMP\"=%SystemRoot%\\TEMP
\"TMP\"=%SystemRoot%\\TEMP
\"AVENGINE\"=C:\\PROGRA~1\\CA\\SHARED~1\\SCANEN~1
\"INOCULAN\"=C:\\PROGRA~1\\CA\\ETRUST~1
\"LANG\"=fr
\"MIGO_DRIVE\"=L
\"SAN_DIR\"=C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b
\"CLASSPATH\"=.;C:\\Program Files\\Java\\jre6\\lib\\ext\\QTJava.zip
\"QTJAVA\"=C:\\Program Files\\Java\\jre6\\lib\\ext\\QTJava.zip
\"SAFEBOOT_OPTION\"=NETWORK

-----------------EOF-----------------



* gil90
Anonyme
Envoyé le 23/11/2009 à 17:01

Trop tard, je viens d\'envoyer celui réalisé en mode sans échec
A +
Gil90

jllg jllg
2 741 contributions
Membre depuis le 24/04/2004
Envoyé le 23/11/2009 à 17:18


ton système est infecté par une toolbar ,avant de faire quoi que ce soit j\'aimerais que tu me poste un rapport rsit ,(seulement le log.txt),réalisé en mode normal

* gil90
Anonyme
Envoyé le 23/11/2009 à 20:13

à jllg. Me revoici. J\'ai une fois encore pu mettre en marche en mode normal, j\'ai relancé RSIT. Voici le rapport \"log.text\" puisque le \"info.txt\" est le même que celui envoyé précédemment (lancé à 16h38).

J\'ai eu l\'affichage ci-dessous :

Est-ce parceque j\'avais laissé la commande \"msconfig\" sur la ligne \"exécuter\" ? Ai-je fait une autre bêtise ?
Voici le rapport :
Logfile of random\'s system information tool 1.06 (written by random/random)
Run by Gilbert at 2009-11-23 17:00:18
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 58 GB (45%) free of 128 GB
Total RAM: 1535 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:28, on 23/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccSetMgr.exe
C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccEvtMgr.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\Google\\Update\\1.2.183.13\\GoogleCrashHandler.exe
C:\\Program Files\\IVT Corporation\\BlueSoleil\\BTNtService.exe
C:\\Program Files\\Bonjour\\mDNSResponder.exe
C:\\Program Files\\Symantec AntiVirus\\DefWatch.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\CDBurnerXP\\NMSAccessU.exe
C:\\WINDOWS\\system32\\nvsvc32.exe
C:\\WINDOWS\\system32\\IoctlSvc.exe
C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\RpcAgentSrv.exe
C:\\Program Files\\SPAMfighter\\sfus.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe
C:\\WINDOWS\\system32\\RunDll32.exe
C:\\WINDOWS\\Dit.exe
C:\\WINDOWS\\AGRSMMSG.exe
C:\\WINDOWS\\mHotkey.exe
C:\\WINDOWS\\CNYHKey.exe
C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\downloads\\RSIT.exe
C:\\Program Files\\trend micro\\Gilbert.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.google.fr/webhp?rls=ig
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\\Program Files\\Orbitdownloader\\orbitcth.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\\WINDOWS\\system32\\gigagetbho_v10.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Fichiers communs\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.3.4501.1418\\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\\Program Files\\PDFCreator Toolbar\\v3.3.0.1\\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\\Program Files\\Google\\Google Gears\\Internet Explorer\\0.5.33.0\\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\\Program Files\\AskTBar\\bar\\1.bin\\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\program files\\google\\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\\Program Files\\AskTBar\\bar\\1.bin\\ASKTBAR.DLL
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\\Program Files\\Orbitdownloader\\GrabPro.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\\Program Files\\PDFCreator Toolbar\\v3.3.0.1\\PDFCreator_Toolbar.dll
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [nwiz] nwiz.exe /install
O4 - HKLM\\..\\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\\..\\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\\..\\Run: [Dit] Dit.exe
O4 - HKLM\\..\\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\\..\\Run: [CHotkey] mHotkey.exe
O4 - HKLM\\..\\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\\..\\Run: [TkBellExe] \"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot
O4 - HKLM\\..\\Run: [MSConfig] C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto
O4 - HKLM\\..\\RunServices: [RegisterDropHandler] C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKUS\\S-1-5-19\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SERVICE LOCAL\')
O4 - HKUS\\S-1-5-20\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SERVICE RÉSEAU\')
O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Download All by Gigaget - C:\\Program Files\\Giganology\\Gigaget\\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\\Program Files\\Giganology\\Gigaget\\geturl.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\\WINDOWS\\system32\\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/202
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\\Program Files\\Google\\Google Gears\\Internet Explorer\\0.5.33.0\\gears.dll
O9 - Extra \'Tools\' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\\Program Files\\Google\\Google Gears\\Internet Explorer\\0.5.33.0\\gears.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O9 - Extra \'Tools\' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\\Program Files\\Dealio\\kb127\\Dealio.dll
O9 - Extra \'Tools\' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\\Program Files\\Dealio\\kb127\\Dealio.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O15 - Trusted IP range: http://194.206.164.165
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097702632093
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215425572093
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://fr.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} (Java Plug-in 1.6.0_16) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{7EC343CE-D76A-4494-9934-2B3EE78B9133}: Domain = Free.fr
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\FICHIE~1\\Skype\\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\\Program Files\\IVT Corporation\\BlueSoleil\\BTNtService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\lic98rmt.exe (file missing)
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\lic98rmtd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\\Program Files\\Symantec AntiVirus\\DefWatch.exe
O23 - Service: Google Update Service (gupdate1c97228ea2a95cc) (gupdate1c97228ea2a95cc) - Google Inc. - C:\\Program Files\\Google\\Update\\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Fichiers communs\\InstallShield\\Driver\\1150\\Intel 32\\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\LogWatNT.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\\Program Files\\Fichiers communs\\Nero\\Nero BackItUp 4\\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\\Program Files\\CDBurnerXP\\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\\WINDOWS\\system32\\IoctlSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\RpcAgentSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\\Program Files\\Symantec AntiVirus\\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\\Program Files\\Fichiers communs\\Symantec Shared\\SNDSrvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\\Program Files\\SPAMfighter\\sfus.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\\PROGRA~1\\COMMON~1\\X10\\Common\\x10nets.exe

--
End of file - 12201 bytes

======Scheduled tasks folder======

C:\\WINDOWS\\tasks\\AppleSoftwareUpdate.job
C:\\WINDOWS\\tasks\\GoogleUpdateTaskMachineCore.job
C:\\WINDOWS\\tasks\\GoogleUpdateTaskMachineUA.job
C:\\WINDOWS\\tasks\\NeroLiveEpgUpdate-GILBERT70_Gilbert.job
C:\\WINDOWS\\tasks\\User_Feed_Synchronization-{F4CBAF48-CDD9-4FA0-BEF2-D2ED1D85186A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\\Program Files\\Orbitdownloader\\orbitcth.dll [2009-10-14 179472]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{111CAA23-6F4F-42AC-8555-B48C1D87BBAB}]
GigagetIEHelper Class - C:\\WINDOWS\\system32\\gigagetbho_v10.dll [2006-01-09 86016]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\\Program Files\\Fichiers communs\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\\program files\\google\\googletoolbar1.dll [2007-11-07 2436160]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.3.4501.1418\\swg.dll [2009-10-09 762864]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\\Program Files\\PDFCreator Toolbar\\v3.3.0.1\\PDFCreator_Toolbar.dll [2008-09-26 806912]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\\Program Files\\Google\\Google Gears\\Internet Explorer\\0.5.33.0\\gears.dll [2009-10-16 2101248]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO - C:\\Program Files\\AskTBar\\bar\\1.bin\\ASKTBAR.DLL [2008-06-20 245760]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\\program files\\google\\googletoolbar1.dll [2007-11-07 2436160]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} - Ask Toolbar - C:\\Program Files\\AskTBar\\bar\\1.bin\\ASKTBAR.DLL [2008-06-20 245760]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\\Program Files\\Orbitdownloader\\GrabPro.dll [2009-10-14 662720]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\\Program Files\\PDFCreator Toolbar\\v3.3.0.1\\PDFCreator_Toolbar.dll [2008-09-26 806912]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"NvCplDaemon\"=C:\\WINDOWS\\system32\\NvCpl.dll [2004-09-20 4583424]
\"nwiz\"=nwiz.exe /install []
\"Raccourci vers la page des propriétés de High Definition Audio\"=C:\\WINDOWS\\system32\\HDAudPropShortcut.exe [2004-03-17 61952]
\"Cmaudio\"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
\"Dit\"=C:\\WINDOWS\\Dit.exe [2004-07-20 90112]
\"AGRSMMSG\"=C:\\WINDOWS\\AGRSMMSG.exe [2005-03-04 88209]
\"CHotkey\"=C:\\WINDOWS\\mHotkey.exe [2004-02-24 508416]
\"ledpointer\"=C:\\WINDOWS\\CNYHKey.exe [2004-02-03 5794816]
\"TkBellExe\"=C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe [2008-12-28 185872]
\"MSConfig\"=C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe [2008-04-14 172544]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"ctfmon.exe\"=C:\\WINDOWS\\system32\\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe ARM]
C:\\Program Files\\Fichiers communs\\Adobe\\ARM\\1.0\\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe Reader Speed Launcher]
C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NMBgMonitor.exe [2008-06-24 132392]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\ccApp]
C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe [2004-03-31 66656]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\InstantAccess]
C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\INSTAN~1.EXE [1999-12-14 37376]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Microsoft Works Update Detection]
C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Works Shared\\WkUFind.exe [2002-11-14 28672]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\mmtask]
C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe [2006-01-17 53248]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSMSGS]
C:\\Program Files\\Messenger\\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NBKeyScan]
C:\\Program Files\\Nero\\Nero BackItUp 4\\NBKeyScan.exe [2008-09-24 2254120]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NeroFilterCheck]
C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NeroCheck.exe [2008-06-19 570664]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PC Suite Tray]
C:\\Program Files\\Nokia\\Nokia PC Suite 7\\PCSuite.exe -onlytray []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PCMService]
C:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe [2004-10-15 81920]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\QuickTime Task]
C:\\Program Files\\QuickTime\\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\RegisterDropHandler]
C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE [1998-12-14 23040]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SPAMfighter Agent]
C:\\Program Files\\SPAMfighter\\SFAgent.exe [2009-03-12 326792]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SpybotSD TeaTimer]
C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SunJavaUpdateSched]
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\swg]
C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe [2007-04-04 68856]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\TkBellExe]
C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe [2008-12-28 185872]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Ulead AutoDetector v2]
C:\\Program Files\\Fichiers communs\\Ulead Systems\\AutoDetector\\monitor.exe [2006-11-29 90112]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\vptray]
C:\\PROGRA~1\\SYMANT~1\\VPTray.exe [2004-03-31 124128]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\WMPNSCFG]
C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
C:\\PROGRA~1\\IVTCOR~1\\BLUESO~1\\BLUESO~1.EXE [2004-10-15 1024000]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON SMART PANEL for Scanner.lnk]
C:\\PROGRA~1\\EPSON\\EPSONS~1\\ESPmain.exe [2000-05-27 180224]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
C:\\PROGRA~1\\MICROS~4\\Office\\OSA9.EXE [1999-02-17 65588]

C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage
AutorunsDisabled

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\NavLogon]
C:\\WINDOWS\\system32\\NavLogon.dll [2004-03-31 83176]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\WgaLogon]
C:\\WINDOWS\\system32\\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\\WINDOWS\\system32\\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\network\\nm]

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\network\\nm.sys]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]
\"dontdisplaylastusername\"=0
\"legalnoticecaption\"=
\"legalnoticetext\"=
\"shutdownwithoutlogon\"=1
\"undockwithoutlogon\"=1
\"PromptOnSecureDesktop\"=0

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"NoDriveTypeAutoRun\"=145

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"HonorAutoRunSetting\"=

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"%ProgramFiles%\\Messenger\\msmsgs.exe\"=\"%ProgramFiles%\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger\"
\"%ProgramFiles%\\AOL 9.0\\AOL.exe\"=\"%ProgramFiles%\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0\"
\"%ProgramFiles%\\AOL 9.0\\WAOL.exe\"=\"%ProgramFiles%\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0\"
\"%CommonProgramFiles%\\AOL\\ACS\\AOLACSD.exe\"=\"%CommonProgramFiles%\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)\"
\"%CommonProgramFiles%\\AOL\\ACS\\AOLDIAL.exe\"=\"%CommonProgramFiles%\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)\"
\"%WinDir%\\system32\\fxsclnt.exe\"=\"%WinDir%\\system32\\fxsclnt.exe:*:enabled:Microsoft Fax Console\"
\"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe\"=\"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:enabled:BlueSoleil\"
\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\"=\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:MSN Messenger\"
\"C:\\Program Files\\Kazaa\\kazaa.exe\"=\"C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa Media Desktop\"
\"C:\\WINDOWS\\system32\\dpvsetup.exe\"=\"C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test\"
\"C:\\WINDOWS\\system32\\rundll32.exe\"=\"C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu\'application\"
\"C:\\Program Files\\Ratajik Software\\StationRipper\\StationRipperConsole.exe\"=\"C:\\Program Files\\Ratajik Software\\StationRipper\\StationRipperConsole.exe:*:Enabled:StationRipperConsole\"
\"C:\\Program Files\\CA\\eTrust Antivirus\\InoNmSrv.exe\"=\"C:\\Program Files\\CA\\eTrust Antivirus\\InoNmSrv.exe:*:Disabled:eTrust Antivirus - Admin Server\"
\"C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe\"=\"C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe:*:Disabled:eTrust Antivirus - Local Scanner\"
\"C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe\"=\"C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe:*:Disabled:eTrust Antivirus - Realtime monitor\"
\"C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe\"=\"C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe:*:Disabled:eTrust Antivirus - RPC Server\"
\"C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe\"=\"C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe:*:Enabled:Gigaget\"
\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\"=\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk\"
\"C:\\Program Files\\Fichiers communs\\AOL\\1172389140\\ee\\aolsoftware.exe\"=\"C:\\Program Files\\Fichiers communs\\AOL\\1172389140\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components\"
\"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe\"=\"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home\"
\"C:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe\"=\"C:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime\"
\"C:\\TDdownload\\incredimail_install.exe\"=\"C:\\TDdownload\\incredimail_install.exe:*:Enabled:IncrediMail Installer\"
\"C:\\Documents and Settings\\Gilbert\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe\"=\"C:\\Documents and Settings\\Gilbert\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe:*:Enabled:IncrediMail Installer\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"
\"C:\\Program Files\\eMule\\emule.exe\"=\"C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule\"
\"C:\\Program Files\\Internet Explorer\\iexplore.exe\"=\"C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer\"
\"C:\\TDdownload\\microtorrent_torrent_1.8_build_11742_anglais_18245.exe\"=\"C:\\TDdownload\\microtorrent_torrent_1.8_build_11742_anglais_18245.exe:*:Enabled:µTorrent\"
\"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\RpcAgentSrv.exe\"=\"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service\"
\"C:\\Program Files\\Skype\\Phone\\Skype.exe\"=\"C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype\"
\"C:\\Program Files\\Orbitdownloader\\orbitdm.exe\"=\"C:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit\"
\"C:\\Program Files\\Orbitdownloader\\orbitnet.exe\"=\"C:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit\"
\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe\"=\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe:*:Enabled:Render Manager\"
\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe\"=\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile\"
\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe\"=\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe:*:Enabled:umi\"
\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe\"=\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin\"
\"C:\\Program Files\\Bonjour\\mDNSResponder.exe\"=\"C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour\"
\"C:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe\"=\"C:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe:*:Enabled:MxDownloadServer\"
\"C:\\Program Files\\utorrent.exe\"=\"C:\\Program Files\\utorrent.exe:*:Enabled:µTorrent\"
\"C:\\Program Files\\Maïdo Production\\IziSpot 4\\IziSpot.exe\"=\"C:\\Program Files\\Maïdo Production\\IziSpot 4\\IziSpot.exe:*:Enabled:IziSpot\"
\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe\"=\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer\"
\"C:\\dolibarr\\bin\\apache\\apache2.2.6\\bin\\httpd.exe\"=\"C:\\dolibarr\\bin\\apache\\apache2.2.6\\bin\\httpd.exe:*:Disabled:Apache HTTP Server\"
\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\"=\"C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox\"
\"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\WNt500x86\\RpcSandraSrv.exe\"=\"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\WNt500x86\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service\"

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\domainprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"%ProgramFiles%\\Messenger\\msmsgs.exe\"=\"%ProgramFiles%\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger\"
\"%ProgramFiles%\\MSN Messenger\\msnmsgr.exe\"=\"%ProgramFiles%\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger\"
\"%ProgramFiles%\\AOL 9.0\\AOL.exe\"=\"%ProgramFiles%\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0\"
\"%ProgramFiles%\\AOL 9.0\\WAOL.exe\"=\"%ProgramFiles%\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0\"
\"%CommonProgramFiles%\\AOL\\ACS\\AOLACSD.exe\"=\"%CommonProgramFiles%\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)\"
\"%CommonProgramFiles%\\AOL\\ACS\\AOLDIAL.exe\"=\"%CommonProgramFiles%\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)\"
\"%WinDir%\\system32\\fxsclnt.exe\"=\"%WinDir%\\system32\\fxsclnt.exe:*:enabled:Microsoft Fax Console\"
\"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe\"=\"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner\"
\"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe\"=\"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor\"
\"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe\"=\"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server\"
\"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe\"=\"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:enabled:BlueSoleil\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{3e99e8a7-3468-11dd-9656-0011094e1888}]
shell\\AutoRun\\command - H:\\LaunchU3.exe

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{3e99e8a8-3468-11dd-9656-0011094e1888}]
shell\\verb1\\command - desktop.exe

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{52d219bd-881c-11de-978b-0011094e1888}]
shell\\AutoRun\\command - H:\\ClickMe.exe

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{8637ccbc-03e6-11dc-9472-0011094e1888}]
shell\\AutoRun\\command - H:\\groupeIBT.exe

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{cb47aeda-edcf-11dd-9700-0011094e1888}]
shell\\AutoRun\\command - PLAY.EXE \"playlist.m3u\"


======List of files/folders created in the last 1 months======

2009-11-23 16:37:12 ----D---- C:\\rsit
2009-11-22 19:07:53 ----HDC---- C:\\WINDOWS\\$NtUninstallKB969947$
2009-11-15 09:54:41 ----D---- C:\\Documents and Settings\\Gilbert\\Application Data\\Smart PC Solutions
2009-11-15 09:54:33 ----D---- C:\\Program Files\\Smart PC Solutions
2009-11-10 16:11:42 ----A---- C:\\Documents and Settings\\All Users\\Application Data\\xmlC8.tmp
2009-11-04 07:02:12 ----A---- C:\\WINDOWS\\system32\\javaws.exe
2009-11-04 07:02:12 ----A---- C:\\WINDOWS\\system32\\javaw.exe
2009-11-04 07:02:12 ----A---- C:\\WINDOWS\\system32\\java.exe
2009-10-24 09:21:42 ----D---- C:\\WINDOWS\\Performance

======List of files/folders modified in the last 1 months======

2009-11-23 17:00:26 ----D---- C:\\WINDOWS\\Prefetch
2009-11-23 17:00:20 ----D---- C:\\Program Files\\Trend Micro
2009-11-23 16:59:39 ----D---- C:\\Program Files\\Mozilla Firefox
2009-11-23 16:53:51 ----AD---- C:\\WINDOWS\\Temp
2009-11-23 16:53:29 ----D---- C:\\Program Files\\Symantec AntiVirus
2009-11-23 16:53:27 ----D---- C:\\Program Files\\SPAMfighter
2009-11-23 16:53:14 ----A---- C:\\WINDOWS\\ModemLog_Bluetooth Fax Modem.txt
2009-11-23 16:53:14 ----A---- C:\\WINDOWS\\ModemLog_Bluetooth DUN Modem.txt
2009-11-23 16:53:08 ----A---- C:\\WINDOWS\\ModemLog_Agere Systems PCI Soft Modem.txt
2009-11-23 16:31:41 ----A---- C:\\WINDOWS\\ntbtlog.txt
2009-11-23 15:41:55 ----A---- C:\\WINDOWS\\SchedLgU.Txt
2009-11-23 15:41:38 ----D---- C:\\Documents and Settings\\Gilbert\\Application Data\\Orbit
2009-11-23 15:41:03 ----D---- C:\\downloads
2009-11-23 15:38:53 ----RASH---- C:\\boot.ini
2009-11-23 15:38:53 ----A---- C:\\WINDOWS\\win.ini
2009-11-23 15:38:53 ----A---- C:\\WINDOWS\\system.ini
2009-11-23 15:38:17 ----D---- C:\\WINDOWS\\pss
2009-11-23 01:07:56 ----D---- C:\\Documents and Settings\\Gilbert\\Application Data\\vlc
2009-11-22 21:18:20 ----D---- C:\\Program Files\\Mozilla Thunderbird
2009-11-22 21:04:22 ----HD---- C:\\WINDOWS\\inf
2009-11-22 21:02:48 ----D---- C:\\WINDOWS\\system32\\CatRoot2
2009-11-22 20:40:08 ----D---- C:\\WINDOWS
2009-11-22 19:07:55 ----RSHDC---- C:\\WINDOWS\\system32\\dllcache
2009-11-22 19:07:55 ----D---- C:\\WINDOWS\\system32
2009-11-22 19:06:57 ----SHD---- C:\\WINDOWS\\Installer
2009-11-22 19:03:53 ----HD---- C:\\WINDOWS\\$hf_mig$
2009-11-19 11:29:55 ----A---- C:\\WINDOWS\\NeroDigital.ini
2009-11-15 09:59:03 ----D---- C:\\Documents and Settings\\Gilbert\\Application Data\\Real
2009-11-15 09:54:33 ----D---- C:\\Program Files
2009-11-14 19:01:40 ----A---- C:\\WINDOWS\\IE4 Error Log.txt
2009-11-14 12:46:59 ----D---- C:\\WINDOWS\\system32\\NtmsData
2009-11-14 12:46:36 ----D---- C:\\WINDOWS\\Registration
2009-11-10 16:11:44 ----A---- C:\\Documents and Settings\\All Users\\Application Data\\xml8D.tmp
2009-11-10 16:11:42 ----A---- C:\\Documents and Settings\\All Users\\Application Data\\xml59C7.tmp
2009-11-10 13:42:33 ----A---- C:\\WINDOWS\\system32\\PerfStringBackup.INI
2009-11-05 18:36:21 ----A---- C:\\WINDOWS\\system32\\MRT.exe
2009-11-04 23:22:46 ----A---- C:\\WINDOWS\\imsins.BAK
2009-11-04 07:01:41 ----D---- C:\\Program Files\\Java
2009-11-04 02:49:34 ----D---- C:\\Program Files\\Google
2009-10-30 06:46:29 ----D---- C:\\WINDOWS\\Help
2009-10-25 07:08:32 ----DC---- C:\\WINDOWS\\system32\\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \\??\\C:\\Program Files\\Fichiers communs\\Symantec Shared\\EENGINE\\eeCtrl.sys []
R1 intelppm;Pilote de processeur Intel; C:\\WINDOWS\\system32\\DRIVERS\\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\\WINDOWS\\system32\\DRIVERS\\kbdhid.sys [2008-04-14 14720]
R1 SAVRT;SAVRT; \\??\\C:\\Program Files\\Symantec AntiVirus\\savrt.sys []
R1 SYMTDI;SYMTDI; C:\\WINDOWS\\System32\\Drivers\\SYMTDI.SYS [2004-03-11 263616]
R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\\WINDOWS\\System32\\drivers\\ws2ifsl.sys [2004-08-05 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.0.0.5; C:\\WINDOWS\\system32\\DRIVERS\\AegisP.sys [2004-10-13 15939]
R2 SAVRTPEL;SAVRTPEL; \\??\\C:\\Program Files\\Symantec AntiVirus\\Savrtpel.sys []
R3 Afc;PPdus ASPI Shell; C:\\WINDOWS\\system32\\drivers\\Afc.sys [2005-02-22 11776]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\\WINDOWS\\system32\\DRIVERS\\AGRSM.sys [2006-01-25 1149888]
R3 Arp1394;Protocole client ARP 1394; C:\\WINDOWS\\system32\\DRIVERS\\arp1394.sys [2008-04-13 60800]
R3 BlueletAudio;Bluetooth Audio Service; C:\\WINDOWS\\system32\\DRIVERS\\blueletaudio.sys [2004-09-21 19712]
R3 BT;Bluetooth PAN Network Adapter; C:\\WINDOWS\\system32\\DRIVERS\\btnetdrv.sys [2004-09-21 10804]
R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\\WINDOWS\\System32\\Drivers\\btcusb.sys [2004-10-12 23896]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\\WINDOWS\\system32\\DRIVERS\\vbtenum.sys [2004-09-21 11604]
R3 Cap7134;MEDION (7134) WDM Video Capture; C:\\WINDOWS\\system32\\DRIVERS\\Cap7134.sys [2003-06-05 350752]
R3 cmudax;C-Media High Definition Audio Interface; C:\\WINDOWS\\system32\\drivers\\cmudax.sys [2004-10-01 1272000]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\\WINDOWS\\system32\\DRIVERS\\fetnd5b.sys [2004-04-15 42496]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\\WINDOWS\\system32\\DRIVERS\\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\hidusb.sys [2008-04-13 10368]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\\WINDOWS\\system32\\drivers\\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Pilote HID de souris; C:\\WINDOWS\\system32\\DRIVERS\\mouhid.sys [2004-08-05 12288]
R3 NAVENG;NAVENG; \\??\\C:\\PROGRA~1\\FICHIE~1\\SYMANT~1\\VIRUSD~1\\20091122.003\\naveng.sys []
R3 NAVEX15;NAVEX15; \\??\\C:\\PROGRA~1\\FICHIE~1\\SYMANT~1\\VIRUSD~1\\20091122.003\\navex15.sys []
R3 NIC1394;Pilote réseau 1394; C:\\WINDOWS\\system32\\DRIVERS\\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\\WINDOWS\\system32\\DRIVERS\\nv4_mini.sys [2004-09-20 2738592]
R3 pfc;Padus ASPI Shell; C:\\WINDOWS\\system32\\drivers\\pfc.sys [2003-12-05 10368]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3; C:\\WINDOWS\\system32\\DRIVERS\\PhTVTune.sys [2003-06-12 24704]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\\WINDOWS\\System32\\Drivers\\RootMdm.sys [2004-08-05 5888]
R3 RT2500USB;RT2500 USB Wireless LAN Driver; C:\\WINDOWS\\system32\\DRIVERS\\rt2500usb.sys [2004-08-13 140544]
R3 SymEvent;SymEvent; \\??\\C:\\Program Files\\Symantec\\SYMEVENT.SYS []
R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\tunmp.sys [2008-04-13 12288]
R3 UKBFLT;UKBFLT; C:\\WINDOWS\\system32\\DRIVERS\\UKBFLT.sys [2003-12-19 11672]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d\'hôte amélioré Microsoft USB 2.0; C:\\WINDOWS\\system32\\DRIVERS\\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbhub.sys [2008-04-13 59520]
R3 usbscan;Pilote de scanneur USB; C:\\WINDOWS\\system32\\DRIVERS\\usbscan.sys [2008-04-13 15104]
R3 usbstor;Pilote de stockage de masse USB; C:\\WINDOWS\\system32\\DRIVERS\\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbuhci.sys [2008-04-13 20608]
R3 VComm;Virtual Serial port driver; C:\\WINDOWS\\system32\\DRIVERS\\VComm.sys [2004-09-21 61048]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\\WINDOWS\\System32\\Drivers\\VcommMgr.sys [2004-09-22 81548]
R3 wbscr;Winbond Smartcard Reader for I/O; C:\\WINDOWS\\system32\\drivers\\wbscr.sys [2002-04-24 19928]
R3 XUIF;X10 USB Wireless Transceiver; C:\\WINDOWS\\System32\\Drivers\\x10ufx2.sys [2004-01-16 17408]
S2 Ca536av;DV 4100M(Video); C:\\WINDOWS\\System32\\Drivers\\Ca536av.sys []
S3 CardReaderFilter;Card Reader Filter; \\??\\C:\\WINDOWS\\system32\\Drivers\\USBCRFT.SYS []
S3 CCDECODE;Décodeur sous-titre fermé; C:\\WINDOWS\\system32\\DRIVERS\\CCDECODE.sys [2008-04-13 17024]
S3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\\WINDOWS\\system32\\DRIVERS\\el90xbc5.sys [2001-08-17 66591]
S3 fbxusb;Carte réseau virtuelle FreeBox USB; C:\\WINDOWS\\system32\\DRIVERS\\fbxusb32.sys [2004-10-20 21344]
S3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio; C:\\WINDOWS\\system32\\drivers\\HdAudio.sys [2004-03-17 113664]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\\WINDOWS\\system32\\drivers\\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\\WINDOWS\\system32\\DRIVERS\\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\NdisIP.sys [2008-04-13 10880]
S3 NPF;Netgroup Packet Filter; \\??\\C:\\WINDOWS\\system32\\drivers\\packet.sys []
S3 NTSIM;NTSIM; \\??\\C:\\WINDOWS\\system32\\ntsim.sys []
S3 PsSdk31;PsSdk31; \\??\\C:\\WINDOWS\\system32\\Drivers\\pssdk31.drv []
S3 PsSdkLBF;PsSdkLBF; \\??\\C:\\WINDOWS\\system32\\Drivers\\pssdklbf.drv []
S3 RivaTuner32;RivaTuner32; \\??\\C:\\Program Files\\RivaTuner v2.23\\RivaTuner32.sys []
S3 SANDRA;SANDRA; \\??\\C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\WNt500x86\\Sandra.sys []
S3 SLIP;Détrameur décalage BDA; C:\\WINDOWS\\system32\\DRIVERS\\SLIP.sys [2008-04-13 11136]
S3 StillCam;Pilote d\'appareil photo numérique série; C:\\WINDOWS\\system32\\DRIVERS\\serscan.sys [2001-08-23 6912]
S3 streamip;BDA IPSink; C:\\WINDOWS\\system32\\DRIVERS\\StreamIP.sys [2008-04-13 15232]
S3 SYMREDRV;SYMREDRV; C:\\WINDOWS\\System32\\Drivers\\SYMREDRV.SYS [2004-03-11 16288]
S3 TVICHW32;TVICHW32; \\??\\C:\\WINDOWS\\system32\\DRIVERS\\TVICHW32.SYS []
S3 usbaudio;Pilote USB audio (WDM); C:\\WINDOWS\\system32\\drivers\\usbaudio.sys [2008-04-13 60032]
S3 USBCamera;DV 4100M(Still); C:\\WINDOWS\\System32\\Drivers\\Bulk536.sys []
S3 usbprint;Classe d\'imprimantes USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbprint.sys [2008-04-13 25856]
S3 wanatw;WAN Miniport (ATW); C:\\WINDOWS\\system32\\DRIVERS\\wanatw4.sys [2003-01-10 33588]
S3 WpdUsb;WpdUsb; C:\\WINDOWS\\system32\\DRIVERS\\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\\WINDOWS\\system32\\DRIVERS\\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\\WINDOWS\\system32\\DRIVERS\\wudfrd.sys [2006-09-28 82944]
S4 INO_FLPY;INO_FLPY; C:\\WINDOWS\\system32\\Drivers\\ino_flpy.sys [2003-06-19 19712]
S4 INO_FLTR;INO_FLTR; \\??\\C:\\WINDOWS\\system32\\Drivers\\ino_fltr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Service d\'application d\'assistance IPv6; C:\\WINDOWS\\system32\\svchost.exe [2008-04-14 14336]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\\Program Files\\IVT Corporation\\BlueSoleil\\BTNtService.exe [2004-10-12 106496]
R2 Bonjour Service;Service Bonjour; C:\\Program Files\\Bonjour\\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccEvtMgr.exe [2004-03-31 255072]
R2 ccSetMgr;Symantec Settings Manager; C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccSetMgr.exe [2004-03-31 242784]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\\Program Files\\Symantec AntiVirus\\DefWatch.exe [2004-03-31 29928]
R2 JavaQuickStarterService;Java Quick Starter; C:\\Program Files\\Java\\jre6\\bin\\jqs.exe [2009-10-11 153376]
R2 NMSAccessU;NMSAccessU; C:\\Program Files\\CDBurnerXP\\NMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\\WINDOWS\\system32\\nvsvc32.exe [2004-09-20 127043]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\\WINDOWS\\system32\\IoctlSvc.exe [2006-12-19 81920]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\RpcAgentSrv.exe [2008-04-17 98488]
R2 SPAMfighter Update Service;SPAMfighter Update Service; C:\\Program Files\\SPAMfighter\\sfus.exe [2009-03-12 184968]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe [2004-03-31 1234152]
R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\\Program Files\\Windows Media Player\\WMPNetwk.exe [2006-11-03 918016]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\\WINDOWS\\system32\\svchost.exe [2008-04-14 14336]
S2 Fax;Fax; C:\\WINDOWS\\system32\\fxssvc.exe [2008-04-14 268800]
S2 gupdate1c97228ea2a95cc;Google Update Service (gupdate1c97228ea2a95cc); C:\\Program Files\\Google\\Update\\GoogleUpdate.exe [2009-01-09 133104]
S2 LogWatch;Event Log Watch; C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\LogWatNT.exe []
S3 aspnet_state;Service d\'état ASP.NET; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\aspnet_state.exe [2008-07-25 34312]
S3 CA_LIC_CLNT;Client de licence CA; C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\lic98rmt.exe []
S3 CA_LIC_SRVR;Serveur de licence CA; C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\lic98rmtd.exe []
S3 ccPwdSvc;Symantec Password Validation; C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccPwdSvc.exe [2004-03-31 87136]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\WPF\\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe [2009-03-24 183280]
S3 IDriverT;InstallDriver Table Manager; C:\\Program Files\\Fichiers communs\\InstallShield\\Driver\\1150\\Intel 32\\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE [2006-02-20 2041536]
S3 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBService.exe [2008-06-08 877864]
S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\\Program Files\\Fichiers communs\\Nero\\Nero BackItUp 4\\NBService.exe [2008-09-30 935208]
S3 NMIndexingService;NMIndexingService; C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NMIndexingService.exe [2008-06-24 537896]
S3 SavRoam;SAVRoam; C:\\Program Files\\Symantec AntiVirus\\SavRoam.exe [2004-03-31 169192]
S3 ServiceLayer;ServiceLayer; C:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe [2008-11-11 620544]
S3 SNDSrvc;Symantec Network Drivers Service; C:\\Program Files\\Fichiers communs\\Symantec Shared\\SNDSrvc.exe [2004-03-11 193760]
S3 x10nets;X10 Device Network Service; C:\\PROGRA~1\\COMMON~1\\X10\\Common\\x10nets.exe [2001-11-12 20480]
S4 InoRPC;eTrust Antivirus RPC Server; C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe []
S4 InoRT;eTrust Antivirus Realtime Server; C:\\Program Files\\CA\\eTrust Antivirus\\InoRT.exe []
S4 InoTask;eTrust Antivirus Job Server; C:\\Program Files\\CA\\eTrust Antivirus\\InoTask.exe []
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


* gil90
Anonyme
Envoyé le 23/11/2009 à 20:13

à jllg

Merci de tout ce temps passé déjà.
Je vais devoir m\'absenter dans une heure (18h30) jusque vers 22h00. Ne sois pas surpris si je ne réponds que demain matin ou ce soir (si tu le peux).

Gil90

* gil90
Anonyme
Envoyé le 23/11/2009 à 20:13

à jllg

Après dernier lancement \"réussi\", voici les rapports d\'erreurs du gestionnaire.
L\'évènement 7026 n\'apparait plus. Je comprends de moins en moins.





malwarebleach malwarebleach
2 125 contributions
Membre depuis le 12/09/2009
Envoyé le 23/11/2009 à 20:14


Salut

Il y a aussi un faux programme de sécurité de non de CA antivirus qui est installé, il faudra le désinstaller via ajout/Suppression de programme et supprimer les traces par un script de suppression via OTM. Un redémarrage de l\'ordinateur s\'impose. [;(]

Ce programme entre en conflit avec ton antivirus symantec, il est probable qu\'il soit la cause des tes désagréments.

Je préconise aussi la désinstallation de symantec.

Tu pourras installer un autre antivirus plus performant et gratuit.

Tu vas démarrer en mode normal et commencer la désinfection :

1- supprimes via ajout/suppression de programme CA antivirus.
2- supprimes en passant Ask Bar e Need2Find bar, ce sont des toolbars infectieuses, tu utiliseras ensuite un outil pour en supprimer les éventuelles traces.
3- fais un nouveau rapport RSIT en mode normal et ne postes que le rapport log.txt qui va apparaître, ceci pour te donner un script de suppression et la suite de la désinfection.

Tiens nous au courant de tout problème constaté pendant la procédure de désinfection, notamment au moment du démarrage de ton ordinateur.
Si tu ne sais pas demande, si tu sais partage !!
* gil90
Anonyme
Envoyé le 24/11/2009 à 10:52

à Malwarebleach et jllg
je ne parviens pas à désinstaller CA etrust Antivirus, sitôt lancé le programme de désinstallation apparait la fenêtre :



J\'ai lancé des recherches sur le nom complet, le nom partiel + \"*\" et le fichier uninst.isu, je ne trouve rien associé à l\'antivirus.
De plus, l\'icône dans la barre de commande (bas/droite) a disparu. Dois-je considérer que je n\'ai plus d\'antivirus ? Dans quel répertoire puis-je trouver CA eTrust Antivirus, par ailleurs présent dans le panneau \"Ajouter ou supprimer des programmes\" mais sans aucune valeur de taille.




J\'ai supprimé \"Ask Bar\" qui s\'appelait \"Ask toolbar\" et \"Need2Findbar\" mais je dois en effet redémarrer, ce que je vais faire après avoir envoyé cette réponse.

Quel antivirus (si possible efficace et gratuit) dois-je utiliser ?

Quel est l\'outil dont tu parles pour supprimer les traces éventuelles ?

Je lancerai RSIT après démarrage si le PC veut bien démarrer.
Bonne nuit si pas encore couchés
Gil90


* gil90
Anonyme
Envoyé le 24/11/2009 à 10:52

à ljlg et Malwarebleach
Lancé RSIT après un démarrage en mode normal (3ème démarrage), voici le dernier (en date) log.txt
Le gestionnaire d\'évènements affiche quant à lui toujours les même erreurs signalées en dédut de ce fil (7026 et 10005)
J\'espère qu\'il sera possible d\'en tirer quelque chose.
Bon courage

Logfile of random\'s system information tool 1.06 (written by random/random)
Run by Gilbert at 2009-11-24 01:17:49
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 58 GB (45%) free of 128 GB
Total RAM: 1535 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:17:59, on 24/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccSetMgr.exe
C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccEvtMgr.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\Google\\Update\\1.2.183.13\\GoogleCrashHandler.exe
C:\\WINDOWS\\system32\\RunDll32.exe
C:\\WINDOWS\\Dit.exe
C:\\WINDOWS\\AGRSMMSG.exe
C:\\WINDOWS\\mHotkey.exe
C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\IVT Corporation\\BlueSoleil\\BTNtService.exe
C:\\Program Files\\Bonjour\\mDNSResponder.exe
C:\\Program Files\\Symantec AntiVirus\\DefWatch.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\CDBurnerXP\\NMSAccessU.exe
C:\\WINDOWS\\system32\\nvsvc32.exe
C:\\WINDOWS\\system32\\IoctlSvc.exe
C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\RpcAgentSrv.exe
C:\\Program Files\\SPAMfighter\\sfus.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe
C:\\WINDOWS\\system32\\msfeedssync.exe
C:\\downloads\\RSIT.exe
C:\\Program Files\\trend micro\\Gilbert.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.google.fr/webhp?rls=ig
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\\Program Files\\Orbitdownloader\\orbitcth.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\\WINDOWS\\system32\\gigagetbho_v10.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Fichiers communs\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.3.4501.1418\\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\\Program Files\\PDFCreator Toolbar\\v3.3.0.1\\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\\Program Files\\Google\\Google Gears\\Internet Explorer\\0.5.33.0\\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\program files\\google\\googletoolbar1.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\\Program Files\\Orbitdownloader\\GrabPro.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\\Program Files\\PDFCreator Toolbar\\v3.3.0.1\\PDFCreator_Toolbar.dll
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [nwiz] nwiz.exe /install
O4 - HKLM\\..\\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\\..\\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\\..\\Run: [Dit] Dit.exe
O4 - HKLM\\..\\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\\..\\Run: [CHotkey] mHotkey.exe
O4 - HKLM\\..\\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\\..\\Run: [TkBellExe] \"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot
O4 - HKLM\\..\\Run: [MSConfig] C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto
O4 - HKLM\\..\\RunServices: [RegisterDropHandler] C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKUS\\S-1-5-19\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SERVICE LOCAL\')
O4 - HKUS\\S-1-5-20\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SERVICE RÉSEAU\')
O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Download All by Gigaget - C:\\Program Files\\Giganology\\Gigaget\\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\\Program Files\\Giganology\\Gigaget\\geturl.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\\WINDOWS\\system32\\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/202
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\\Program Files\\Google\\Google Gears\\Internet Explorer\\0.5.33.0\\gears.dll
O9 - Extra \'Tools\' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\\Program Files\\Google\\Google Gears\\Internet Explorer\\0.5.33.0\\gears.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O9 - Extra \'Tools\' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\\Program Files\\Dealio\\kb127\\Dealio.dll
O9 - Extra \'Tools\' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\\Program Files\\Dealio\\kb127\\Dealio.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O15 - Trusted IP range: http://194.206.164.165
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097702632093
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215425572093
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://fr.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} (Java Plug-in 1.6.0_16) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{7EC343CE-D76A-4494-9934-2B3EE78B9133}: Domain = Free.fr
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\FICHIE~1\\Skype\\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\\Program Files\\IVT Corporation\\BlueSoleil\\BTNtService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\lic98rmt.exe (file missing)
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\lic98rmtd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\\Program Files\\Symantec AntiVirus\\DefWatch.exe
O23 - Service: Google Update Service (gupdate1c97228ea2a95cc) (gupdate1c97228ea2a95cc) - Google Inc. - C:\\Program Files\\Google\\Update\\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Fichiers communs\\InstallShield\\Driver\\1150\\Intel 32\\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\LogWatNT.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\\Program Files\\Fichiers communs\\Nero\\Nero BackItUp 4\\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\\Program Files\\CDBurnerXP\\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\\WINDOWS\\system32\\IoctlSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\RpcAgentSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\\Program Files\\Symantec AntiVirus\\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\\Program Files\\Fichiers communs\\Symantec Shared\\SNDSrvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\\Program Files\\SPAMfighter\\sfus.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\\PROGRA~1\\COMMON~1\\X10\\Common\\x10nets.exe

--
End of file - 11980 bytes

======Scheduled tasks folder======

C:\\WINDOWS\\tasks\\AppleSoftwareUpdate.job
C:\\WINDOWS\\tasks\\GoogleUpdateTaskMachineCore.job
C:\\WINDOWS\\tasks\\GoogleUpdateTaskMachineUA.job
C:\\WINDOWS\\tasks\\NeroLiveEpgUpdate-GILBERT70_Gilbert.job
C:\\WINDOWS\\tasks\\User_Feed_Synchronization-{F4CBAF48-CDD9-4FA0-BEF2-D2ED1D85186A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\\Program Files\\Orbitdownloader\\orbitcth.dll [2009-10-14 179472]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{111CAA23-6F4F-42AC-8555-B48C1D87BBAB}]
GigagetIEHelper Class - C:\\WINDOWS\\system32\\gigagetbho_v10.dll [2006-01-09 86016]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\\Program Files\\Fichiers communs\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\\program files\\google\\googletoolbar1.dll [2007-11-07 2436160]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.3.4501.1418\\swg.dll [2009-10-09 762864]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\\Program Files\\PDFCreator Toolbar\\v3.3.0.1\\PDFCreator_Toolbar.dll [2008-09-26 806912]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\\Program Files\\Google\\Google Gears\\Internet Explorer\\0.5.33.0\\gears.dll [2009-10-16 2101248]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\\program files\\google\\googletoolbar1.dll [2007-11-07 2436160]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\\Program Files\\Orbitdownloader\\GrabPro.dll [2009-10-14 662720]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\\Program Files\\PDFCreator Toolbar\\v3.3.0.1\\PDFCreator_Toolbar.dll [2008-09-26 806912]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"NvCplDaemon\"=C:\\WINDOWS\\system32\\NvCpl.dll [2004-09-20 4583424]
\"nwiz\"=nwiz.exe /install []
\"Raccourci vers la page des propriétés de High Definition Audio\"=C:\\WINDOWS\\system32\\HDAudPropShortcut.exe [2004-03-17 61952]
\"Cmaudio\"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
\"Dit\"=C:\\WINDOWS\\Dit.exe [2004-07-20 90112]
\"AGRSMMSG\"=C:\\WINDOWS\\AGRSMMSG.exe [2005-03-04 88209]
\"CHotkey\"=C:\\WINDOWS\\mHotkey.exe [2004-02-24 508416]
\"ledpointer\"=C:\\WINDOWS\\CNYHKey.exe [2004-02-03 5794816]
\"TkBellExe\"=C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe [2008-12-28 185872]
\"MSConfig\"=C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe [2008-04-14 172544]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"ctfmon.exe\"=C:\\WINDOWS\\system32\\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe ARM]
C:\\Program Files\\Fichiers communs\\Adobe\\ARM\\1.0\\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe Reader Speed Launcher]
C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NMBgMonitor.exe [2008-06-24 132392]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\ccApp]
C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe [2004-03-31 66656]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\InstantAccess]
C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\INSTAN~1.EXE [1999-12-14 37376]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Microsoft Works Update Detection]
C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Works Shared\\WkUFind.exe [2002-11-14 28672]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\mmtask]
C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe [2006-01-17 53248]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSMSGS]
C:\\Program Files\\Messenger\\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NBKeyScan]
C:\\Program Files\\Nero\\Nero BackItUp 4\\NBKeyScan.exe [2008-09-24 2254120]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NeroFilterCheck]
C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NeroCheck.exe [2008-06-19 570664]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PC Suite Tray]
C:\\Program Files\\Nokia\\Nokia PC Suite 7\\PCSuite.exe -onlytray []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PCMService]
C:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe [2004-10-15 81920]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\QuickTime Task]
C:\\Program Files\\QuickTime\\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\RegisterDropHandler]
C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE [1998-12-14 23040]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SPAMfighter Agent]
C:\\Program Files\\SPAMfighter\\SFAgent.exe [2009-03-12 326792]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SpybotSD TeaTimer]
C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SunJavaUpdateSched]
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\swg]
C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe [2007-04-04 68856]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\TkBellExe]
C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe [2008-12-28 185872]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Ulead AutoDetector v2]
C:\\Program Files\\Fichiers communs\\Ulead Systems\\AutoDetector\\monitor.exe [2006-11-29 90112]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\vptray]
C:\\PROGRA~1\\SYMANT~1\\VPTray.exe [2004-03-31 124128]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\WMPNSCFG]
C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
C:\\PROGRA~1\\IVTCOR~1\\BLUESO~1\\BLUESO~1.EXE [2004-10-15 1024000]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON SMART PANEL for Scanner.lnk]
C:\\PROGRA~1\\EPSON\\EPSONS~1\\ESPmain.exe [2000-05-27 180224]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
C:\\PROGRA~1\\MICROS~4\\Office\\OSA9.EXE [1999-02-17 65588]

C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage
AutorunsDisabled

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\NavLogon]
C:\\WINDOWS\\system32\\NavLogon.dll [2004-03-31 83176]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\WgaLogon]
C:\\WINDOWS\\system32\\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\\WINDOWS\\system32\\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\network\\nm]

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\network\\nm.sys]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]
\"dontdisplaylastusername\"=0
\"legalnoticecaption\"=
\"legalnoticetext\"=
\"shutdownwithoutlogon\"=1
\"undockwithoutlogon\"=1
\"PromptOnSecureDesktop\"=0

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"NoDriveTypeAutoRun\"=145

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"HonorAutoRunSetting\"=

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"%ProgramFiles%\\Messenger\\msmsgs.exe\"=\"%ProgramFiles%\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger\"
\"%ProgramFiles%\\AOL 9.0\\AOL.exe\"=\"%ProgramFiles%\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0\"
\"%ProgramFiles%\\AOL 9.0\\WAOL.exe\"=\"%ProgramFiles%\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0\"
\"%CommonProgramFiles%\\AOL\\ACS\\AOLACSD.exe\"=\"%CommonProgramFiles%\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)\"
\"%CommonProgramFiles%\\AOL\\ACS\\AOLDIAL.exe\"=\"%CommonProgramFiles%\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)\"
\"%WinDir%\\system32\\fxsclnt.exe\"=\"%WinDir%\\system32\\fxsclnt.exe:*:enabled:Microsoft Fax Console\"
\"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe\"=\"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:enabled:BlueSoleil\"
\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\"=\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:MSN Messenger\"
\"C:\\Program Files\\Kazaa\\kazaa.exe\"=\"C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa Media Desktop\"
\"C:\\WINDOWS\\system32\\dpvsetup.exe\"=\"C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test\"
\"C:\\WINDOWS\\system32\\rundll32.exe\"=\"C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu\'application\"
\"C:\\Program Files\\Ratajik Software\\StationRipper\\StationRipperConsole.exe\"=\"C:\\Program Files\\Ratajik Software\\StationRipper\\StationRipperConsole.exe:*:Enabled:StationRipperConsole\"
\"C:\\Program Files\\CA\\eTrust Antivirus\\InoNmSrv.exe\"=\"C:\\Program Files\\CA\\eTrust Antivirus\\InoNmSrv.exe:*:Disabled:eTrust Antivirus - Admin Server\"
\"C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe\"=\"C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe:*:Disabled:eTrust Antivirus - Local Scanner\"
\"C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe\"=\"C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe:*:Disabled:eTrust Antivirus - Realtime monitor\"
\"C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe\"=\"C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe:*:Disabled:eTrust Antivirus - RPC Server\"
\"C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe\"=\"C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe:*:Enabled:Gigaget\"
\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\"=\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk\"
\"C:\\Program Files\\Fichiers communs\\AOL\\1172389140\\ee\\aolsoftware.exe\"=\"C:\\Program Files\\Fichiers communs\\AOL\\1172389140\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components\"
\"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe\"=\"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home\"
\"C:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe\"=\"C:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime\"
\"C:\\TDdownload\\incredimail_install.exe\"=\"C:\\TDdownload\\incredimail_install.exe:*:Enabled:IncrediMail Installer\"
\"C:\\Documents and Settings\\Gilbert\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe\"=\"C:\\Documents and Settings\\Gilbert\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe:*:Enabled:IncrediMail Installer\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"
\"C:\\Program Files\\eMule\\emule.exe\"=\"C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule\"
\"C:\\Program Files\\Internet Explorer\\iexplore.exe\"=\"C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer\"
\"C:\\TDdownload\\microtorrent_torrent_1.8_build_11742_anglais_18245.exe\"=\"C:\\TDdownload\\microtorrent_torrent_1.8_build_11742_anglais_18245.exe:*:Enabled:µTorrent\"
\"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\RpcAgentSrv.exe\"=\"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service\"
\"C:\\Program Files\\Skype\\Phone\\Skype.exe\"=\"C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype\"
\"C:\\Program Files\\Orbitdownloader\\orbitdm.exe\"=\"C:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit\"
\"C:\\Program Files\\Orbitdownloader\\orbitnet.exe\"=\"C:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit\"
\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe\"=\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe:*:Enabled:Render Manager\"
\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe\"=\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile\"
\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe\"=\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe:*:Enabled:umi\"
\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe\"=\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin\"
\"C:\\Program Files\\Bonjour\\mDNSResponder.exe\"=\"C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour\"
\"C:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe\"=\"C:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe:*:Enabled:MxDownloadServer\"
\"C:\\Program Files\\utorrent.exe\"=\"C:\\Program Files\\utorrent.exe:*:Enabled:µTorrent\"
\"C:\\Program Files\\Maïdo Production\\IziSpot 4\\IziSpot.exe\"=\"C:\\Program Files\\Maïdo Production\\IziSpot 4\\IziSpot.exe:*:Enabled:IziSpot\"
\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe\"=\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer\"
\"C:\\dolibarr\\bin\\apache\\apache2.2.6\\bin\\httpd.exe\"=\"C:\\dolibarr\\bin\\apache\\apache2.2.6\\bin\\httpd.exe:*:Disabled:Apache HTTP Server\"
\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\"=\"C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox\"
\"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\WNt500x86\\RpcSandraSrv.exe\"=\"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\WNt500x86\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service\"

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\domainprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"%ProgramFiles%\\Messenger\\msmsgs.exe\"=\"%ProgramFiles%\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger\"
\"%ProgramFiles%\\MSN Messenger\\msnmsgr.exe\"=\"%ProgramFiles%\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger\"
\"%ProgramFiles%\\AOL 9.0\\AOL.exe\"=\"%ProgramFiles%\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0\"
\"%ProgramFiles%\\AOL 9.0\\WAOL.exe\"=\"%ProgramFiles%\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0\"
\"%CommonProgramFiles%\\AOL\\ACS\\AOLACSD.exe\"=\"%CommonProgramFiles%\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)\"
\"%CommonProgramFiles%\\AOL\\ACS\\AOLDIAL.exe\"=\"%CommonProgramFiles%\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)\"
\"%WinDir%\\system32\\fxsclnt.exe\"=\"%WinDir%\\system32\\fxsclnt.exe:*:enabled:Microsoft Fax Console\"
\"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe\"=\"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner\"
\"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe\"=\"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor\"
\"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe\"=\"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server\"
\"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe\"=\"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:enabled:BlueSoleil\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{3e99e8a7-3468-11dd-9656-0011094e1888}]
shell\\AutoRun\\command - H:\\LaunchU3.exe

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{3e99e8a8-3468-11dd-9656-0011094e1888}]
shell\\verb1\\command - desktop.exe

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{52d219bd-881c-11de-978b-0011094e1888}]
shell\\AutoRun\\command - H:\\ClickMe.exe

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{8637ccbc-03e6-11dc-9472-0011094e1888}]
shell\\AutoRun\\command - H:\\groupeIBT.exe

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{cb47aeda-edcf-11dd-9700-0011094e1888}]
shell\\AutoRun\\command - PLAY.EXE \"playlist.m3u\"


======List of files/folders created in the last 1 months======

2009-11-24 00:03:10 ----A---- C:\\Program Files\\Uninstall Ask Toolbar.dll
2009-11-24 00:02:51 ----A---- C:\\Program Files\\Uninstall Need2Find Bar.dll
2009-11-23 16:37:12 ----D---- C:\\rsit
2009-11-22 19:07:53 ----HDC---- C:\\WINDOWS\\$NtUninstallKB969947$
2009-11-15 09:54:41 ----D---- C:\\Documents and Settings\\Gilbert\\Application Data\\Smart PC Solutions
2009-11-15 09:54:33 ----D---- C:\\Program Files\\Smart PC Solutions
2009-11-10 16:11:42 ----A---- C:\\Documents and Settings\\All Users\\Application Data\\xmlC8.tmp
2009-11-04 07:02:12 ----A---- C:\\WINDOWS\\system32\\javaws.exe
2009-11-04 07:02:12 ----A---- C:\\WINDOWS\\system32\\javaw.exe
2009-11-04 07:02:12 ----A---- C:\\WINDOWS\\system32\\java.exe

======List of files/folders modified in the last 1 months======

2009-11-24 01:17:51 ----D---- C:\\Program Files\\Trend Micro
2009-11-24 01:12:49 ----D---- C:\\WINDOWS\\Prefetch
2009-11-24 01:11:47 ----D---- C:\\Program Files\\Mozilla Firefox
2009-11-24 01:10:56 ----AD---- C:\\WINDOWS\\Temp
2009-11-24 01:10:45 ----D---- C:\\Program Files\\Symantec AntiVirus
2009-11-24 01:10:44 ----D---- C:\\Program Files\\SPAMfighter
2009-11-24 01:10:34 ----A---- C:\\WINDOWS\\ModemLog_Bluetooth Fax Modem.txt
2009-11-24 01:10:34 ----A---- C:\\WINDOWS\\ModemLog_Bluetooth DUN Modem.txt
2009-11-24 01:10:28 ----A---- C:\\WINDOWS\\ModemLog_Agere Systems PCI Soft Modem.txt
2009-11-24 01:06:56 ----A---- C:\\WINDOWS\\ntbtlog.txt
2009-11-24 01:02:43 ----D---- C:\\WINDOWS
2009-11-24 00:56:48 ----A---- C:\\WINDOWS\\SchedLgU.Txt
2009-11-24 00:22:01 ----D---- C:\\Program Files\\Mozilla Thunderbird
2009-11-24 00:12:52 ----SHD---- C:\\WINDOWS\\Installer
2009-11-24 00:12:38 ----D---- C:\\Program Files\\Google
2009-11-24 00:03:10 ----D---- C:\\Program Files
2009-11-23 15:41:38 ----D---- C:\\Documents and Settings\\Gilbert\\Application Data\\Orbit
2009-11-23 15:41:03 ----D---- C:\\downloads
2009-11-23 15:38:53 ----RASH---- C:\\boot.ini
2009-11-23 15:38:53 ----A---- C:\\WINDOWS\\win.ini
2009-11-23 15:38:53 ----A---- C:\\WINDOWS\\system.ini
2009-11-23 15:38:17 ----D---- C:\\WINDOWS\\pss
2009-11-23 01:07:56 ----D---- C:\\Documents and Settings\\Gilbert\\Application Data\\vlc
2009-11-22 21:04:22 ----HD---- C:\\WINDOWS\\inf
2009-11-22 21:02:48 ----D---- C:\\WINDOWS\\system32\\CatRoot2
2009-11-22 19:07:55 ----RSHDC---- C:\\WINDOWS\\system32\\dllcache
2009-11-22 19:07:55 ----D---- C:\\WINDOWS\\system32
2009-11-22 19:03:53 ----HD---- C:\\WINDOWS\\$hf_mig$
2009-11-19 11:29:55 ----A---- C:\\WINDOWS\\NeroDigital.ini
2009-11-15 09:59:03 ----D---- C:\\Documents and Settings\\Gilbert\\Application Data\\Real
2009-11-14 19:01:40 ----A---- C:\\WINDOWS\\IE4 Error Log.txt
2009-11-14 12:46:59 ----D---- C:\\WINDOWS\\system32\\NtmsData
2009-11-14 12:46:36 ----D---- C:\\WINDOWS\\Registration
2009-11-10 16:11:44 ----A---- C:\\Documents and Settings\\All Users\\Application Data\\xml8D.tmp
2009-11-10 16:11:42 ----A---- C:\\Documents and Settings\\All Users\\Application Data\\xml59C7.tmp
2009-11-10 13:42:33 ----A---- C:\\WINDOWS\\system32\\PerfStringBackup.INI
2009-11-05 18:36:21 ----A---- C:\\WINDOWS\\system32\\MRT.exe
2009-11-04 23:22:46 ----A---- C:\\WINDOWS\\imsins.BAK
2009-11-04 07:01:41 ----D---- C:\\Program Files\\Java
2009-10-30 06:46:29 ----D---- C:\\WINDOWS\\Help
2009-10-25 07:08:32 ----DC---- C:\\WINDOWS\\system32\\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \\??\\C:\\Program Files\\Fichiers communs\\Symantec Shared\\EENGINE\\eeCtrl.sys []
R1 intelppm;Pilote de processeur Intel; C:\\WINDOWS\\system32\\DRIVERS\\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\\WINDOWS\\system32\\DRIVERS\\kbdhid.sys [2008-04-14 14720]
R1 SAVRT;SAVRT; \\??\\C:\\Program Files\\Symantec AntiVirus\\savrt.sys []
R1 SYMTDI;SYMTDI; C:\\WINDOWS\\System32\\Drivers\\SYMTDI.SYS [2004-03-11 263616]
R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\\WINDOWS\\System32\\drivers\\ws2ifsl.sys [2004-08-05 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.0.0.5; C:\\WINDOWS\\system32\\DRIVERS\\AegisP.sys [2004-10-13 15939]
R2 SAVRTPEL;SAVRTPEL; \\??\\C:\\Program Files\\Symantec AntiVirus\\Savrtpel.sys []
R3 Afc;PPdus ASPI Shell; C:\\WINDOWS\\system32\\drivers\\Afc.sys [2005-02-22 11776]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\\WINDOWS\\system32\\DRIVERS\\AGRSM.sys [2006-01-25 1149888]
R3 Arp1394;Protocole client ARP 1394; C:\\WINDOWS\\system32\\DRIVERS\\arp1394.sys [2008-04-13 60800]
R3 BlueletAudio;Bluetooth Audio Service; C:\\WINDOWS\\system32\\DRIVERS\\blueletaudio.sys [2004-09-21 19712]
R3 BT;Bluetooth PAN Network Adapter; C:\\WINDOWS\\system32\\DRIVERS\\btnetdrv.sys [2004-09-21 10804]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\\WINDOWS\\system32\\DRIVERS\\vbtenum.sys [2004-09-21 11604]
R3 Cap7134;MEDION (7134) WDM Video Capture; C:\\WINDOWS\\system32\\DRIVERS\\Cap7134.sys [2003-06-05 350752]
R3 cmudax;C-Media High Definition Audio Interface; C:\\WINDOWS\\system32\\drivers\\cmudax.sys [2004-10-01 1272000]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\\WINDOWS\\system32\\DRIVERS\\fetnd5b.sys [2004-04-15 42496]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\\WINDOWS\\system32\\DRIVERS\\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\hidusb.sys [2008-04-13 10368]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\\WINDOWS\\system32\\drivers\\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Pilote HID de souris; C:\\WINDOWS\\system32\\DRIVERS\\mouhid.sys [2004-08-05 12288]
R3 NAVENG;NAVENG; \\??\\C:\\PROGRA~1\\FICHIE~1\\SYMANT~1\\VIRUSD~1\\20091122.003\\naveng.sys []
R3 NAVEX15;NAVEX15; \\??\\C:\\PROGRA~1\\FICHIE~1\\SYMANT~1\\VIRUSD~1\\20091122.003\\navex15.sys []
R3 NIC1394;Pilote réseau 1394; C:\\WINDOWS\\system32\\DRIVERS\\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\\WINDOWS\\system32\\DRIVERS\\nv4_mini.sys [2004-09-20 2738592]
R3 pfc;Padus ASPI Shell; C:\\WINDOWS\\system32\\drivers\\pfc.sys [2003-12-05 10368]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3; C:\\WINDOWS\\system32\\DRIVERS\\PhTVTune.sys [2003-06-12 24704]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\\WINDOWS\\System32\\Drivers\\RootMdm.sys [2004-08-05 5888]
R3 SymEvent;SymEvent; \\??\\C:\\Program Files\\Symantec\\SYMEVENT.SYS []
R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\tunmp.sys [2008-04-13 12288]
R3 UKBFLT;UKBFLT; C:\\WINDOWS\\system32\\DRIVERS\\UKBFLT.sys [2003-12-19 11672]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d\'hôte amélioré Microsoft USB 2.0; C:\\WINDOWS\\system32\\DRIVERS\\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbhub.sys [2008-04-13 59520]
R3 usbscan;Pilote de scanneur USB; C:\\WINDOWS\\system32\\DRIVERS\\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbuhci.sys [2008-04-13 20608]
R3 VComm;Virtual Serial port driver; C:\\WINDOWS\\system32\\DRIVERS\\VComm.sys [2004-09-21 61048]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\\WINDOWS\\System32\\Drivers\\VcommMgr.sys [2004-09-22 81548]
R3 wbscr;Winbond Smartcard Reader for I/O; C:\\WINDOWS\\system32\\drivers\\wbscr.sys [2002-04-24 19928]
S2 Ca536av;DV 4100M(Video); C:\\WINDOWS\\System32\\Drivers\\Ca536av.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\\WINDOWS\\System32\\Drivers\\btcusb.sys [2004-10-12 23896]
S3 CardReaderFilter;Card Reader Filter; \\??\\C:\\WINDOWS\\system32\\Drivers\\USBCRFT.SYS []
S3 CCDECODE;Décodeur sous-titre fermé; C:\\WINDOWS\\system32\\DRIVERS\\CCDECODE.sys [2008-04-13 17024]
S3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\\WINDOWS\\system32\\DRIVERS\\el90xbc5.sys [2001-08-17 66591]
S3 fbxusb;Carte réseau virtuelle FreeBox USB; C:\\WINDOWS\\system32\\DRIVERS\\fbxusb32.sys [2004-10-20 21344]
S3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio; C:\\WINDOWS\\system32\\drivers\\HdAudio.sys [2004-03-17 113664]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\\WINDOWS\\system32\\drivers\\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\\WINDOWS\\system32\\DRIVERS\\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\NdisIP.sys [2008-04-13 10880]
S3 NPF;Netgroup Packet Filter; \\??\\C:\\WINDOWS\\system32\\drivers\\packet.sys []
S3 NTSIM;NTSIM; \\??\\C:\\WINDOWS\\system32\\ntsim.sys []
S3 PsSdk31;PsSdk31; \\??\\C:\\WINDOWS\\system32\\Drivers\\pssdk31.drv []
S3 PsSdkLBF;PsSdkLBF; \\??\\C:\\WINDOWS\\system32\\Drivers\\pssdklbf.drv []
S3 RivaTuner32;RivaTuner32; \\??\\C:\\Program Files\\RivaTuner v2.23\\RivaTuner32.sys []
S3 RT2500USB;RT2500 USB Wireless LAN Driver; C:\\WINDOWS\\system32\\DRIVERS\\rt2500usb.sys [2004-08-13 140544]
S3 SANDRA;SANDRA; \\??\\C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\WNt500x86\\Sandra.sys []
S3 SLIP;Détrameur décalage BDA; C:\\WINDOWS\\system32\\DRIVERS\\SLIP.sys [2008-04-13 11136]
S3 StillCam;Pilote d\'appareil photo numérique série; C:\\WINDOWS\\system32\\DRIVERS\\serscan.sys [2001-08-23 6912]
S3 streamip;BDA IPSink; C:\\WINDOWS\\system32\\DRIVERS\\StreamIP.sys [2008-04-13 15232]
S3 SYMREDRV;SYMREDRV; C:\\WINDOWS\\System32\\Drivers\\SYMREDRV.SYS [2004-03-11 16288]
S3 TVICHW32;TVICHW32; \\??\\C:\\WINDOWS\\system32\\DRIVERS\\TVICHW32.SYS []
S3 usbaudio;Pilote USB audio (WDM); C:\\WINDOWS\\system32\\drivers\\usbaudio.sys [2008-04-13 60032]
S3 USBCamera;DV 4100M(Still); C:\\WINDOWS\\System32\\Drivers\\Bulk536.sys []
S3 usbprint;Classe d\'imprimantes USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbprint.sys [2008-04-13 25856]
S3 usbstor;Pilote de stockage de masse USB; C:\\WINDOWS\\system32\\DRIVERS\\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\\WINDOWS\\system32\\DRIVERS\\wanatw4.sys [2003-01-10 33588]
S3 WpdUsb;WpdUsb; C:\\WINDOWS\\system32\\DRIVERS\\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\\WINDOWS\\system32\\DRIVERS\\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\\WINDOWS\\system32\\DRIVERS\\wudfrd.sys [2006-09-28 82944]
S3 XUIF;X10 USB Wireless Transceiver; C:\\WINDOWS\\System32\\Drivers\\x10ufx2.sys [2004-01-16 17408]
S4 INO_FLPY;INO_FLPY; C:\\WINDOWS\\system32\\Drivers\\ino_flpy.sys [2003-06-19 19712]
S4 INO_FLTR;INO_FLTR; \\??\\C:\\WINDOWS\\system32\\Drivers\\ino_fltr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Service d\'application d\'assistance IPv6; C:\\WINDOWS\\system32\\svchost.exe [2008-04-14 14336]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\\Program Files\\IVT Corporation\\BlueSoleil\\BTNtService.exe [2004-10-12 106496]
R2 Bonjour Service;Service Bonjour; C:\\Program Files\\Bonjour\\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccEvtMgr.exe [2004-03-31 255072]
R2 ccSetMgr;Symantec Settings Manager; C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccSetMgr.exe [2004-03-31 242784]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\\Program Files\\Symantec AntiVirus\\DefWatch.exe [2004-03-31 29928]
R2 JavaQuickStarterService;Java Quick Starter; C:\\Program Files\\Java\\jre6\\bin\\jqs.exe [2009-10-11 153376]
R2 NMSAccessU;NMSAccessU; C:\\Program Files\\CDBurnerXP\\NMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\\WINDOWS\\system32\\nvsvc32.exe [2004-09-20 127043]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\\WINDOWS\\system32\\IoctlSvc.exe [2006-12-19 81920]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\RpcAgentSrv.exe [2008-04-17 98488]
R2 SPAMfighter Update Service;SPAMfighter Update Service; C:\\Program Files\\SPAMfighter\\sfus.exe [2009-03-12 184968]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe [2004-03-31 1234152]
R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\\Program Files\\Windows Media Player\\WMPNetwk.exe [2006-11-03 918016]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\\WINDOWS\\system32\\svchost.exe [2008-04-14 14336]
S2 Fax;Fax; C:\\WINDOWS\\system32\\fxssvc.exe [2008-04-14 268800]
S2 gupdate1c97228ea2a95cc;Google Update Service (gupdate1c97228ea2a95cc); C:\\Program Files\\Google\\Update\\GoogleUpdate.exe [2009-01-09 133104]
S2 LogWatch;Event Log Watch; C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\LogWatNT.exe []
S3 aspnet_state;Service d\'état ASP.NET; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\aspnet_state.exe [2008-07-25 34312]
S3 CA_LIC_CLNT;Client de licence CA; C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\lic98rmt.exe []
S3 CA_LIC_SRVR;Serveur de licence CA; C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\lic98rmtd.exe []
S3 ccPwdSvc;Symantec Password Validation; C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccPwdSvc.exe [2004-03-31 87136]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\WPF\\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe [2009-03-24 183280]
S3 IDriverT;InstallDriver Table Manager; C:\\Program Files\\Fichiers communs\\InstallShield\\Driver\\1150\\Intel 32\\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE [2006-02-20 2041536]
S3 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBService.exe [2008-06-08 877864]
S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\\Program Files\\Fichiers communs\\Nero\\Nero BackItUp 4\\NBService.exe [2008-09-30 935208]
S3 NMIndexingService;NMIndexingService; C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NMIndexingService.exe [2008-06-24 537896]
S3 SavRoam;SAVRoam; C:\\Program Files\\Symantec AntiVirus\\SavRoam.exe [2004-03-31 169192]
S3 ServiceLayer;ServiceLayer; C:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe [2008-11-11 620544]
S3 SNDSrvc;Symantec Network Drivers Service; C:\\Program Files\\Fichiers communs\\Symantec Shared\\SNDSrvc.exe [2004-03-11 193760]
S3 x10nets;X10 Device Network Service; C:\\PROGRA~1\\COMMON~1\\X10\\Common\\x10nets.exe [2001-11-12 20480]
S4 InoRPC;eTrust Antivirus RPC Server; C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe []
S4 InoRT;eTrust Antivirus Realtime Server; C:\\Program Files\\CA\\eTrust Antivirus\\InoRT.exe []
S4 InoTask;eTrust Antivirus Job Server; C:\\Program Files\\CA\\eTrust Antivirus\\InoTask.exe []
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


jllg jllg
2 741 contributions
Membre depuis le 24/04/2004
Envoyé le 24/11/2009 à 11:20


Bonjour

tu es toujours protégé par norton ,le CA antivirus est un faux antivirus (rogue)
les rapports en mode normal mettent aussi à jour une infection par support amovibles
en attendant un script de suppression de malwarebleach pour ce qui résiste tu vas faire deux choses.
d\'abord la suppresion des traces de toolbar infectieuses et ensuite la recherche d\'infection de tous tes supports usb quand nous te le demanderons


  • Télécharge ToolbarSD (de Team IDN)et enregistre le sur ton Bureau

  • Lance le programme en exécutant le fichier téléchargé.

  • Double-clique ensuite sur le raccourci de Toolbar-S&D.

  • Sélectionne la langue souhaitée en saisissant la lettre de ton choix puis valide avec la touche Entrée.

  • Choisis ensuite l\'option 1 (Recherche). Patiente jusqu\'à la fin de la recherche.

  • Poste le rapport généré dans ta prochaine réponse,tu trouveras le fichier rapport en suivant ce chemin C:\\TB.txt
* gil90
Anonyme
Envoyé le 24/11/2009 à 14:30

Salut,

Je viens de lancer le téléchargement de ToolbarSD et je reçois ce message :

Type d\'analyse : Auto-Protect Analyse
Evénement : Menace trouvée !
Menace : W32.IRCBot
Fichier : C:\\Downloads\\ToolBarSD.exe.ob!
Emplacement : C:\\Downloads
Ordinateur : GILBERT70
Utilisateur : Gilbert
Opération : Nettoyer - échec : Quarantaine - échec : Supprimer - réussite : Acces refusé
Date de détection : mardi 24 novembre 2009 12:22:15

ça se complique de jour en jour.
Que dois-je faire ?

jllg jllg
2 741 contributions
Membre depuis le 24/04/2004
Envoyé le 24/11/2009 à 15:54


toolbarSd n\'est pas infecté et n\'est pas un virus,fais moi confiance [;)]
tu peux ignorer l\'alerte ou désactiver ton antivirus le temps du téléchargement et de l\'exécution du programme.
malwarebleach malwarebleach
2 125 contributions
Membre depuis le 12/09/2009
Envoyé le 24/11/2009 à 16:14


Salut jllg,

Je reprends cette désinfection si tu veux bien. [;)]

Comme te le conseil jllg, désactive tes programmes de sécurité le temps de mettre en oeuvre toolbar S&D.

J\'attends le rapport, si tu as des difficultés, laisses tomber toolbar et postes un nouveau rapport RSIT, uniquement le log.txt
Si tu ne sais pas demande, si tu sais partage !!
* gil90
Anonyme
Envoyé le 24/11/2009 à 16:51

à jllg et malwarebleach

Pour info, je dois être hospitalisé demain. Ce serait sympa si mes pb étaient résolus d\'ici là (demain 11h00) sinon ce sera à partir de samedi.
Ceci pour ne pas être étonnés de mon silence pendant cette période.

En attendant, merci de ce que vous avez déjà fait.

malwarebleach malwarebleach
2 125 contributions
Membre depuis le 12/09/2009
Envoyé le 24/11/2009 à 17:11


Si tu réponds rapidement, la désinfection peut se terminer ce soir. (je te mets en priorité une)
Pour plus de clarté, je vais mener seul avec toi cette désinfection.

Postes le rapport de toolbar S&D si tu l\'as.

J\'espère que tu n\'as rien de grave tout de même. [8(]


Autre chose : pourrais-tu t\'enregistrer sur mémoclic, on gagnerait du temps, gardes le même pseudo.
Si tu ne sais pas demande, si tu sais partage !!
gil90 gil90
90 contributions
Membre depuis le 14/11/2009
Envoyé le 24/11/2009 à 17:15


à malwarebleach Sympa
je suis enregistré, mais je viens de me connecter, j\'avais oublié ce matin.
gil90
jllg jllg
2 741 contributions
Membre depuis le 24/04/2004
Envoyé le 24/11/2009 à 17:16


avec mes encouragements à tous les deux [;)]
malwarebleach malwarebleach
2 125 contributions
Membre depuis le 12/09/2009
Envoyé le 24/11/2009 à 17:23


merci jllg de nous supporter [:o)]

Si tu ne sais pas demande, si tu sais partage !!
malwarebleach malwarebleach
2 125 contributions
Membre depuis le 12/09/2009
Envoyé le 24/11/2009 à 17:45


Tu en es où avec toolbar S&D ?
Si tu ne sais pas demande, si tu sais partage !!
gil90 gil90
90 contributions
Membre depuis le 14/11/2009
Envoyé le 24/11/2009 à 17:46


merci jllg.
Ta maxime est précieuse \"Qui prend conseil, est prés de bien faire\"
gil90
gil90 gil90
90 contributions
Membre depuis le 14/11/2009
Envoyé le 24/11/2009 à 17:47


Mais je mesure combien celle de malwarebleach est exacte.
gil90
gil90 gil90
90 contributions
Membre depuis le 14/11/2009
Envoyé le 24/11/2009 à 18:20


J\'ignore ce qu\'il s\'est passé, j\'ai envoyé le rapport il y a 1/2 heure

-----------\\\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Gilbert ( Administrator )
BOOT : Normal boot
C:\\ (Local Disk) - NTFS - Total:125 Go (Free:56 Go)
D:\\ (Local Disk) - NTFS - Total:97 Go (Free:64 Go)
E:\\ (Local Disk) - FAT32 - Total:9 Go (Free:5 Go)
F:\\ (CD or DVD)
G:\\ (CD or DVD)

\"C:\\ToolBar SD\" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 24/11/2009|17:05 )

-----------\\\\ Recherche de Fichiers / Dossiers ...

C:\\Program Files\\AskTBar
C:\\Program Files\\AskTBar\\bar
C:\\Program Files\\AskTBar\\PopSwatr
C:\\Program Files\\AskTBar\\bar\\History
C:\\Program Files\\AskTBar\\bar\\Settings
C:\\Program Files\\AskTBar\\bar\\History\\search2
C:\\Program Files\\AskTBar\\PopSwatr\\History
C:\\Program Files\\AskTBar\\PopSwatr\\History\\allowed
C:\\Program Files\\AskTBar\\PopSwatr\\History\\notallow
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\temp
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\alerts.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\alerts_over.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\alerts_rec.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\alerts_rec_over.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\chevron-small.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\DealioSearch.html
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\deals-leftcap.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\deal_report.jpg
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\ebay_login.jpg
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\err_mainwindow.html
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\err_toolbar.html
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\global_scripts.js
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\headerbgthin.jpg
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\highlight-bg.png
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\logo.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\logo_over.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\man_toolbar.css
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\man_toolbar.html
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\man_toolbar.js
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\man_toolbarl.js
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\post-this-deal.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\post-this-deal_over.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\scripts.js
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\scroller.js
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\search-chevron.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\search-chevron_over.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\search_bg_blink.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\separator.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\settings.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\settings_over.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\yahoo-search.png
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\index.76.35
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.10.76
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.109.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.110.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.12.52
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.13.58
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.130.58
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.135.50
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.153.44
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.155.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.156.49
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.16.60
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.161.52
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.178.66
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.184.55
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.188.52
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.189.45
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.196.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.198.56
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.199.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.200.53
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.201.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.202.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.203.71
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.205.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.213.71
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.214.49
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.215.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.216.67
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.217.67
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.218.52
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.219.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.220.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.221.57
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.222.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.223.68
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.226.68
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.227.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.228.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.229.76
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.23.63
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.239.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.24.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.240.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.241.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.242.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.243.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.244.63
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.245.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.247.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.248.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.249.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.250.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.251.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.252.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.253.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.254.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.255.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.256.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.257.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.279.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.28.58
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.282.75
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.283.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.284.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.289.67
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.290.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.291.61
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.296.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.297.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.304.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.307.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.308.75
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.31.47
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.310.46
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.311.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.315.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.316.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.317.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.318.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.319.49
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.32.48
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.334.44
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.335.60
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.336.44
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.337.44
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.338.75
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.339.47
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.34.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.340.47
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.341.47
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.349.50
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.35.48
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.350.50
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.351.51
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.352.54
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.353.51
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.354.51
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.357.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.358.52
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.359.52
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.360.53
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.361.54
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.362.68
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.363.58
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.364.54
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.365.53
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.367.56
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.368.58
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.369.55
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.370.56
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.371.56
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.372.57
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.373.55
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.375.56
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.376.57
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.377.55
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.378.65
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.384.58
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.386.71
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.387.59
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.388.59
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.389.59
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.390.60
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.391.60
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.392.60
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.393.60
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.394.60
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.396.61
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.397.61
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.398.60
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.399.60
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.403.61
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.404.63
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.405.61
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.406.61
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.407.76
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.408.63
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.409.61
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.412.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.413.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.414.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.415.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.416.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.417.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.418.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.419.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.420.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.421.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.423.63
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.424.63
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.425.63
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.426.63
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.427.63
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.428.65
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.429.63
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.430.63
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.432.65
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.433.64
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.434.65
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.435.64
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.436.76
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.437.64
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.438.71
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.439.71
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.440.75
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.442.73
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.443.73
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.444.73
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.445.68
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.446.69
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.450.67
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.451.67
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.452.68
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.453.68
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.454.69
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.456.69
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.457.75
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.458.70
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.459.70
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.460.69
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.462.74
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.463.69
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.464.70
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.465.68
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.468.70
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.469.70
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.470.70
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.471.73
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.472.70
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.478.74
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.479.73
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.480.68
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.481.71
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.482.74
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.49.67
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.50.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.500.71
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.501.74
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.502.71
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.51.69
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.52.72
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.520.76
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.521.76
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.522.76
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.53.51
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.531.76
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.532.75
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.534.75
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.54.47
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.55.45
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.56.69
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.57.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.58.47
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.593.76
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.595.76
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.63.57
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.66.47
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.70.75
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.71.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\temp\\installtype.ini
C:\\Program Files\\Dealio
C:\\Program Files\\Dealio\\DealioAU.exe
C:\\Program Files\\Dealio\\kb127
C:\\Program Files\\Dealio\\SearchSettingsKit.exe
C:\\Program Files\\Dealio\\kb127\\Dealio Deskbar.exe
C:\\Program Files\\Dealio\\kb127\\Dealio.dll
C:\\Program Files\\Dealio\\kb127\\DealioRes409.dll
C:\\Program Files\\Dealio\\kb127\\res
C:\\Program Files\\Dealio\\kb127\\resDN
C:\\Program Files\\Dealio\\kb127\\rules
C:\\Program Files\\Dealio\\kb127\\temp
C:\\Program Files\\Dealio\\kb127\\res\\alerts.gif
C:\\Program Files\\Dealio\\kb127\\res\\alerts_over.gif
C:\\Program Files\\Dealio\\kb127\\res\\alerts_rec.gif
C:\\Program Files\\Dealio\\kb127\\res\\alerts_rec_over.gif
C:\\Program Files\\Dealio\\kb127\\res\\chevron-small.gif
C:\\Program Files\\Dealio\\kb127\\res\\DealioSearch.html
C:\\Program Files\\Dealio\\kb127\\res\\deals-leftcap.gif
C:\\Program Files\\Dealio\\kb127\\res\\deal_report.jpg
C:\\Program Files\\Dealio\\kb127\\res\\ebay_login.jpg
C:\\Program Files\\Dealio\\kb127\\res\\err_mainwindow.html
C:\\Program Files\\Dealio\\kb127\\res\\err_toolbar.html
C:\\Program Files\\Dealio\\kb127\\res\\global_scripts.js
C:\\Program Files\\Dealio\\kb127\\res\\headerbgthin.jpg
C:\\Program Files\\Dealio\\kb127\\res\\highlight-bg.png
C:\\Program Files\\Dealio\\kb127\\res\\logo.gif
C:\\Program Files\\Dealio\\kb127\\res\\logo_over.gif
C:\\Program Files\\Dealio\\kb127\\res\\man_toolbar.css
C:\\Program Files\\Dealio\\kb127\\res\\man_toolbar.html
C:\\Program Files\\Dealio\\kb127\\res\\man_toolbar.js
C:\\Program Files\\Dealio\\kb127\\res\\man_toolbarl.js
C:\\Program Files\\Dealio\\kb127\\res\\post-this-deal.gif
C:\\Program Files\\Dealio\\kb127\\res\\post-this-deal_over.gif
C:\\Program Files\\Dealio\\kb127\\res\\scripts.js
C:\\Program Files\\Dealio\\kb127\\res\\scroller.js
C:\\Program Files\\Dealio\\kb127\\res\\search-chevron.gif
C:\\Program Files\\Dealio\\kb127\\res\\search-chevron_over.gif
C:\\Program Files\\Dealio\\kb127\\res\\search_bg_blink.gif
C:\\Program Files\\Dealio\\kb127\\res\\separator.gif
C:\\Program Files\\Dealio\\kb127\\res\\settings.gif
C:\\Program Files\\Dealio\\kb127\\res\\settings_over.gif
C:\\Program Files\\Dealio\\kb127\\res\\yahoo-search.png
C:\\Program Files\\Dealio\\kb127\\resDN\\bottom.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\chevron_down.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\chevron_up.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\close.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\deskbar.css
C:\\Program Files\\Dealio\\kb127\\resDN\\deskbar.js
C:\\Program Files\\Dealio\\kb127\\resDN\\dispatch_helper.js
C:\\Program Files\\Dealio\\kb127\\resDN\\ebay_compatible.jpg
C:\\Program Files\\Dealio\\kb127\\resDN\\logo.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\logo_chevron_bkg.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\losing.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\lost.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\man_deskbar.html
C:\\Program Files\\Dealio\\kb127\\resDN\\menu_arrow.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\menu_check.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\no_image.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\prod_img.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\search_chevron.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\spacer.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\textfield_bkg.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\top.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\unknown.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\winning.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\won.gif
C:\\Program Files\\Dealio\\kb127\\rules\\index.76.35
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.10.76
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.109.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.110.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.12.52
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.13.58
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.130.58
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.135.50
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.153.44
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.155.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.156.49
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.16.60
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.161.52
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.178.66
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.184.55
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.188.52
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.189.45
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.196.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.198.56
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.199.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.200.53
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.201.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.202.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.203.71
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.205.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.213.71
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.214.49
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.215.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.216.67
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.217.67
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.218.52
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.219.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.220.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.221.57
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.222.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.223.68
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.226.68
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.227.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.228.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.229.76
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.23.63
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.239.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.24.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.240.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.241.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.242.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.243.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.244.63
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.245.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.247.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.248.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.249.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.250.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.251.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.252.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.253.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.254.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.255.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.256.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.257.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.279.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.28.58
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.282.75
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.283.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.284.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.289.67
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.290.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.291.61
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.296.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.297.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.304.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.307.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.308.75
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.31.47
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.310.46
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.311.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.315.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.316.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.317.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.318.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.319.49
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.32.48
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.334.44
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.335.60
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.336.44
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.337.44
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.338.75
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.339.47
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.34.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.340.47
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.341.47
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.349.50
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.35.48
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.350.50
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.351.51
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.352.54
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.353.51
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.354.51
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.357.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.358.52
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.359.52
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.360.53
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.361.54
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.362.68
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.363.58
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.364.54
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.365.53
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.367.56
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.368.58
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.369.55
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.370.56
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.371.56
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.372.57
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.373.55
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.375.56
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.376.57
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.377.55
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.378.65
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.384.58
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.386.71
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.387.59
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.388.59
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.389.59
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.390.60
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.391.60
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.392.60
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.393.60
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.394.60
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.396.61
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.397.61
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.398.60
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.399.60
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.403.61
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.404.63
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.405.61
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.406.61
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.407.76
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.408.63
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.409.61
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.412.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.413.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.414.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.415.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.416.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.417.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.418.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.419.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.420.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.421.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.423.63
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.424.63
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.425.63
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.426.63
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.427.63
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.428.65
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.429.63
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.430.63
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.432.65
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.433.64
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.434.65
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.435.64
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.436.76
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.437.64
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.438.71
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.439.71
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.440.75
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.442.73
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.443.73
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.444.73
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.445.68
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.446.69
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.450.67
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.451.67
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.452.68
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.453.68
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.454.69
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.456.69
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.457.75
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.458.70
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.459.70
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.460.69
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.462.74
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.463.69
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.464.70
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.465.68
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.468.70
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.469.70
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.470.70
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.471.73
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.472.70
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.478.74
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.479.73
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.480.68
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.481.71
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.482.74
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.49.67
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.50.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.500.71
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.501.74
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.502.71
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.51.69
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.52.72
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.520.76
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.521.76
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.522.76
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.53.51
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.531.76
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.532.75
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.534.75
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.54.47
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.55.45
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.56.69
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.57.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.58.47
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.593.76
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.595.76
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.63.57
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.66.47
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.70.75
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.71.43
C:\\DOCUME~1\\ALLUSE~1\\MENUDM~1\\PROGRA~1\\Dealio
C:\\Program Files\\Need2Find
C:\\Program Files\\Need2Find\\bar
C:\\Program Files\\Need2Find\\bar\\History
C:\\Program Files\\Need2Find\\bar\\Settings
C:\\Program Files\\Need2Find\\bar\\History\\search
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Search Settings
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Search Settings\\kb127
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Search Settings\\kb127\\res
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Search Settings\\kb127\\temp
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Search Settings\\kb127\\temp\\ws-14290.log
C:\\Program Files\\Search Settings
C:\\Program Files\\Search Settings\\kb127
C:\\Program Files\\Search Settings\\SearchSettings.exe
C:\\Program Files\\Search Settings\\kb127\\res
C:\\Program Files\\Search Settings\\kb127\\SearchSettings.dll
C:\\Program Files\\Search Settings\\kb127\\SearchSettingsRes409.dll
C:\\Program Files\\Search Settings\\kb127\\temp
C:\\WINDOWS\\iun6002.exe

-----------\\\\ Extensions

(Gilbert) - {0200c2a9-70da-4f6d-b527-f5f7d7877228} => fireuploader
(Gilbert) - {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} => imagezoom
(Gilbert) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(Gilbert) - {37fa1426-b82d-11db-8314-0800200c9a66} => wm-notifier
(Gilbert) - {3e0e7d2a-070f-4a47-b019-91fe5385ba79} => addthis
(Gilbert) - {a7c6cf7f-112c-4500-a7ea-39801a327e5f} => fireftp
(Gilbert) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(Gilbert) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus


-----------\\\\ [..\\Internet Explorer\\Main]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main]
\"Start Page\"=\"http://www.google.fr/webhp?rls=ig\"
\"Local Page\"=\"C:\\\\WINDOWS\\\\system32\\\\blank.htm\"
\"Search Page\"=\"http://www.google.com\"
\"Search Bar\"=\"http://www.google.com/ie\"
\"SearchMigratedDefaultURL\"=\"http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8\"

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main]
\"Default_Page_URL\"=\"http://go.microsoft.com/fwlink/?LinkId=69157\"
\"Default_Search_URL\"=\"http://go.microsoft.com/fwlink/?LinkId=54896\"
\"Search Page\"=\"http://go.microsoft.com/fwlink/?LinkId=54896\"
\"Local Page\"=\"C:\\\\WINDOWS\\\\system32\\\\blank.htm\"
\"Start Page\"=\"http://go.microsoft.com/fwlink/?LinkId=69157\"


--------------------\\\\ Recherche d\'autres infections


C:\\DOCUME~1\\Gilbert\\LOCALS~1\\APPLIC~1\\csigmsu.dat
C:\\DOCUME~1\\Gilbert\\LOCALS~1\\APPLIC~1\\csigmsu_nav.dat
C:\\DOCUME~1\\Gilbert\\LOCALS~1\\APPLIC~1\\csigmsu_navps.dat
==> EGDACCESS <==




1 - \"C:\\ToolBar SD\\TB_1.txt\" - 24/11/2009|17:06 - Option : [1]

-----------\\\\ Fin du rapport a 17:06:46,09

gil90
malwarebleach malwarebleach
2 125 contributions
Membre depuis le 12/09/2009
Envoyé le 24/11/2009 à 18:26


M\'ouais, pas mal tout de même, pour des traces, c\'est assez impressionnant.

Fais attention aux toolbar, elle ne servent à rien à part ralentir la navigation et l\'ordinateur en général. Lorsque tu installes un programme, il faut souvent cocher ou décocher des cases avant de cliquer sur suivant pour éviter d\'installer des toolbars, prends ton temps pour installer un programme.

A lire sur les toolbars

Fais ceci :

  • Relance Toolbar-S&D en double-cliquant sur le raccourci.

  • Tape sur \"2\" puis valide en appuyant sur \"Entrée\".

    /!\\ Ne ferme pas la fenêtre lors de la suppression /!\\

  • Un rapport sera généré, poste son contenu ici.

* NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l\'onglet \"Processus\". Clique en haut à gauche sur Fichier et choisis \"Exécuter...\"
Tape explorer puis valide.
Si tu ne sais pas demande, si tu sais partage !!
gil90 gil90
90 contributions
Membre depuis le 14/11/2009
Envoyé le 24/11/2009 à 18:46


Voici le rapport :

-----------\\\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Gilbert ( Administrator )
BOOT : Normal boot
C:\\ (Local Disk) - NTFS - Total:125 Go (Free:56 Go)
D:\\ (Local Disk) - NTFS - Total:97 Go (Free:64 Go)
E:\\ (Local Disk) - FAT32 - Total:9 Go (Free:5 Go)
F:\\ (CD or DVD)
G:\\ (CD or DVD)

\"C:\\ToolBar SD\" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 24/11/2009|18:41 )

-----------\\\\ SUPPRESSION

Supprime! - C:\\Program Files\\AskTBar\\bar
Supprime! - C:\\Program Files\\AskTBar\\PopSwatr
Supprime! - C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127
Supprime! - C:\\Program Files\\Dealio\\DealioAU.exe
Supprime! - C:\\Program Files\\Dealio\\kb127
Supprime! - C:\\Program Files\\Dealio\\SearchSettingsKit.exe
Supprime! - C:\\DOCUME~1\\ALLUSE~1\\MENUDM~1\\PROGRA~1\\Dealio
Supprime! - C:\\Program Files\\Need2Find\\bar
Supprime! - C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Search Settings\\kb127
Supprime! - C:\\Program Files\\Search Settings\\kb127
Supprime! - C:\\Program Files\\Search Settings\\SearchSettings.exe
Supprime! - C:\\WINDOWS\\iun6002.exe
Supprime! - C:\\Program Files\\AskTBar
Supprime! - C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio
Supprime! - C:\\Program Files\\Dealio
Supprime! - C:\\Program Files\\Need2Find
Supprime! - C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Search Settings
Supprime! - C:\\Program Files\\Search Settings

-----------\\\\ Recherche de Fichiers / Dossiers ...


-----------\\\\ Extensions

(Gilbert) - {0200c2a9-70da-4f6d-b527-f5f7d7877228} => fireuploader
(Gilbert) - {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} => imagezoom
(Gilbert) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(Gilbert) - {37fa1426-b82d-11db-8314-0800200c9a66} => wm-notifier
(Gilbert) - {3e0e7d2a-070f-4a47-b019-91fe5385ba79} => addthis
(Gilbert) - {a7c6cf7f-112c-4500-a7ea-39801a327e5f} => fireftp
(Gilbert) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(Gilbert) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus


-----------\\\\ [..\\Internet Explorer\\Main]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main]
\"Start Page\"=\"http://www.google.fr/webhp?rls=ig\"
\"Local Page\"=\"C:\\\\WINDOWS\\\\system32\\\\blank.htm\"
\"Search Page\"=\"http://www.google.com\"
\"Search Bar\"=\"http://www.google.com/ie\"
\"SearchMigratedDefaultURL\"=\"http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8\"

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main]
\"Default_Page_URL\"=\"http://go.microsoft.com/fwlink/?LinkId=69157\"
\"Default_Search_URL\"=\"http://go.microsoft.com/fwlink/?LinkId=54896\"
\"Search Page\"=\"http://go.microsoft.com/fwlink/?LinkId=54896\"
\"Local Page\"=\"C:\\\\WINDOWS\\\\system32\\\\blank.htm\"
\"Start Page\"=\"http://www.msn.com/\"


--------------------\\\\ Recherche d\'autres infections


C:\\DOCUME~1\\Gilbert\\LOCALS~1\\APPLIC~1\\csigmsu.dat
C:\\DOCUME~1\\Gilbert\\LOCALS~1\\APPLIC~1\\csigmsu_nav.dat
C:\\DOCUME~1\\Gilbert\\LOCALS~1\\APPLIC~1\\csigmsu_navps.dat
==> EGDACCESS <==




1 - \"C:\\ToolBar SD\\TB_1.txt\" - 24/11/2009|17:06 - Option : [1]
2 - \"C:\\ToolBar SD\\TB_2.txt\" - 24/11/2009|18:42 - Option : [2]

-----------\\\\ Fin du rapport a 18:42:19,43

gil90
malwarebleach malwarebleach
2 125 contributions
Membre depuis le 12/09/2009
Envoyé le 24/11/2009 à 18:49


C\'est bon pour les toolbars, on passe à la suite :

Tu as une infection navipromo/magic.control. Cette infection s\'infiltre sur ton ordinateur lorsque tu installes l\'un de ces programmes :

  • Funky Emoticons
  • Game Attack
  • go-astro
  • GoRecord
  • HotTVPlayer / HotTVPlayer & Paris Hilton
  • Live-Player
  • MailSkinner
  • Messenger Skinner
  • Instant Access
  • InternetGameBox
  • Official Emule (Version d\'Emule modifiée)
  • Original Solitaire
  • SuperSexPlayer
  • Speed Downloading
  • Sudoplanet
  • Webmediaplayer
  • Sur le site www.games-desktop.com (ne vas pas dessus!!)


Je te conseil donc vivement de ne pas installer l\'un de ces programmes sous peine d\'être à nouveau infecté.


  • Télécharge sur le bureau Navilog1

  • Si ton antivirus s\'affole , le désactiver

  • sous vista : Clic-droit sur le raccourci Navilog1 présent sur le bureau et choisis \"Exécuter en tant qu\'administrateur\"

  • sous XP : double-clic dessus pour le lancer

  • taper F

  • Appuyer sur une touche jusqu\'à arriver aux options

  • Choisir Recherche/Désinfection automatique ( = taper 1 )

  • un rapport : fixnavi.txt dans ==> C :

  • le copier et le coller dans la réponse
Si tu ne sais pas demande, si tu sais partage !!
gil90 gil90
90 contributions
Membre depuis le 14/11/2009
Envoyé le 24/11/2009 à 19:07


j\'ai eu peur car Navilog1 m\'a arrêté le PC et ... surprise après une petite attente il s\'est remis en marche normalement. Voici le rapport :

Fix Navipromo version 4.0.5 commencé le 24/11/2009 18:56:29,92

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\\Program Files\\navilog1

Mise à jour le 10.11.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Gilbert ( Administrator )
BOOT : Normal boot




C:\\ (Local Disk) - NTFS - Total:125 Go (Free:56 Go)
D:\\ (Local Disk) - NTFS - Total:97 Go (Free:64 Go)
E:\\ (Local Disk) - FAT32 - Total:9 Go (Free:5 Go)
F:\\ (CD or DVD)
G:\\ (CD or DVD)


Recherche executée en mode normal

Nettoyage exécuté au redémarrage de l\'ordinateur


c:\\docume~1\\gilbert\\locals~1\\applic~1\\csigmsu.dat supprimé !
c:\\docume~1\\gilbert\\locals~1\\applic~1\\csigmsu_nav.dat supprimé !
c:\\docume~1\\gilbert\\locals~1\\applic~1\\csigmsu_navps.dat supprimé !


Nettoyage contenu C:\\WINDOWS\\Temp effectué !
Nettoyage contenu C:\\Documents and Settings\\Gilbert\\locals~1\\Temp effectué !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !



*** Scan terminé 24/11/2009 19:01:06,56 ***

gil90
malwarebleach malwarebleach
2 125 contributions
Membre depuis le 12/09/2009
Envoyé le 24/11/2009 à 19:10


ok, le redémarrage est normal, j\'aurais du te prévenir.

Fais moi un nouveau rapport RSIT et ne poste que le rapport log.txt qui va apparaître.

On va passer au script de suppression pour éliminer CA antivirus.(encore un redémarrage à prévoir...)
Si tu ne sais pas demande, si tu sais partage !!
gil90 gil90
90 contributions
Membre depuis le 14/11/2009
Envoyé le 24/11/2009 à 19:12


Logfile of random\'s system information tool 1.06 (written by random/random)
Run by Gilbert at 2009-11-24 19:10:28
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 58 GB (45%) free of 128 GB
Total RAM: 1535 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:38, on 24/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccSetMgr.exe
C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccEvtMgr.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\Google\\Update\\1.2.183.13\\GoogleCrashHandler.exe
C:\\WINDOWS\\system32\\RunDll32.exe
C:\\WINDOWS\\Dit.exe
C:\\WINDOWS\\AGRSMMSG.exe
C:\\WINDOWS\\mHotkey.exe
C:\\WINDOWS\\CNYHKey.exe
C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\IVT Corporation\\BlueSoleil\\BTNtService.exe
C:\\Program Files\\Bonjour\\mDNSResponder.exe
C:\\Program Files\\Symantec AntiVirus\\DefWatch.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\CDBurnerXP\\NMSAccessU.exe
C:\\WINDOWS\\system32\\nvsvc32.exe
C:\\WINDOWS\\system32\\IoctlSvc.exe
C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\RpcAgentSrv.exe
C:\\Program Files\\SPAMfighter\\sfus.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe
C:\\WINDOWS\\system32\\msfeedssync.exe
C:\\WINDOWS\\system32\\wscntfy.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\Program Files\\Symantec AntiVirus\\VPTray.exe
C:\\downloads\\RSIT.exe
C:\\Program Files\\trend micro\\Gilbert.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.google.fr/webhp?rls=ig
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\\Program Files\\Orbitdownloader\\orbitcth.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\\WINDOWS\\system32\\gigagetbho_v10.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Fichiers communs\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.3.4501.1418\\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\\Program Files\\PDFCreator Toolbar\\v3.3.0.1\\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\\Program Files\\Google\\Google Gears\\Internet Explorer\\0.5.33.0\\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\\Program Files\\Orbitdownloader\\GrabPro.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\\Program Files\\PDFCreator Toolbar\\v3.3.0.1\\PDFCreator_Toolbar.dll
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [nwiz] nwiz.exe /install
O4 - HKLM\\..\\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\\..\\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\\..\\Run: [Dit] Dit.exe
O4 - HKLM\\..\\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\\..\\Run: [CHotkey] mHotkey.exe
O4 - HKLM\\..\\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\\..\\Run: [TkBellExe] \"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot
O4 - HKLM\\..\\Run: [MSConfig] C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto
O4 - HKLM\\..\\RunServices: [RegisterDropHandler] C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKUS\\S-1-5-19\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SERVICE LOCAL\')
O4 - HKUS\\S-1-5-20\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SERVICE RÉSEAU\')
O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Download All by Gigaget - C:\\Program Files\\Giganology\\Gigaget\\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\\Program Files\\Giganology\\Gigaget\\geturl.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\\WINDOWS\\system32\\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/202
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\\Program Files\\Google\\Google Gears\\Internet Explorer\\0.5.33.0\\gears.dll
O9 - Extra \'Tools\' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\\Program Files\\Google\\Google Gears\\Internet Explorer\\0.5.33.0\\gears.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O9 - Extra \'Tools\' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O15 - Trusted IP range: http://194.206.164.165
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097702632093
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215425572093
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://fr.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} (Java Plug-in 1.6.0_16) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{7EC343CE-D76A-4494-9934-2B3EE78B9133}: Domain = Free.fr
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\FICHIE~1\\Skype\\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\\Program Files\\IVT Corporation\\BlueSoleil\\BTNtService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\lic98rmt.exe (file missing)
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\lic98rmtd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\\Program Files\\Symantec AntiVirus\\DefWatch.exe
O23 - Service: Google Update Service (gupdate1c97228ea2a95cc) (gupdate1c97228ea2a95cc) - Google Inc. - C:\\Program Files\\Google\\Update\\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Fichiers communs\\InstallShield\\Driver\\1150\\Intel 32\\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\LogWatNT.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\\Program Files\\Fichiers communs\\Nero\\Nero BackItUp 4\\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\\Program Files\\CDBurnerXP\\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\\WINDOWS\\system32\\IoctlSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\RpcAgentSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\\Program Files\\Symantec AntiVirus\\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\\Program Files\\Fichiers communs\\Symantec Shared\\SNDSrvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\\Program Files\\SPAMfighter\\sfus.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\\PROGRA~1\\COMMON~1\\X10\\Common\\x10nets.exe

--
End of file - 11718 bytes

======Scheduled tasks folder======

C:\\WINDOWS\\tasks\\AppleSoftwareUpdate.job
C:\\WINDOWS\\tasks\\GoogleUpdateTaskMachineCore.job
C:\\WINDOWS\\tasks\\GoogleUpdateTaskMachineUA.job
C:\\WINDOWS\\tasks\\NeroLiveEpgUpdate-GILBERT70_Gilbert.job
C:\\WINDOWS\\tasks\\User_Feed_Synchronization-{F4CBAF48-CDD9-4FA0-BEF2-D2ED1D85186A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\\Program Files\\Orbitdownloader\\orbitcth.dll [2009-10-14 179472]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{111CAA23-6F4F-42AC-8555-B48C1D87BBAB}]
GigagetIEHelper Class - C:\\WINDOWS\\system32\\gigagetbho_v10.dll [2006-01-09 86016]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\\Program Files\\Fichiers communs\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\\program files\\google\\googletoolbar1.dll [2007-11-07 2436160]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.3.4501.1418\\swg.dll [2009-10-09 762864]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\\Program Files\\PDFCreator Toolbar\\v3.3.0.1\\PDFCreator_Toolbar.dll [2008-09-26 806912]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\\Program Files\\Google\\Google Gears\\Internet Explorer\\0.5.33.0\\gears.dll [2009-10-16 2101248]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\\Program Files\\Orbitdownloader\\GrabPro.dll [2009-10-14 662720]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\\Program Files\\PDFCreator Toolbar\\v3.3.0.1\\PDFCreator_Toolbar.dll [2008-09-26 806912]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"NvCplDaemon\"=C:\\WINDOWS\\system32\\NvCpl.dll [2004-09-20 4583424]
\"nwiz\"=nwiz.exe /install []
\"Raccourci vers la page des propriétés de High Definition Audio\"=C:\\WINDOWS\\system32\\HDAudPropShortcut.exe [2004-03-17 61952]
\"Cmaudio\"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
\"Dit\"=C:\\WINDOWS\\Dit.exe [2004-07-20 90112]
\"AGRSMMSG\"=C:\\WINDOWS\\AGRSMMSG.exe [2005-03-04 88209]
\"CHotkey\"=C:\\WINDOWS\\mHotkey.exe [2004-02-24 508416]
\"ledpointer\"=C:\\WINDOWS\\CNYHKey.exe [2004-02-03 5794816]
\"TkBellExe\"=C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe [2008-12-28 185872]
\"MSConfig\"=C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe [2008-04-14 172544]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"ctfmon.exe\"=C:\\WINDOWS\\system32\\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe ARM]
C:\\Program Files\\Fichiers communs\\Adobe\\ARM\\1.0\\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe Reader Speed Launcher]
C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NMBgMonitor.exe [2008-06-24 132392]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\ccApp]
C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe [2004-03-31 66656]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\InstantAccess]
C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\INSTAN~1.EXE [1999-12-14 37376]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Microsoft Works Update Detection]
C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Works Shared\\WkUFind.exe [2002-11-14 28672]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\mmtask]
C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe [2006-01-17 53248]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSMSGS]
C:\\Program Files\\Messenger\\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NBKeyScan]
C:\\Program Files\\Nero\\Nero BackItUp 4\\NBKeyScan.exe [2008-09-24 2254120]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NeroFilterCheck]
C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NeroCheck.exe [2008-06-19 570664]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PC Suite Tray]
C:\\Program Files\\Nokia\\Nokia PC Suite 7\\PCSuite.exe -onlytray []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PCMService]
C:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe [2004-10-15 81920]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\QuickTime Task]
C:\\Program Files\\QuickTime\\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\RegisterDropHandler]
C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE [1998-12-14 23040]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SPAMfighter Agent]
C:\\Program Files\\SPAMfighter\\SFAgent.exe [2009-03-12 326792]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SpybotSD TeaTimer]
C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SunJavaUpdateSched]
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\swg]
C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe [2007-04-04 68856]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\TkBellExe]
C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe [2008-12-28 185872]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Ulead AutoDetector v2]
C:\\Program Files\\Fichiers communs\\Ulead Systems\\AutoDetector\\monitor.exe [2006-11-29 90112]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\vptray]
C:\\PROGRA~1\\SYMANT~1\\VPTray.exe [2004-03-31 124128]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\WMPNSCFG]
C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
C:\\PROGRA~1\\IVTCOR~1\\BLUESO~1\\BLUESO~1.EXE [2004-10-15 1024000]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON SMART PANEL for Scanner.lnk]
C:\\PROGRA~1\\EPSON\\EPSONS~1\\ESPmain.exe [2000-05-27 180224]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
C:\\PROGRA~1\\MICROS~4\\Office\\OSA9.EXE [1999-02-17 65588]

C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage
AutorunsDisabled

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\NavLogon]
C:\\WINDOWS\\system32\\NavLogon.dll [2004-03-31 83176]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\WgaLogon]
C:\\WINDOWS\\system32\\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\\WINDOWS\\system32\\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\network\\nm]

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\network\\nm.sys]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]
\"dontdisplaylastusername\"=0
\"legalnoticecaption\"=
\"legalnoticetext\"=
\"shutdownwithoutlogon\"=1
\"undockwithoutlogon\"=1
\"PromptOnSecureDesktop\"=0

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"NoDriveTypeAutoRun\"=145

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"HonorAutoRunSetting\"=

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"%ProgramFiles%\\Messenger\\msmsgs.exe\"=\"%ProgramFiles%\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger\"
\"%ProgramFiles%\\AOL 9.0\\AOL.exe\"=\"%ProgramFiles%\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0\"
\"%ProgramFiles%\\AOL 9.0\\WAOL.exe\"=\"%ProgramFiles%\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0\"
\"%CommonProgramFiles%\\AOL\\ACS\\AOLACSD.exe\"=\"%CommonProgramFiles%\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)\"
\"%CommonProgramFiles%\\AOL\\ACS\\AOLDIAL.exe\"=\"%CommonProgramFiles%\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)\"
\"%WinDir%\\system32\\fxsclnt.exe\"=\"%WinDir%\\system32\\fxsclnt.exe:*:enabled:Microsoft Fax Console\"
\"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe\"=\"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:enabled:BlueSoleil\"
\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\"=\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:MSN Messenger\"
\"C:\\Program Files\\Kazaa\\kazaa.exe\"=\"C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa Media Desktop\"
\"C:\\WINDOWS\\system32\\dpvsetup.exe\"=\"C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test\"
\"C:\\WINDOWS\\system32\\rundll32.exe\"=\"C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu\'application\"
\"C:\\Program Files\\Ratajik Software\\StationRipper\\StationRipperConsole.exe\"=\"C:\\Program Files\\Ratajik Software\\StationRipper\\StationRipperConsole.exe:*:Enabled:StationRipperConsole\"
\"C:\\Program Files\\CA\\eTrust Antivirus\\InoNmSrv.exe\"=\"C:\\Program Files\\CA\\eTrust Antivirus\\InoNmSrv.exe:*:Disabled:eTrust Antivirus - Admin Server\"
\"C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe\"=\"C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe:*:Disabled:eTrust Antivirus - Local Scanner\"
\"C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe\"=\"C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe:*:Disabled:eTrust Antivirus - Realtime monitor\"
\"C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe\"=\"C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe:*:Disabled:eTrust Antivirus - RPC Server\"
\"C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe\"=\"C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe:*:Enabled:Gigaget\"
\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\"=\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk\"
\"C:\\Program Files\\Fichiers communs\\AOL\\1172389140\\ee\\aolsoftware.exe\"=\"C:\\Program Files\\Fichiers communs\\AOL\\1172389140\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components\"
\"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe\"=\"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home\"
\"C:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe\"=\"C:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime\"
\"C:\\TDdownload\\incredimail_install.exe\"=\"C:\\TDdownload\\incredimail_install.exe:*:Enabled:IncrediMail Installer\"
\"C:\\Documents and Settings\\Gilbert\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe\"=\"C:\\Documents and Settings\\Gilbert\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe:*:Enabled:IncrediMail Installer\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"
\"C:\\Program Files\\eMule\\emule.exe\"=\"C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule\"
\"C:\\Program Files\\Internet Explorer\\iexplore.exe\"=\"C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer\"
\"C:\\TDdownload\\microtorrent_torrent_1.8_build_11742_anglais_18245.exe\"=\"C:\\TDdownload\\microtorrent_torrent_1.8_build_11742_anglais_18245.exe:*:Enabled:µTorrent\"
\"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\RpcAgentSrv.exe\"=\"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service\"
\"C:\\Program Files\\Skype\\Phone\\Skype.exe\"=\"C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype\"
\"C:\\Program Files\\Orbitdownloader\\orbitdm.exe\"=\"C:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit\"
\"C:\\Program Files\\Orbitdownloader\\orbitnet.exe\"=\"C:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit\"
\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe\"=\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe:*:Enabled:Render Manager\"
\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe\"=\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile\"
\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe\"=\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe:*:Enabled:umi\"
\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe\"=\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin\"
\"C:\\Program Files\\Bonjour\\mDNSResponder.exe\"=\"C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour\"
\"C:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe\"=\"C:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe:*:Enabled:MxDownloadServer\"
\"C:\\Program Files\\utorrent.exe\"=\"C:\\Program Files\\utorrent.exe:*:Enabled:µTorrent\"
\"C:\\Program Files\\Maïdo Production\\IziSpot 4\\IziSpot.exe\"=\"C:\\Program Files\\Maïdo Production\\IziSpot 4\\IziSpot.exe:*:Enabled:IziSpot\"
\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe\"=\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer\"
\"C:\\dolibarr\\bin\\apache\\apache2.2.6\\bin\\httpd.exe\"=\"C:\\dolibarr\\bin\\apache\\apache2.2.6\\bin\\httpd.exe:*:Disabled:Apache HTTP Server\"
\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\"=\"C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox\"
\"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\WNt500x86\\RpcSandraSrv.exe\"=\"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\WNt500x86\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service\"

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\domainprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"%ProgramFiles%\\Messenger\\msmsgs.exe\"=\"%ProgramFiles%\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger\"
\"%ProgramFiles%\\MSN Messenger\\msnmsgr.exe\"=\"%ProgramFiles%\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger\"
\"%ProgramFiles%\\AOL 9.0\\AOL.exe\"=\"%ProgramFiles%\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0\"
\"%ProgramFiles%\\AOL 9.0\\WAOL.exe\"=\"%ProgramFiles%\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0\"
\"%CommonProgramFiles%\\AOL\\ACS\\AOLACSD.exe\"=\"%CommonProgramFiles%\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)\"
\"%CommonProgramFiles%\\AOL\\ACS\\AOLDIAL.exe\"=\"%CommonProgramFiles%\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)\"
\"%WinDir%\\system32\\fxsclnt.exe\"=\"%WinDir%\\system32\\fxsclnt.exe:*:enabled:Microsoft Fax Console\"
\"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe\"=\"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner\"
\"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe\"=\"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor\"
\"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe\"=\"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server\"
\"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe\"=\"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:enabled:BlueSoleil\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{3e99e8a7-3468-11dd-9656-0011094e1888}]
shell\\AutoRun\\command - H:\\LaunchU3.exe

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{3e99e8a8-3468-11dd-9656-0011094e1888}]
shell\\verb1\\command - desktop.exe

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{52d219bd-881c-11de-978b-0011094e1888}]
shell\\AutoRun\\command - H:\\ClickMe.exe

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{8637ccbc-03e6-11dc-9472-0011094e1888}]
shell\\AutoRun\\command - H:\\groupeIBT.exe

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{cb47aeda-edcf-11dd-9700-0011094e1888}]
shell\\AutoRun\\command - PLAY.EXE \"playlist.m3u\"


======List of files/folders created in the last 1 months======

2009-11-24 18:56:29 ----A---- C:\\cleannavi.txt
2009-11-24 18:54:42 ----D---- C:\\Program Files\\Navilog1
2009-11-24 17:05:43 ----A---- C:\\TB.txt
2009-11-24 17:05:17 ----D---- C:\\ToolBar SD
2009-11-23 16:37:12 ----D---- C:\\rsit
2009-11-22 19:07:53 ----HDC---- C:\\WINDOWS\\$NtUninstallKB969947$
2009-11-15 09:54:41 ----D---- C:\\Documents and Settings\\Gilbert\\Application Data\\Smart PC Solutions
2009-11-15 09:54:33 ----D---- C:\\Program Files\\Smart PC Solutions
2009-11-10 16:11:42 ----A---- C:\\Documents and Settings\\All Users\\Application Data\\xmlC8.tmp
2009-11-04 07:02:12 ----A---- C:\\WINDOWS\\system32\\javaws.exe
2009-11-04 07:02:12 ----A---- C:\\WINDOWS\\system32\\javaw.exe
2009-11-04 07:02:12 ----A---- C:\\WINDOWS\\system32\\java.exe

======List of files/folders modified in the last 1 months======

2009-11-24 19:10:30 ----D---- C:\\Program Files\\Trend Micro
2009-11-24 19:07:49 ----D---- C:\\WINDOWS\\Prefetch
2009-11-24 19:07:39 ----D---- C:\\Program Files\\Symantec AntiVirus
2009-11-24 19:02:54 ----AD---- C:\\WINDOWS\\Temp
2009-11-24 19:02:50 ----D---- C:\\Program Files\\Mozilla Firefox
2009-11-24 19:02:33 ----D---- C:\\Program Files\\SPAMfighter
2009-11-24 19:02:22 ----A---- C:\\WINDOWS\\ModemLog_Bluetooth DUN Modem.txt
2009-11-24 19:02:21 ----A---- C:\\WINDOWS\\ModemLog_Bluetooth Fax Modem.txt
2009-11-24 19:02:16 ----A---- C:\\WINDOWS\\ModemLog_Agere Systems PCI Soft Modem.txt
2009-11-24 19:01:46 ----D---- C:\\downloads
2009-11-24 19:00:13 ----D---- C:\\Program Files
2009-11-24 18:58:59 ----A---- C:\\WINDOWS\\SchedLgU.Txt
2009-11-24 18:58:44 ----D---- C:\\Documents and Settings\\Gilbert\\Application Data\\Orbit
2009-11-24 18:41:18 ----D---- C:\\WINDOWS
2009-11-24 16:31:28 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Spybot - Search & Destroy
2009-11-24 16:21:06 ----D---- C:\\WINDOWS\\system32\\NtmsData
2009-11-24 08:06:15 ----D---- C:\\Program Files\\Mozilla Thunderbird
2009-11-24 01:06:56 ----A---- C:\\WINDOWS\\ntbtlog.txt
2009-11-24 00:12:52 ----SHD---- C:\\WINDOWS\\Installer
2009-11-24 00:12:38 ----D---- C:\\Program Files\\Google
2009-11-23 15:38:53 ----RASH---- C:\\boot.ini
2009-11-23 15:38:53 ----A---- C:\\WINDOWS\\win.ini
2009-11-23 15:38:53 ----A---- C:\\WINDOWS\\system.ini
2009-11-23 15:38:17 ----D---- C:\\WINDOWS\\pss
2009-11-23 01:07:56 ----D---- C:\\Documents and Settings\\Gilbert\\Application Data\\vlc
2009-11-22 21:04:22 ----HD---- C:\\WINDOWS\\inf
2009-11-22 21:02:48 ----D---- C:\\WINDOWS\\system32\\CatRoot2
2009-11-22 19:07:55 ----RSHDC---- C:\\WINDOWS\\system32\\dllcache
2009-11-22 19:07:55 ----D---- C:\\WINDOWS\\system32
2009-11-22 19:03:53 ----HD---- C:\\WINDOWS\\$hf_mig$
2009-11-19 11:29:55 ----A---- C:\\WINDOWS\\NeroDigital.ini
2009-11-15 09:59:03 ----D---- C:\\Documents and Settings\\Gilbert\\Application Data\\Real
2009-11-14 19:01:40 ----A---- C:\\WINDOWS\\IE4 Error Log.txt
2009-11-14 12:46:36 ----D---- C:\\WINDOWS\\Registration
2009-11-10 16:11:44 ----A---- C:\\Documents and Settings\\All Users\\Application Data\\xml8D.tmp
2009-11-10 16:11:42 ----A---- C:\\Documents and Settings\\All Users\\Application Data\\xml59C7.tmp
2009-11-10 13:42:33 ----A---- C:\\WINDOWS\\system32\\PerfStringBackup.INI
2009-11-05 18:36:21 ----A---- C:\\WINDOWS\\system32\\MRT.exe
2009-11-04 23:22:46 ----A---- C:\\WINDOWS\\imsins.BAK
2009-11-04 07:01:41 ----D---- C:\\Program Files\\Java
2009-10-30 06:46:29 ----D---- C:\\WINDOWS\\Help
2009-10-25 07:08:32 ----DC---- C:\\WINDOWS\\system32\\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \\??\\C:\\Program Files\\Fichiers communs\\Symantec Shared\\EENGINE\\eeCtrl.sys []
R1 intelppm;Pilote de processeur Intel; C:\\WINDOWS\\system32\\DRIVERS\\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\\WINDOWS\\system32\\DRIVERS\\kbdhid.sys [2008-04-14 14720]
R1 SAVRT;SAVRT; \\??\\C:\\Program Files\\Symantec AntiVirus\\savrt.sys []
R1 SYMTDI;SYMTDI; C:\\WINDOWS\\System32\\Drivers\\SYMTDI.SYS [2004-03-11 263616]
R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\\WINDOWS\\System32\\drivers\\ws2ifsl.sys [2004-08-05 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.0.0.5; C:\\WINDOWS\\system32\\DRIVERS\\AegisP.sys [2004-10-13 15939]
R2 SAVRTPEL;SAVRTPEL; \\??\\C:\\Program Files\\Symantec AntiVirus\\Savrtpel.sys []
R3 Afc;PPdus ASPI Shell; C:\\WINDOWS\\system32\\drivers\\Afc.sys [2005-02-22 11776]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\\WINDOWS\\system32\\DRIVERS\\AGRSM.sys [2006-01-25 1149888]
R3 Arp1394;Protocole client ARP 1394; C:\\WINDOWS\\system32\\DRIVERS\\arp1394.sys [2008-04-13 60800]
R3 BlueletAudio;Bluetooth Audio Service; C:\\WINDOWS\\system32\\DRIVERS\\blueletaudio.sys [2004-09-21 19712]
R3 BT;Bluetooth PAN Network Adapter; C:\\WINDOWS\\system32\\DRIVERS\\btnetdrv.sys [2004-09-21 10804]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\\WINDOWS\\system32\\DRIVERS\\vbtenum.sys [2004-09-21 11604]
R3 Cap7134;MEDION (7134) WDM Video Capture; C:\\WINDOWS\\system32\\DRIVERS\\Cap7134.sys [2003-06-05 350752]
R3 cmudax;C-Media High Definition Audio Interface; C:\\WINDOWS\\system32\\drivers\\cmudax.sys [2004-10-01 1272000]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\\WINDOWS\\system32\\DRIVERS\\fetnd5b.sys [2004-04-15 42496]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\\WINDOWS\\system32\\DRIVERS\\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\hidusb.sys [2008-04-13 10368]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\\WINDOWS\\system32\\drivers\\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Pilote HID de souris; C:\\WINDOWS\\system32\\DRIVERS\\mouhid.sys [2004-08-05 12288]
R3 NAVENG;NAVENG; \\??\\C:\\PROGRA~1\\FICHIE~1\\SYMANT~1\\VIRUSD~1\\20091123.005\\naveng.sys []
R3 NAVEX15;NAVEX15; \\??\\C:\\PROGRA~1\\FICHIE~1\\SYMANT~1\\VIRUSD~1\\20091123.005\\navex15.sys []
R3 NIC1394;Pilote réseau 1394; C:\\WINDOWS\\system32\\DRIVERS\\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\\WINDOWS\\system32\\DRIVERS\\nv4_mini.sys [2004-09-20 2738592]
R3 pfc;Padus ASPI Shell; C:\\WINDOWS\\system32\\drivers\\pfc.sys [2003-12-05 10368]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3; C:\\WINDOWS\\system32\\DRIVERS\\PhTVTune.sys [2003-06-12 24704]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\\WINDOWS\\System32\\Drivers\\RootMdm.sys [2004-08-05 5888]
R3 SymEvent;SymEvent; \\??\\C:\\Program Files\\Symantec\\SYMEVENT.SYS []
R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\tunmp.sys [2008-04-13 12288]
R3 UKBFLT;UKBFLT; C:\\WINDOWS\\system32\\DRIVERS\\UKBFLT.sys [2003-12-19 11672]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d\'hôte amélioré Microsoft USB 2.0; C:\\WINDOWS\\system32\\DRIVERS\\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbhub.sys [2008-04-13 59520]
R3 usbscan;Pilote de scanneur USB; C:\\WINDOWS\\system32\\DRIVERS\\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbuhci.sys [2008-04-13 20608]
R3 VComm;Virtual Serial port driver; C:\\WINDOWS\\system32\\DRIVERS\\VComm.sys [2004-09-21 61048]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\\WINDOWS\\System32\\Drivers\\VcommMgr.sys [2004-09-22 81548]
R3 wbscr;Winbond Smartcard Reader for I/O; C:\\WINDOWS\\system32\\drivers\\wbscr.sys [2002-04-24 19928]
S2 Ca536av;DV 4100M(Video); C:\\WINDOWS\\System32\\Drivers\\Ca536av.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\\WINDOWS\\System32\\Drivers\\btcusb.sys [2004-10-12 23896]
S3 CardReaderFilter;Card Reader Filter; \\??\\C:\\WINDOWS\\system32\\Drivers\\USBCRFT.SYS []
S3 CCDECODE;Décodeur sous-titre fermé; C:\\WINDOWS\\system32\\DRIVERS\\CCDECODE.sys [2008-04-13 17024]
S3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\\WINDOWS\\system32\\DRIVERS\\el90xbc5.sys [2001-08-17 66591]
S3 fbxusb;Carte réseau virtuelle FreeBox USB; C:\\WINDOWS\\system32\\DRIVERS\\fbxusb32.sys [2004-10-20 21344]
S3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio; C:\\WINDOWS\\system32\\drivers\\HdAudio.sys [2004-03-17 113664]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\\WINDOWS\\system32\\drivers\\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\\WINDOWS\\system32\\DRIVERS\\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\NdisIP.sys [2008-04-13 10880]
S3 NPF;Netgroup Packet Filter; \\??\\C:\\WINDOWS\\system32\\drivers\\packet.sys []
S3 NTSIM;NTSIM; \\??\\C:\\WINDOWS\\system32\\ntsim.sys []
S3 PsSdk31;PsSdk31; \\??\\C:\\WINDOWS\\system32\\Drivers\\pssdk31.drv []
S3 PsSdkLBF;PsSdkLBF; \\??\\C:\\WINDOWS\\system32\\Drivers\\pssdklbf.drv []
S3 RivaTuner32;RivaTuner32; \\??\\C:\\Program Files\\RivaTuner v2.23\\RivaTuner32.sys []
S3 RT2500USB;RT2500 USB Wireless LAN Driver; C:\\WINDOWS\\system32\\DRIVERS\\rt2500usb.sys [2004-08-13 140544]
S3 SANDRA;SANDRA; \\??\\C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\WNt500x86\\Sandra.sys []
S3 SLIP;Détrameur décalage BDA; C:\\WINDOWS\\system32\\DRIVERS\\SLIP.sys [2008-04-13 11136]
S3 StillCam;Pilote d\'appareil photo numérique série; C:\\WINDOWS\\system32\\DRIVERS\\serscan.sys [2001-08-23 6912]
S3 streamip;BDA IPSink; C:\\WINDOWS\\system32\\DRIVERS\\StreamIP.sys [2008-04-13 15232]
S3 SYMREDRV;SYMREDRV; C:\\WINDOWS\\System32\\Drivers\\SYMREDRV.SYS [2004-03-11 16288]
S3 TVICHW32;TVICHW32; \\??\\C:\\WINDOWS\\system32\\DRIVERS\\TVICHW32.SYS []
S3 usbaudio;Pilote USB audio (WDM); C:\\WINDOWS\\system32\\drivers\\usbaudio.sys [2008-04-13 60032]
S3 USBCamera;DV 4100M(Still); C:\\WINDOWS\\System32\\Drivers\\Bulk536.sys []
S3 usbprint;Classe d\'imprimantes USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbprint.sys [2008-04-13 25856]
S3 usbstor;Pilote de stockage de masse USB; C:\\WINDOWS\\system32\\DRIVERS\\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\\WINDOWS\\system32\\DRIVERS\\wanatw4.sys [2003-01-10 33588]
S3 WpdUsb;WpdUsb; C:\\WINDOWS\\system32\\DRIVERS\\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\\WINDOWS\\system32\\DRIVERS\\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\\WINDOWS\\system32\\DRIVERS\\wudfrd.sys [2006-09-28 82944]
S3 XUIF;X10 USB Wireless Transceiver; C:\\WINDOWS\\System32\\Drivers\\x10ufx2.sys [2004-01-16 17408]
S4 INO_FLPY;INO_FLPY; C:\\WINDOWS\\system32\\Drivers\\ino_flpy.sys [2003-06-19 19712]
S4 INO_FLTR;INO_FLTR; \\??\\C:\\WINDOWS\\system32\\Drivers\\ino_fltr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Service d\'application d\'assistance IPv6; C:\\WINDOWS\\system32\\svchost.exe [2008-04-14 14336]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\\Program Files\\IVT Corporation\\BlueSoleil\\BTNtService.exe [2004-10-12 106496]
R2 Bonjour Service;Service Bonjour; C:\\Program Files\\Bonjour\\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccEvtMgr.exe [2004-03-31 255072]
R2 ccSetMgr;Symantec Settings Manager; C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccSetMgr.exe [2004-03-31 242784]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\\Program Files\\Symantec AntiVirus\\DefWatch.exe [2004-03-31 29928]
R2 JavaQuickStarterService;Java Quick Starter; C:\\Program Files\\Java\\jre6\\bin\\jqs.exe [2009-10-11 153376]
R2 NMSAccessU;NMSAccessU; C:\\Program Files\\CDBurnerXP\\NMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\\WINDOWS\\system32\\nvsvc32.exe [2004-09-20 127043]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\\WINDOWS\\system32\\IoctlSvc.exe [2006-12-19 81920]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\RpcAgentSrv.exe [2008-04-17 98488]
R2 SPAMfighter Update Service;SPAMfighter Update Service; C:\\Program Files\\SPAMfighter\\sfus.exe [2009-03-12 184968]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe [2004-03-31 1234152]
R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\\Program Files\\Windows Media Player\\WMPNetwk.exe [2006-11-03 918016]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\\WINDOWS\\system32\\svchost.exe [2008-04-14 14336]
S2 Fax;Fax; C:\\WINDOWS\\system32\\fxssvc.exe [2008-04-14 268800]
S2 gupdate1c97228ea2a95cc;Google Update Service (gupdate1c97228ea2a95cc); C:\\Program Files\\Google\\Update\\GoogleUpdate.exe [2009-01-09 133104]
S2 LogWatch;Event Log Watch; C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\LogWatNT.exe []
S3 aspnet_state;Service d\'état ASP.NET; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\aspnet_state.exe [2008-07-25 34312]
S3 CA_LIC_CLNT;Client de licence CA; C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\lic98rmt.exe []
S3 CA_LIC_SRVR;Serveur de licence CA; C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\lic98rmtd.exe []
S3 ccPwdSvc;Symantec Password Validation; C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccPwdSvc.exe [2004-03-31 87136]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\WPF\\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe [2009-03-24 183280]
S3 IDriverT;InstallDriver Table Manager; C:\\Program Files\\Fichiers communs\\InstallShield\\Driver\\1150\\Intel 32\\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE [2006-02-20 2041536]
S3 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBService.exe [2008-06-08 877864]
S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\\Program Files\\Fichiers communs\\Nero\\Nero BackItUp 4\\NBService.exe [2008-09-30 935208]
S3 NMIndexingService;NMIndexingService; C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NMIndexingService.exe [2008-06-24 537896]
S3 SavRoam;SAVRoam; C:\\Program Files\\Symantec AntiVirus\\SavRoam.exe [2004-03-31 169192]
S3 ServiceLayer;ServiceLayer; C:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe [2008-11-11 620544]
S3 SNDSrvc;Symantec Network Drivers Service; C:\\Program Files\\Fichiers communs\\Symantec Shared\\SNDSrvc.exe [2004-03-11 193760]
S3 x10nets;X10 Device Network Service; C:\\PROGRA~1\\COMMON~1\\X10\\Common\\x10nets.exe [2001-11-12 20480]
S4 InoRPC;eTrust Antivirus RPC Server; C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe []
S4 InoRT;eTrust Antivirus Realtime Server; C:\\Program Files\\CA\\eTrust Antivirus\\InoRT.exe []
S4 InoTask;eTrust Antivirus Job Server; C:\\Program Files\\CA\\eTrust Antivirus\\InoTask.exe []
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
gil90
malwarebleach malwarebleach
2 125 contributions
Membre depuis le 12/09/2009
Envoyé le 24/11/2009 à 19:19


J\'avais préparé le script de suppression en avance, il devrait passer, suis ces recommandations à la lettre :

(!) il faut impérativement redémarrer le pc une fois le script exécuté. (!)


  • Télécharge OTM (OtmoveIT de Old_Timer) sur ton Bureau

  • Double-clique sur OTM.exe pour le lancer.

  • Assure toi que la case Unregister Dll\'s and Ocx\'s soit bien cochée.

  • Copie la liste qui se trouve dans la citation ci-dessous et colle-la dans le cadre de gauche de OTM sous Paste List of Files/Folders to move.




:Reg
[-HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\AutorunsDisabled]
[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]
\"C:\\Program Files\\CA\\eTrust Antivirus\\InoNmSrv.exe\"=-
[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]
\"C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe\"=-
[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]
\"C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe\"=-
[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]
\"C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe\"=-


:files
C:\\Program Files\\CA

:Services
CA_LIC_CLNT
CA_LIC_SRVR
InoRPC
InoRT
InoTask

:commands
[emptytemp]
[start explorer]
[reboot]






  • clique sur MoveIt! pour lancer la suppression.

  • Le résultat apparaitra dans le cadre \"Results\".

  • Clique sur Exit pour fermer.

  • Poste le rapport situé dans C:\\_OTM\\MovedFiles.

  • Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c\'est le cas accepte par Yes.

ensuite redémarre le pc et fais un nouveau rapport RSIT (log.txt) stp

Si tu ne sais pas demande, si tu sais partage !!
* Gil90
Anonyme
Envoyé le 24/11/2009 à 19:31

Quel malheur d\'être aussi bête !

Voici enfin le rapport :


-----------\\\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Gilbert ( Administrator )
BOOT : Normal boot
C:\\ (Local Disk) - NTFS - Total:125 Go (Free:56 Go)
D:\\ (Local Disk) - NTFS - Total:97 Go (Free:64 Go)
E:\\ (Local Disk) - FAT32 - Total:9 Go (Free:5 Go)
F:\\ (CD or DVD)
G:\\ (CD or DVD)

\"C:\\ToolBar SD\" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 24/11/2009|17:05 )

-----------\\\\ Recherche de Fichiers / Dossiers ...

C:\\Program Files\\AskTBar
C:\\Program Files\\AskTBar\\bar
C:\\Program Files\\AskTBar\\PopSwatr
C:\\Program Files\\AskTBar\\bar\\History
C:\\Program Files\\AskTBar\\bar\\Settings
C:\\Program Files\\AskTBar\\bar\\History\\search2
C:\\Program Files\\AskTBar\\PopSwatr\\History
C:\\Program Files\\AskTBar\\PopSwatr\\History\\allowed
C:\\Program Files\\AskTBar\\PopSwatr\\History\\notallow
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\temp
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\alerts.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\alerts_over.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\alerts_rec.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\alerts_rec_over.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\chevron-small.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\DealioSearch.html
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\deals-leftcap.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\deal_report.jpg
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\ebay_login.jpg
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\err_mainwindow.html
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\err_toolbar.html
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\global_scripts.js
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\headerbgthin.jpg
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\highlight-bg.png
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\logo.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\logo_over.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\man_toolbar.css
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\man_toolbar.html
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\man_toolbar.js
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\man_toolbarl.js
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\post-this-deal.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\post-this-deal_over.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\scripts.js
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\scroller.js
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\search-chevron.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\search-chevron_over.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\search_bg_blink.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\separator.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\settings.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\settings_over.gif
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\res\\yahoo-search.png
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\index.76.35
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.10.76
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.109.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.110.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.12.52
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.13.58
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.130.58
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.135.50
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.153.44
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.155.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.156.49
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.16.60
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.161.52
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.178.66
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.184.55
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.188.52
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.189.45
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.196.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.198.56
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.199.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.200.53
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.201.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.202.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.203.71
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.205.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.213.71
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.214.49
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.215.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.216.67
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.217.67
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.218.52
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.219.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.220.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.221.57
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.222.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.223.68
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.226.68
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.227.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.228.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.229.76
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.23.63
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.239.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.24.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.240.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.241.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.242.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.243.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.244.63
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.245.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.247.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.248.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.249.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.250.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.251.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.252.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.253.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.254.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.255.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.256.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.257.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.279.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.28.58
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.282.75
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.283.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.284.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.289.67
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.290.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.291.61
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.296.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.297.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.304.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.307.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.308.75
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.31.47
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.310.46
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.311.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.315.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.316.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.317.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.318.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.319.49
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.32.48
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.334.44
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.335.60
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.336.44
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.337.44
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.338.75
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.339.47
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.34.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.340.47
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.341.47
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.349.50
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.35.48
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.350.50
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.351.51
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.352.54
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.353.51
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.354.51
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.357.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.358.52
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.359.52
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.360.53
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.361.54
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.362.68
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.363.58
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.364.54
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.365.53
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.367.56
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.368.58
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.369.55
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.370.56
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.371.56
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.372.57
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.373.55
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.375.56
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.376.57
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.377.55
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.378.65
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.384.58
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.386.71
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.387.59
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.388.59
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.389.59
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.390.60
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.391.60
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.392.60
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.393.60
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.394.60
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.396.61
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.397.61
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.398.60
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.399.60
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.403.61
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.404.63
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.405.61
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.406.61
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.407.76
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.408.63
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.409.61
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.412.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.413.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.414.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.415.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.416.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.417.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.418.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.419.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.420.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.421.62
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.423.63
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.424.63
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.425.63
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.426.63
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.427.63
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.428.65
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.429.63
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.430.63
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.432.65
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.433.64
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.434.65
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.435.64
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.436.76
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.437.64
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.438.71
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.439.71
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.440.75
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.442.73
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.443.73
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.444.73
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.445.68
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.446.69
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.450.67
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.451.67
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.452.68
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.453.68
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.454.69
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.456.69
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.457.75
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.458.70
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.459.70
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.460.69
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.462.74
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.463.69
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.464.70
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.465.68
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.468.70
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.469.70
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.470.70
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.471.73
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.472.70
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.478.74
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.479.73
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.480.68
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.481.71
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.482.74
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.49.67
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.50.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.500.71
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.501.74
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.502.71
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.51.69
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.52.72
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.520.76
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.521.76
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.522.76
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.53.51
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.531.76
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.532.75
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.534.75
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.54.47
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.55.45
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.56.69
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.57.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.58.47
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.593.76
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.595.76
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.63.57
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.66.47
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.70.75
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\rules\\rules.1.71.43
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Dealio\\kb127\\temp\\installtype.ini
C:\\Program Files\\Dealio
C:\\Program Files\\Dealio\\DealioAU.exe
C:\\Program Files\\Dealio\\kb127
C:\\Program Files\\Dealio\\SearchSettingsKit.exe
C:\\Program Files\\Dealio\\kb127\\Dealio Deskbar.exe
C:\\Program Files\\Dealio\\kb127\\Dealio.dll
C:\\Program Files\\Dealio\\kb127\\DealioRes409.dll
C:\\Program Files\\Dealio\\kb127\\res
C:\\Program Files\\Dealio\\kb127\\resDN
C:\\Program Files\\Dealio\\kb127\\rules
C:\\Program Files\\Dealio\\kb127\\temp
C:\\Program Files\\Dealio\\kb127\\res\\alerts.gif
C:\\Program Files\\Dealio\\kb127\\res\\alerts_over.gif
C:\\Program Files\\Dealio\\kb127\\res\\alerts_rec.gif
C:\\Program Files\\Dealio\\kb127\\res\\alerts_rec_over.gif
C:\\Program Files\\Dealio\\kb127\\res\\chevron-small.gif
C:\\Program Files\\Dealio\\kb127\\res\\DealioSearch.html
C:\\Program Files\\Dealio\\kb127\\res\\deals-leftcap.gif
C:\\Program Files\\Dealio\\kb127\\res\\deal_report.jpg
C:\\Program Files\\Dealio\\kb127\\res\\ebay_login.jpg
C:\\Program Files\\Dealio\\kb127\\res\\err_mainwindow.html
C:\\Program Files\\Dealio\\kb127\\res\\err_toolbar.html
C:\\Program Files\\Dealio\\kb127\\res\\global_scripts.js
C:\\Program Files\\Dealio\\kb127\\res\\headerbgthin.jpg
C:\\Program Files\\Dealio\\kb127\\res\\highlight-bg.png
C:\\Program Files\\Dealio\\kb127\\res\\logo.gif
C:\\Program Files\\Dealio\\kb127\\res\\logo_over.gif
C:\\Program Files\\Dealio\\kb127\\res\\man_toolbar.css
C:\\Program Files\\Dealio\\kb127\\res\\man_toolbar.html
C:\\Program Files\\Dealio\\kb127\\res\\man_toolbar.js
C:\\Program Files\\Dealio\\kb127\\res\\man_toolbarl.js
C:\\Program Files\\Dealio\\kb127\\res\\post-this-deal.gif
C:\\Program Files\\Dealio\\kb127\\res\\post-this-deal_over.gif
C:\\Program Files\\Dealio\\kb127\\res\\scripts.js
C:\\Program Files\\Dealio\\kb127\\res\\scroller.js
C:\\Program Files\\Dealio\\kb127\\res\\search-chevron.gif
C:\\Program Files\\Dealio\\kb127\\res\\search-chevron_over.gif
C:\\Program Files\\Dealio\\kb127\\res\\search_bg_blink.gif
C:\\Program Files\\Dealio\\kb127\\res\\separator.gif
C:\\Program Files\\Dealio\\kb127\\res\\settings.gif
C:\\Program Files\\Dealio\\kb127\\res\\settings_over.gif
C:\\Program Files\\Dealio\\kb127\\res\\yahoo-search.png
C:\\Program Files\\Dealio\\kb127\\resDN\\bottom.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\chevron_down.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\chevron_up.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\close.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\deskbar.css
C:\\Program Files\\Dealio\\kb127\\resDN\\deskbar.js
C:\\Program Files\\Dealio\\kb127\\resDN\\dispatch_helper.js
C:\\Program Files\\Dealio\\kb127\\resDN\\ebay_compatible.jpg
C:\\Program Files\\Dealio\\kb127\\resDN\\logo.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\logo_chevron_bkg.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\losing.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\lost.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\man_deskbar.html
C:\\Program Files\\Dealio\\kb127\\resDN\\menu_arrow.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\menu_check.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\no_image.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\prod_img.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\search_chevron.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\spacer.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\textfield_bkg.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\top.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\unknown.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\winning.gif
C:\\Program Files\\Dealio\\kb127\\resDN\\won.gif
C:\\Program Files\\Dealio\\kb127\\rules\\index.76.35
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.10.76
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.109.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.110.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.12.52
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.13.58
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.130.58
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.135.50
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.153.44
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.155.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.156.49
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.16.60
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.161.52
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.178.66
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.184.55
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.188.52
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.189.45
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.196.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.198.56
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.199.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.200.53
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.201.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.202.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.203.71
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.205.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.213.71
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.214.49
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.215.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.216.67
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.217.67
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.218.52
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.219.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.220.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.221.57
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.222.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.223.68
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.226.68
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.227.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.228.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.229.76
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.23.63
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.239.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.24.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.240.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.241.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.242.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.243.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.244.63
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.245.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.247.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.248.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.249.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.250.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.251.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.252.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.253.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.254.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.255.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.256.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.257.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.279.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.28.58
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.282.75
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.283.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.284.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.289.67
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.290.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.291.61
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.296.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.297.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.304.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.307.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.308.75
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.31.47
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.310.46
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.311.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.315.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.316.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.317.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.318.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.319.49
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.32.48
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.334.44
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.335.60
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.336.44
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.337.44
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.338.75
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.339.47
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.34.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.340.47
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.341.47
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.349.50
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.35.48
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.350.50
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.351.51
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.352.54
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.353.51
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.354.51
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.357.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.358.52
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.359.52
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.360.53
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.361.54
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.362.68
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.363.58
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.364.54
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.365.53
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.367.56
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.368.58
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.369.55
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.370.56
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.371.56
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.372.57
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.373.55
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.375.56
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.376.57
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.377.55
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.378.65
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.384.58
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.386.71
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.387.59
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.388.59
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.389.59
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.390.60
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.391.60
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.392.60
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.393.60
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.394.60
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.396.61
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.397.61
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.398.60
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.399.60
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.403.61
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.404.63
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.405.61
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.406.61
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.407.76
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.408.63
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.409.61
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.412.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.413.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.414.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.415.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.416.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.417.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.418.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.419.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.420.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.421.62
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.423.63
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.424.63
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.425.63
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.426.63
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.427.63
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.428.65
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.429.63
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.430.63
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.432.65
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.433.64
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.434.65
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.435.64
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.436.76
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.437.64
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.438.71
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.439.71
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.440.75
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.442.73
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.443.73
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.444.73
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.445.68
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.446.69
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.450.67
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.451.67
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.452.68
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.453.68
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.454.69
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.456.69
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.457.75
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.458.70
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.459.70
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.460.69
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.462.74
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.463.69
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.464.70
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.465.68
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.468.70
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.469.70
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.470.70
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.471.73
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.472.70
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.478.74
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.479.73
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.480.68
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.481.71
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.482.74
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.49.67
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.50.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.500.71
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.501.74
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.502.71
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.51.69
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.52.72
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.520.76
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.521.76
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.522.76
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.53.51
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.531.76
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.532.75
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.534.75
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.54.47
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.55.45
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.56.69
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.57.43
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.58.47
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.593.76
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.595.76
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.63.57
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.66.47
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.70.75
C:\\Program Files\\Dealio\\kb127\\rules\\rules.1.71.43
C:\\DOCUME~1\\ALLUSE~1\\MENUDM~1\\PROGRA~1\\Dealio
C:\\Program Files\\Need2Find
C:\\Program Files\\Need2Find\\bar
C:\\Program Files\\Need2Find\\bar\\History
C:\\Program Files\\Need2Find\\bar\\Settings
C:\\Program Files\\Need2Find\\bar\\History\\search
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Search Settings
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Search Settings\\kb127
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Search Settings\\kb127\\res
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Search Settings\\kb127\\temp
C:\\DOCUME~1\\Gilbert\\APPLIC~1\\Search Settings\\kb127\\temp\\ws-14290.log
C:\\Program Files\\Search Settings
C:\\Program Files\\Search Settings\\kb127
C:\\Program Files\\Search Settings\\SearchSettings.exe
C:\\Program Files\\Search Settings\\kb127\\res
C:\\Program Files\\Search Settings\\kb127\\SearchSettings.dll
C:\\Program Files\\Search Settings\\kb127\\SearchSettingsRes409.dll
C:\\Program Files\\Search Settings\\kb127\\temp
C:\\WINDOWS\\iun6002.exe

-----------\\\\ Extensions

(Gilbert) - {0200c2a9-70da-4f6d-b527-f5f7d7877228} => fireuploader
(Gilbert) - {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} => imagezoom
(Gilbert) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(Gilbert) - {37fa1426-b82d-11db-8314-0800200c9a66} => wm-notifier
(Gilbert) - {3e0e7d2a-070f-4a47-b019-91fe5385ba79} => addthis
(Gilbert) - {a7c6cf7f-112c-4500-a7ea-39801a327e5f} => fireftp
(Gilbert) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(Gilbert) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus


-----------\\\\ [..\\Internet Explorer\\Main]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main]
\"Start Page\"=\"http://www.google.fr/webhp?rls=ig\"
\"Local Page\"=\"C:\\\\WINDOWS\\\\system32\\\\blank.htm\"
\"Search Page\"=\"http://www.google.com\"
\"Search Bar\"=\"http://www.google.com/ie\"
\"SearchMigratedDefaultURL\"=\"http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8\"

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main]
\"Default_Page_URL\"=\"http://go.microsoft.com/fwlink/?LinkId=69157\"
\"Default_Search_URL\"=\"http://go.microsoft.com/fwlink/?LinkId=54896\"
\"Search Page\"=\"http://go.microsoft.com/fwlink/?LinkId=54896\"
\"Local Page\"=\"C:\\\\WINDOWS\\\\system32\\\\blank.htm\"
\"Start Page\"=\"http://go.microsoft.com/fwlink/?LinkId=69157\"


--------------------\\\\ Recherche d\'autres infections


C:\\DOCUME~1\\Gilbert\\LOCALS~1\\APPLIC~1\\csigmsu.dat
C:\\DOCUME~1\\Gilbert\\LOCALS~1\\APPLIC~1\\csigmsu_nav.dat
C:\\DOCUME~1\\Gilbert\\LOCALS~1\\APPLIC~1\\csigmsu_navps.dat
==> EGDACCESS <==




1 - \"C:\\ToolBar SD\\TB_1.txt\" - 24/11/2009|17:06 - Option : [1]

-----------\\\\ Fin du rapport a 17:06:46,09



malwarebleach malwarebleach
2 125 contributions
Membre depuis le 12/09/2009
Envoyé le 24/11/2009 à 19:35


Tu m\'as envoyé le rapport de toolbar S&D [:D] , cette étape de la désinfection est terminée, ce qui m\'interesse maintenant c\'est que tu exécutes OTM comme demandé sur mon dernier post. [;)]

Envoies moi le rapport de suppression d\'OTM est un nouveau rapport RSIT à la suite.
Si tu ne sais pas demande, si tu sais partage !!
gil90 gil90
90 contributions
Membre depuis le 14/11/2009
Envoyé le 24/11/2009 à 19:48


J\'ai de nouveau été obligé de démarrer en mode sans échec.

Est-ce que je lance RSIT en mode sans échec ?

Voici le rapport _OTM\\MovedFiles (après redémarrage en mode sans échec, le rapport page de droite de OTM était verrouillé par la fenêtre de reboot)

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\AutorunsDisabled\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list\\\\C:\\Program Files\\CA\\eTrust Antivirus\\InoNmSrv.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list\\\\C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list\\\\C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list\\\\C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe deleted successfully.
========== FILES ==========
File/Folder C:\\Program Files\\CA not found.
========== SERVICES/DRIVERS ==========
Service CA_LIC_CLNT stopped successfully!
Service CA_LIC_CLNT deleted successfully!
Service CA_LIC_SRVR stopped successfully!
Service CA_LIC_SRVR deleted successfully!
Service InoRPC stopped successfully!
Service InoRPC deleted successfully!
Service InoRT stopped successfully!
Service InoRT deleted successfully!
Service InoTask stopped successfully!
Service InoTask deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 2452 bytes
->Temporary Internet Files folder emptied: 251444 bytes
->Java cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Fichiers Vus

User: Gilbert
->Temp folder emptied: 68910 bytes
->Temporary Internet Files folder emptied: 9599421 bytes
->Java cache emptied: 45607318 bytes
->FireFox cache emptied: 70605442 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49554 bytes

User: Propriétaire

User: Sans Sono à graver

User: Sono à graver

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\\System32 .tmp files removed: 175104 bytes
Windows Temp folder emptied: 517 bytes
%systemroot%\\system32\\config\\systemprofile\\Local Settings\\Temp folder emptied: 500882 bytes
%systemroot%\\system32\\config\\systemprofile\\Local Settings\\Temporary Internet Files folder emptied: 34313 bytes
RecycleBin emptied: 504 bytes

Total Files Cleaned = 121,07 mb


OTM by OldTimer - Version 3.1.2.0 log created on 11242009_193029
gil90
malwarebleach malwarebleach
2 125 contributions
Membre depuis le 12/09/2009
Envoyé le 24/11/2009 à 19:50


tentes le démarrage normal, un rapport RSIT en mode sans échec ne m\'est pas très utile, il me sert à voir tout ce qui est actif sur ton ordinateur.
Si tu ne sais pas demande, si tu sais partage !!
gil90 gil90
90 contributions
Membre depuis le 14/11/2009
Envoyé le 24/11/2009 à 19:51


sans attendre ta réponse j\'ai lancé RSIT (mode sans échec), voici le rapport :

Logfile of random\'s system information tool 1.06 (written by random/random)
Run by Gilbert at 2009-11-24 19:48:10
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 57 GB (45%) free of 128 GB
Total RAM: 1535 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:22, on 24/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\downloads\\RSIT.exe
C:\\Program Files\\trend micro\\Gilbert.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.google.fr/webhp?rls=ig
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\\Program Files\\Orbitdownloader\\orbitcth.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\\WINDOWS\\system32\\gigagetbho_v10.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Fichiers communs\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.3.4501.1418\\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\\Program Files\\PDFCreator Toolbar\\v3.3.0.1\\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\\Program Files\\Google\\Google Gears\\Internet Explorer\\0.5.33.0\\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\\Program Files\\Orbitdownloader\\GrabPro.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\\Program Files\\PDFCreator Toolbar\\v3.3.0.1\\PDFCreator_Toolbar.dll
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [nwiz] nwiz.exe /install
O4 - HKLM\\..\\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\\..\\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\\..\\Run: [Dit] Dit.exe
O4 - HKLM\\..\\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\\..\\Run: [CHotkey] mHotkey.exe
O4 - HKLM\\..\\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\\..\\Run: [TkBellExe] \"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot
O4 - HKLM\\..\\Run: [MSConfig] C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto
O4 - HKLM\\..\\RunServices: [RegisterDropHandler] C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE
O4 - HKLM\\..\\RunOnce: [OTM] \"C:\\downloads\\OTM.exe\"
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKUS\\S-1-5-19\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SERVICE LOCAL\')
O4 - HKUS\\S-1-5-20\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SERVICE RÉSEAU\')
O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Download All by Gigaget - C:\\Program Files\\Giganology\\Gigaget\\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\\Program Files\\Giganology\\Gigaget\\geturl.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\\WINDOWS\\system32\\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/202
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\\Program Files\\Google\\Google Gears\\Internet Explorer\\0.5.33.0\\gears.dll
O9 - Extra \'Tools\' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\\Program Files\\Google\\Google Gears\\Internet Explorer\\0.5.33.0\\gears.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O9 - Extra \'Tools\' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O15 - Trusted IP range: http://194.206.164.165
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097702632093
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215425572093
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://fr.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} (Java Plug-in 1.6.0_16) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{7EC343CE-D76A-4494-9934-2B3EE78B9133}: Domain = Free.fr
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\FICHIE~1\\Skype\\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\\Program Files\\IVT Corporation\\BlueSoleil\\BTNtService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\\Program Files\\Symantec AntiVirus\\DefWatch.exe
O23 - Service: Google Update Service (gupdate1c97228ea2a95cc) (gupdate1c97228ea2a95cc) - Google Inc. - C:\\Program Files\\Google\\Update\\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Fichiers communs\\InstallShield\\Driver\\1150\\Intel 32\\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\LogWatNT.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\\Program Files\\Fichiers communs\\Nero\\Nero BackItUp 4\\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\\Program Files\\CDBurnerXP\\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\\WINDOWS\\system32\\IoctlSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\RpcAgentSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\\Program Files\\Symantec AntiVirus\\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\\Program Files\\Fichiers communs\\Symantec Shared\\SNDSrvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\\Program Files\\SPAMfighter\\sfus.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\\PROGRA~1\\COMMON~1\\X10\\Common\\x10nets.exe

--
End of file - 10320 bytes

======Scheduled tasks folder======

C:\\WINDOWS\\tasks\\AppleSoftwareUpdate.job
C:\\WINDOWS\\tasks\\GoogleUpdateTaskMachineCore.job
C:\\WINDOWS\\tasks\\GoogleUpdateTaskMachineUA.job
C:\\WINDOWS\\tasks\\NeroLiveEpgUpdate-GILBERT70_Gilbert.job
C:\\WINDOWS\\tasks\\User_Feed_Synchronization-{F4CBAF48-CDD9-4FA0-BEF2-D2ED1D85186A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\\Program Files\\Orbitdownloader\\orbitcth.dll [2009-10-14 179472]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{111CAA23-6F4F-42AC-8555-B48C1D87BBAB}]
GigagetIEHelper Class - C:\\WINDOWS\\system32\\gigagetbho_v10.dll [2006-01-09 86016]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\\Program Files\\Fichiers communs\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\\program files\\google\\googletoolbar1.dll [2007-11-07 2436160]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.3.4501.1418\\swg.dll [2009-10-09 762864]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\\Program Files\\PDFCreator Toolbar\\v3.3.0.1\\PDFCreator_Toolbar.dll [2008-09-26 806912]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\\Program Files\\Google\\Google Gears\\Internet Explorer\\0.5.33.0\\gears.dll [2009-10-16 2101248]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\\Program Files\\Orbitdownloader\\GrabPro.dll [2009-10-14 662720]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\\Program Files\\PDFCreator Toolbar\\v3.3.0.1\\PDFCreator_Toolbar.dll [2008-09-26 806912]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"NvCplDaemon\"=C:\\WINDOWS\\system32\\NvCpl.dll [2004-09-20 4583424]
\"nwiz\"=nwiz.exe /install []
\"Raccourci vers la page des propriétés de High Definition Audio\"=C:\\WINDOWS\\system32\\HDAudPropShortcut.exe [2004-03-17 61952]
\"Cmaudio\"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
\"Dit\"=C:\\WINDOWS\\Dit.exe [2004-07-20 90112]
\"AGRSMMSG\"=C:\\WINDOWS\\AGRSMMSG.exe [2005-03-04 88209]
\"CHotkey\"=C:\\WINDOWS\\mHotkey.exe [2004-02-24 508416]
\"ledpointer\"=C:\\WINDOWS\\CNYHKey.exe [2004-02-03 5794816]
\"TkBellExe\"=C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe [2008-12-28 185872]
\"MSConfig\"=C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe [2008-04-14 172544]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce]
\"OTM\"=C:\\downloads\\OTM.exe [2009-11-17 422912]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"ctfmon.exe\"=C:\\WINDOWS\\system32\\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe ARM]
C:\\Program Files\\Fichiers communs\\Adobe\\ARM\\1.0\\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe Reader Speed Launcher]
C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NMBgMonitor.exe [2008-06-24 132392]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\ccApp]
C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe [2004-03-31 66656]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\InstantAccess]
C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\INSTAN~1.EXE [1999-12-14 37376]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Microsoft Works Update Detection]
C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Works Shared\\WkUFind.exe [2002-11-14 28672]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\mmtask]
C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe [2006-01-17 53248]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSMSGS]
C:\\Program Files\\Messenger\\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NBKeyScan]
C:\\Program Files\\Nero\\Nero BackItUp 4\\NBKeyScan.exe [2008-09-24 2254120]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NeroFilterCheck]
C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NeroCheck.exe [2008-06-19 570664]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PC Suite Tray]
C:\\Program Files\\Nokia\\Nokia PC Suite 7\\PCSuite.exe -onlytray []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PCMService]
C:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe [2004-10-15 81920]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\QuickTime Task]
C:\\Program Files\\QuickTime\\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\RegisterDropHandler]
C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE [1998-12-14 23040]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SPAMfighter Agent]
C:\\Program Files\\SPAMfighter\\SFAgent.exe [2009-03-12 326792]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SpybotSD TeaTimer]
C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SunJavaUpdateSched]
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\swg]
C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe [2007-04-04 68856]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\TkBellExe]
C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe [2008-12-28 185872]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Ulead AutoDetector v2]
C:\\Program Files\\Fichiers communs\\Ulead Systems\\AutoDetector\\monitor.exe [2006-11-29 90112]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\vptray]
C:\\PROGRA~1\\SYMANT~1\\VPTray.exe [2004-03-31 124128]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\WMPNSCFG]
C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
C:\\PROGRA~1\\IVTCOR~1\\BLUESO~1\\BLUESO~1.EXE [2004-10-15 1024000]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON SMART PANEL for Scanner.lnk]
C:\\PROGRA~1\\EPSON\\EPSONS~1\\ESPmain.exe [2000-05-27 180224]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
C:\\PROGRA~1\\MICROS~4\\Office\\OSA9.EXE [1999-02-17 65588]

C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage
AutorunsDisabled

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\NavLogon]
C:\\WINDOWS\\system32\\NavLogon.dll [2004-03-31 83176]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\WgaLogon]
C:\\WINDOWS\\system32\\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\\WINDOWS\\system32\\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\network\\nm]

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\network\\nm.sys]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]
\"dontdisplaylastusername\"=0
\"legalnoticecaption\"=
\"legalnoticetext\"=
\"shutdownwithoutlogon\"=1
\"undockwithoutlogon\"=1
\"PromptOnSecureDesktop\"=0

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"NoDriveTypeAutoRun\"=145

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"HonorAutoRunSetting\"=

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"%ProgramFiles%\\Messenger\\msmsgs.exe\"=\"%ProgramFiles%\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger\"
\"%ProgramFiles%\\AOL 9.0\\AOL.exe\"=\"%ProgramFiles%\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0\"
\"%ProgramFiles%\\AOL 9.0\\WAOL.exe\"=\"%ProgramFiles%\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0\"
\"%CommonProgramFiles%\\AOL\\ACS\\AOLACSD.exe\"=\"%CommonProgramFiles%\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)\"
\"%CommonProgramFiles%\\AOL\\ACS\\AOLDIAL.exe\"=\"%CommonProgramFiles%\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)\"
\"%WinDir%\\system32\\fxsclnt.exe\"=\"%WinDir%\\system32\\fxsclnt.exe:*:enabled:Microsoft Fax Console\"
\"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe\"=\"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:enabled:BlueSoleil\"
\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\"=\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:MSN Messenger\"
\"C:\\Program Files\\Kazaa\\kazaa.exe\"=\"C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa Media Desktop\"
\"C:\\WINDOWS\\system32\\dpvsetup.exe\"=\"C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test\"
\"C:\\WINDOWS\\system32\\rundll32.exe\"=\"C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu\'application\"
\"C:\\Program Files\\Ratajik Software\\StationRipper\\StationRipperConsole.exe\"=\"C:\\Program Files\\Ratajik Software\\StationRipper\\StationRipperConsole.exe:*:Enabled:StationRipperConsole\"
\"C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe\"=\"C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe:*:Enabled:Gigaget\"
\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\"=\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk\"
\"C:\\Program Files\\Fichiers communs\\AOL\\1172389140\\ee\\aolsoftware.exe\"=\"C:\\Program Files\\Fichiers communs\\AOL\\1172389140\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components\"
\"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe\"=\"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home\"
\"C:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe\"=\"C:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime\"
\"C:\\TDdownload\\incredimail_install.exe\"=\"C:\\TDdownload\\incredimail_install.exe:*:Enabled:IncrediMail Installer\"
\"C:\\Documents and Settings\\Gilbert\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe\"=\"C:\\Documents and Settings\\Gilbert\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe:*:Enabled:IncrediMail Installer\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"
\"C:\\Program Files\\eMule\\emule.exe\"=\"C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule\"
\"C:\\Program Files\\Internet Explorer\\iexplore.exe\"=\"C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer\"
\"C:\\TDdownload\\microtorrent_torrent_1.8_build_11742_anglais_18245.exe\"=\"C:\\TDdownload\\microtorrent_torrent_1.8_build_11742_anglais_18245.exe:*:Enabled:µTorrent\"
\"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\RpcAgentSrv.exe\"=\"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service\"
\"C:\\Program Files\\Skype\\Phone\\Skype.exe\"=\"C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype\"
\"C:\\Program Files\\Orbitdownloader\\orbitdm.exe\"=\"C:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit\"
\"C:\\Program Files\\Orbitdownloader\\orbitnet.exe\"=\"C:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit\"
\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe\"=\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe:*:Enabled:Render Manager\"
\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe\"=\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile\"
\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe\"=\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe:*:Enabled:umi\"
\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe\"=\"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin\"
\"C:\\Program Files\\Bonjour\\mDNSResponder.exe\"=\"C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour\"
\"C:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe\"=\"C:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe:*:Enabled:MxDownloadServer\"
\"C:\\Program Files\\utorrent.exe\"=\"C:\\Program Files\\utorrent.exe:*:Enabled:µTorrent\"
\"C:\\Program Files\\Maïdo Production\\IziSpot 4\\IziSpot.exe\"=\"C:\\Program Files\\Maïdo Production\\IziSpot 4\\IziSpot.exe:*:Enabled:IziSpot\"
\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe\"=\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer\"
\"C:\\dolibarr\\bin\\apache\\apache2.2.6\\bin\\httpd.exe\"=\"C:\\dolibarr\\bin\\apache\\apache2.2.6\\bin\\httpd.exe:*:Disabled:Apache HTTP Server\"
\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\"=\"C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox\"
\"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\WNt500x86\\RpcSandraSrv.exe\"=\"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\WNt500x86\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service\"

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\domainprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"%ProgramFiles%\\Messenger\\msmsgs.exe\"=\"%ProgramFiles%\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger\"
\"%ProgramFiles%\\MSN Messenger\\msnmsgr.exe\"=\"%ProgramFiles%\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger\"
\"%ProgramFiles%\\AOL 9.0\\AOL.exe\"=\"%ProgramFiles%\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0\"
\"%ProgramFiles%\\AOL 9.0\\WAOL.exe\"=\"%ProgramFiles%\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0\"
\"%CommonProgramFiles%\\AOL\\ACS\\AOLACSD.exe\"=\"%CommonProgramFiles%\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)\"
\"%CommonProgramFiles%\\AOL\\ACS\\AOLDIAL.exe\"=\"%CommonProgramFiles%\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)\"
\"%WinDir%\\system32\\fxsclnt.exe\"=\"%WinDir%\\system32\\fxsclnt.exe:*:enabled:Microsoft Fax Console\"
\"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe\"=\"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner\"
\"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe\"=\"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor\"
\"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe\"=\"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server\"
\"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe\"=\"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:enabled:BlueSoleil\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{3e99e8a7-3468-11dd-9656-0011094e1888}]
shell\\AutoRun\\command - H:\\LaunchU3.exe

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{3e99e8a8-3468-11dd-9656-0011094e1888}]
shell\\verb1\\command - desktop.exe

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{52d219bd-881c-11de-978b-0011094e1888}]
shell\\AutoRun\\command - H:\\ClickMe.exe

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{8637ccbc-03e6-11dc-9472-0011094e1888}]
shell\\AutoRun\\command - H:\\groupeIBT.exe

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{cb47aeda-edcf-11dd-9700-0011094e1888}]
shell\\AutoRun\\command - PLAY.EXE \"playlist.m3u\"


======List of files/folders created in the last 1 months======

2009-11-24 19:30:29 ----D---- C:\\_OTM
2009-11-24 18:56:29 ----A---- C:\\cleannavi.txt
2009-11-24 18:54:42 ----D---- C:\\Program Files\\Navilog1
2009-11-24 17:05:43 ----A---- C:\\TB.txt
2009-11-24 17:05:17 ----D---- C:\\ToolBar SD
2009-11-23 16:37:12 ----D---- C:\\rsit
2009-11-22 19:07:53 ----HDC---- C:\\WINDOWS\\$NtUninstallKB969947$
2009-11-15 09:54:41 ----D---- C:\\Documents and Settings\\Gilbert\\Application Data\\Smart PC Solutions
2009-11-15 09:54:33 ----D---- C:\\Program Files\\Smart PC Solutions
2009-11-10 16:11:42 ----A---- C:\\Documents and Settings\\All Users\\Application Data\\xmlC8.tmp
2009-11-04 07:02:12 ----A---- C:\\WINDOWS\\system32\\javaws.exe
2009-11-04 07:02:12 ----A---- C:\\WINDOWS\\system32\\javaw.exe
2009-11-04 07:02:12 ----A---- C:\\WINDOWS\\system32\\java.exe

======List of files/folders modified in the last 1 months======

2009-11-24 19:48:24 ----A---- C:\\WINDOWS\\ntbtlog.txt
2009-11-24 19:48:12 ----D---- C:\\Program Files\\Trend Micro
2009-11-24 19:39:35 ----D---- C:\\Program Files\\Mozilla Firefox
2009-11-24 19:33:09 ----A---- C:\\WINDOWS\\SchedLgU.Txt
2009-11-24 19:31:40 ----D---- C:\\WINDOWS\\Prefetch
2009-11-24 19:30:50 ----D---- C:\\WINDOWS\\system32
2009-11-24 19:30:50 ----D---- C:\\WINDOWS
2009-11-24 19:30:50 ----AD---- C:\\WINDOWS\\Temp
2009-11-24 19:29:02 ----D---- C:\\downloads
2009-11-24 19:28:47 ----D---- C:\\Documents and Settings\\Gilbert\\Application Data\\Orbit
2009-11-24 19:07:39 ----D---- C:\\Program Files\\Symantec AntiVirus
2009-11-24 19:02:33 ----D---- C:\\Program Files\\SPAMfighter
2009-11-24 19:02:22 ----A---- C:\\WINDOWS\\ModemLog_Bluetooth DUN Modem.txt
2009-11-24 19:02:21 ----A---- C:\\WINDOWS\\ModemLog_Bluetooth Fax Modem.txt
2009-11-24 19:02:16 ----A---- C:\\WINDOWS\\ModemLog_Agere Systems PCI Soft Modem.txt
2009-11-24 19:00:13 ----D---- C:\\Program Files
2009-11-24 16:31:28 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Spybot - Search & Destroy
2009-11-24 16:21:06 ----D---- C:\\WINDOWS\\system32\\NtmsData
2009-11-24 08:06:15 ----D---- C:\\Program Files\\Mozilla Thunderbird
2009-11-24 00:12:52 ----SHD---- C:\\WINDOWS\\Installer
2009-11-24 00:12:38 ----D---- C:\\Program Files\\Google
2009-11-23 15:38:53 ----RASH---- C:\\boot.ini
2009-11-23 15:38:53 ----A---- C:\\WINDOWS\\win.ini
2009-11-23 15:38:53 ----A---- C:\\WINDOWS\\system.ini
2009-11-23 15:38:17 ----D---- C:\\WINDOWS\\pss
2009-11-23 01:07:56 ----D---- C:\\Documents and Settings\\Gilbert\\Application Data\\vlc
2009-11-22 21:04:22 ----HD---- C:\\WINDOWS\\inf
2009-11-22 21:02:48 ----D---- C:\\WINDOWS\\system32\\CatRoot2
2009-11-22 19:07:55 ----RSHDC---- C:\\WINDOWS\\system32\\dllcache
2009-11-22 19:03:53 ----HD---- C:\\WINDOWS\\$hf_mig$
2009-11-19 11:29:55 ----A---- C:\\WINDOWS\\NeroDigital.ini
2009-11-15 09:59:03 ----D---- C:\\Documents and Settings\\Gilbert\\Application Data\\Real
2009-11-14 19:01:40 ----A---- C:\\WINDOWS\\IE4 Error Log.txt
2009-11-14 12:46:36 ----D---- C:\\WINDOWS\\Registration
2009-11-10 16:11:44 ----A---- C:\\Documents and Settings\\All Users\\Application Data\\xml8D.tmp
2009-11-10 16:11:42 ----A---- C:\\Documents and Settings\\All Users\\Application Data\\xml59C7.tmp
2009-11-10 13:42:33 ----A---- C:\\WINDOWS\\system32\\PerfStringBackup.INI
2009-11-05 18:36:21 ----A---- C:\\WINDOWS\\system32\\MRT.exe
2009-11-04 23:22:46 ----A---- C:\\WINDOWS\\imsins.BAK
2009-11-04 07:01:41 ----D---- C:\\Program Files\\Java
2009-10-30 06:46:29 ----D---- C:\\WINDOWS\\Help
2009-10-25 07:08:32 ----DC---- C:\\WINDOWS\\system32\\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Pilote HID de clavier; C:\\WINDOWS\\system32\\DRIVERS\\kbdhid.sys [2008-04-14 14720]
R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\\WINDOWS\\System32\\drivers\\ws2ifsl.sys [2004-08-05 12032]
R3 Afc;PPdus ASPI Shell; C:\\WINDOWS\\system32\\drivers\\Afc.sys [2005-02-22 11776]
R3 BT;Bluetooth PAN Network Adapter; C:\\WINDOWS\\system32\\DRIVERS\\btnetdrv.sys [2004-09-21 10804]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\\WINDOWS\\system32\\DRIVERS\\vbtenum.sys [2004-09-21 11604]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\\WINDOWS\\system32\\DRIVERS\\fetnd5b.sys [2004-04-15 42496]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\\WINDOWS\\system32\\DRIVERS\\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\hidusb.sys [2008-04-13 10368]
R3 mouhid;Pilote HID de souris; C:\\WINDOWS\\system32\\DRIVERS\\mouhid.sys [2004-08-05 12288]
R3 pfc;Padus ASPI Shell; C:\\WINDOWS\\system32\\drivers\\pfc.sys [2003-12-05 10368]
R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\tunmp.sys [2008-04-13 12288]
R3 UKBFLT;UKBFLT; C:\\WINDOWS\\system32\\DRIVERS\\UKBFLT.sys [2003-12-19 11672]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d\'hôte amélioré Microsoft USB 2.0; C:\\WINDOWS\\system32\\DRIVERS\\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbuhci.sys [2008-04-13 20608]
S1 eeCtrl;Symantec Eraser Control driver; \\??\\C:\\Program Files\\Fichiers communs\\Symantec Shared\\EENGINE\\eeCtrl.sys []
S1 intelppm;Pilote de processeur Intel; C:\\WINDOWS\\system32\\DRIVERS\\intelppm.sys [2008-04-14 40576]
S1 SAVRT;SAVRT; \\??\\C:\\Program Files\\Symantec AntiVirus\\savrt.sys []
S1 SYMTDI;SYMTDI; C:\\WINDOWS\\System32\\Drivers\\SYMTDI.SYS [2004-03-11 263616]
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.0.0.5; C:\\WINDOWS\\system32\\DRIVERS\\AegisP.sys [2004-10-13 15939]
S2 Ca536av;DV 4100M(Video); C:\\WINDOWS\\System32\\Drivers\\Ca536av.sys []
S2 SAVRTPEL;SAVRTPEL; \\??\\C:\\Program Files\\Symantec AntiVirus\\Savrtpel.sys []
S3 AgereSoftModem;Agere Systems Soft Modem; C:\\WINDOWS\\system32\\DRIVERS\\AGRSM.sys [2006-01-25 1149888]
S3 Arp1394;Protocole client ARP 1394; C:\\WINDOWS\\system32\\DRIVERS\\arp1394.sys [2008-04-13 60800]
S3 BlueletAudio;Bluetooth Audio Service; C:\\WINDOWS\\system32\\DRIVERS\\blueletaudio.sys [2004-09-21 19712]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\\WINDOWS\\System32\\Drivers\\btcusb.sys [2004-10-12 23896]
S3 Cap7134;MEDION (7134) WDM Video Capture; C:\\WINDOWS\\system32\\DRIVERS\\Cap7134.sys [2003-06-05 350752]
S3 CardReaderFilter;Card Reader Filter; \\??\\C:\\WINDOWS\\system32\\Drivers\\USBCRFT.SYS []
S3 CCDECODE;Décodeur sous-titre fermé; C:\\WINDOWS\\system32\\DRIVERS\\CCDECODE.sys [2008-04-13 17024]
S3 cmudax;C-Media High Definition Audio Interface; C:\\WINDOWS\\system32\\drivers\\cmudax.sys [2004-10-01 1272000]
S3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\\WINDOWS\\system32\\DRIVERS\\el90xbc5.sys [2001-08-17 66591]
S3 fbxusb;Carte réseau virtuelle FreeBox USB; C:\\WINDOWS\\system32\\DRIVERS\\fbxusb32.sys [2004-10-20 21344]
S3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio; C:\\WINDOWS\\system32\\drivers\\HdAudio.sys [2004-03-17 113664]
S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\\WINDOWS\\system32\\drivers\\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\\WINDOWS\\system32\\drivers\\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\\WINDOWS\\system32\\DRIVERS\\NABTSFEC.sys [2008-04-13 85248]
S3 NAVENG;NAVENG; \\??\\C:\\PROGRA~1\\FICHIE~1\\SYMANT~1\\VIRUSD~1\\20091123.005\\naveng.sys []
S3 NAVEX15;NAVEX15; \\??\\C:\\PROGRA~1\\FICHIE~1\\SYMANT~1\\VIRUSD~1\\20091123.005\\navex15.sys []
S3 NdisIP;Connection TV/vidéo Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;Pilote réseau 1394; C:\\WINDOWS\\system32\\DRIVERS\\nic1394.sys [2008-04-13 61824]
S3 NPF;Netgroup Packet Filter; \\??\\C:\\WINDOWS\\system32\\drivers\\packet.sys []
S3 NTSIM;NTSIM; \\??\\C:\\WINDOWS\\system32\\ntsim.sys []
S3 nv;nv; C:\\WINDOWS\\system32\\DRIVERS\\nv4_mini.sys [2004-09-20 2738592]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3; C:\\WINDOWS\\system32\\DRIVERS\\PhTVTune.sys [2003-06-12 24704]
S3 PsSdk31;PsSdk31; \\??\\C:\\WINDOWS\\system32\\Drivers\\pssdk31.drv []
S3 PsSdkLBF;PsSdkLBF; \\??\\C:\\WINDOWS\\system32\\Drivers\\pssdklbf.drv []
S3 RivaTuner32;RivaTuner32; \\??\\C:\\Program Files\\RivaTuner v2.23\\RivaTuner32.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\\WINDOWS\\System32\\Drivers\\RootMdm.sys [2004-08-05 5888]
S3 RT2500USB;RT2500 USB Wireless LAN Driver; C:\\WINDOWS\\system32\\DRIVERS\\rt2500usb.sys [2004-08-13 140544]
S3 SANDRA;SANDRA; \\??\\C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\WNt500x86\\Sandra.sys []
S3 SLIP;Détrameur décalage BDA; C:\\WINDOWS\\system32\\DRIVERS\\SLIP.sys [2008-04-13 11136]
S3 StillCam;Pilote d\'appareil photo numérique série; C:\\WINDOWS\\system32\\DRIVERS\\serscan.sys [2001-08-23 6912]
S3 streamip;BDA IPSink; C:\\WINDOWS\\system32\\DRIVERS\\StreamIP.sys [2008-04-13 15232]
S3 SymEvent;SymEvent; \\??\\C:\\Program Files\\Symantec\\SYMEVENT.SYS []
S3 SYMREDRV;SYMREDRV; C:\\WINDOWS\\System32\\Drivers\\SYMREDRV.SYS [2004-03-11 16288]
S3 TVICHW32;TVICHW32; \\??\\C:\\WINDOWS\\system32\\DRIVERS\\TVICHW32.SYS []
S3 usbaudio;Pilote USB audio (WDM); C:\\WINDOWS\\system32\\drivers\\usbaudio.sys [2008-04-13 60032]
S3 USBCamera;DV 4100M(Still); C:\\WINDOWS\\System32\\Drivers\\Bulk536.sys []
S3 usbprint;Classe d\'imprimantes USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\\WINDOWS\\system32\\DRIVERS\\usbscan.sys [2008-04-13 15104]
S3 usbstor;Pilote de stockage de masse USB; C:\\WINDOWS\\system32\\DRIVERS\\USBSTOR.SYS [2008-04-13 26368]
S3 VComm;Virtual Serial port driver; C:\\WINDOWS\\system32\\DRIVERS\\VComm.sys [2004-09-21 61048]
S3 VcommMgr;Bluetooth VComm Manager Service; C:\\WINDOWS\\System32\\Drivers\\VcommMgr.sys [2004-09-22 81548]
S3 wanatw;WAN Miniport (ATW); C:\\WINDOWS\\system32\\DRIVERS\\wanatw4.sys [2003-01-10 33588]
S3 wbscr;Winbond Smartcard Reader for I/O; C:\\WINDOWS\\system32\\drivers\\wbscr.sys [2002-04-24 19928]
S3 WpdUsb;WpdUsb; C:\\WINDOWS\\system32\\DRIVERS\\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\\WINDOWS\\system32\\DRIVERS\\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\\WINDOWS\\system32\\DRIVERS\\wudfrd.sys [2006-09-28 82944]
S3 XUIF;X10 USB Wireless Transceiver; C:\\WINDOWS\\System32\\Drivers\\x10ufx2.sys [2004-01-16 17408]
S4 INO_FLPY;INO_FLPY; C:\\WINDOWS\\system32\\Drivers\\ino_flpy.sys [2003-06-19 19712]
S4 INO_FLTR;INO_FLTR; \\??\\C:\\WINDOWS\\system32\\Drivers\\ino_fltr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 6to4;Service d\'application d\'assistance IPv6; C:\\WINDOWS\\system32\\svchost.exe [2008-04-14 14336]
S2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\\Program Files\\IVT Corporation\\BlueSoleil\\BTNtService.exe [2004-10-12 106496]
S2 Bonjour Service;Service Bonjour; C:\\Program Files\\Bonjour\\mDNSResponder.exe [2008-08-29 238888]
S2 ccEvtMgr;Symantec Event Manager; C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccEvtMgr.exe [2004-03-31 255072]
S2 ccSetMgr;Symantec Settings Manager; C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccSetMgr.exe [2004-03-31 242784]
S2 DefWatch;Symantec AntiVirus Definition Watcher; C:\\Program Files\\Symantec AntiVirus\\DefWatch.exe [2004-03-31 29928]
S2 Fax;Fax; C:\\WINDOWS\\system32\\fxssvc.exe [2008-04-14 268800]
S2 gupdate1c97228ea2a95cc;Google Update Service (gupdate1c97228ea2a95cc); C:\\Program Files\\Google\\Update\\GoogleUpdate.exe [2009-01-09 133104]
S2 JavaQuickStarterService;Java Quick Starter; C:\\Program Files\\Java\\jre6\\bin\\jqs.exe [2009-10-11 153376]
S2 LogWatch;Event Log Watch; C:\\Program Files\\CA\\SharedComponents\\CA_LIC\\LogWatNT.exe []
S2 NMSAccessU;NMSAccessU; C:\\Program Files\\CDBurnerXP\\NMSAccessU.exe [2008-10-20 71096]
S2 NVSvc;NVIDIA Display Driver Service; C:\\WINDOWS\\system32\\nvsvc32.exe [2004-09-20 127043]
S2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\\WINDOWS\\system32\\IoctlSvc.exe [2006-12-19 81920]
S2 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\RpcAgentSrv.exe [2008-04-17 98488]
S2 SPAMfighter Update Service;SPAMfighter Update Service; C:\\Program Files\\SPAMfighter\\sfus.exe [2009-03-12 184968]
S2 Symantec AntiVirus;Symantec AntiVirus; C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe [2004-03-31 1234152]
S2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\\Program Files\\Windows Media Player\\WMPNetwk.exe [2006-11-03 918016]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\\WINDOWS\\system32\\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Service d\'état ASP.NET; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\aspnet_state.exe [2008-07-25 34312]
S3 ccPwdSvc;Symantec Password Validation; C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccPwdSvc.exe [2004-03-31 87136]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\WPF\\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe [2009-03-24 183280]
S3 IDriverT;InstallDriver Table Manager; C:\\Program Files\\Fichiers communs\\InstallShield\\Driver\\1150\\Intel 32\\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE [2006-02-20 2041536]
S3 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBService.exe [2008-06-08 877864]
S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\\Program Files\\Fichiers communs\\Nero\\Nero BackItUp 4\\NBService.exe [2008-09-30 935208]
S3 NMIndexingService;NMIndexingService; C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NMIndexingService.exe [2008-06-24 537896]
S3 SavRoam;SAVRoam; C:\\Program Files\\Symantec AntiVirus\\SavRoam.exe [2004-03-31 169192]
S3 ServiceLayer;ServiceLayer; C:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe [2008-11-11 620544]
S3 SNDSrvc;Symantec Network Drivers Service; C:\\Program Files\\Fichiers communs\\Symantec Shared\\SNDSrvc.exe [2004-03-11 193760]
S3 x10nets;X10 Device Network Service; C:\\PROGRA~1\\COMMON~1\\X10\\Common\\x10nets.exe [2001-11-12 20480]
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
gil90
malwarebleach malwarebleach
2 125 contributions
Membre depuis le 12/09/2009
Envoyé le 24/11/2009 à 19:56


Dès que tu auras pu démarrer en mode normal, on va continuer en supprimant l\'infection sur ton pc qui se propage par support amovible, tu vas donc suivre ceci :

  • Télécharge et installe UsbFix de C_XX & Chiquitine29

  • Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

  • Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisi \"Exécuter en tant qu\'administrateur\" .

  • Choisis l\'option 1 ( Recherche )

  • Laisse travailler l\'outil.

  • Ensuite post le rapport UsbFix.txt qui apparaîtra.

  • Note : Le rapport UsbFix.txt est sauvegardé à la racine du disque. ( C:\\UsbFix.txt )


( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

* Note : \"Process.exe\", une composante de l\'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s\'agit pas d\'un virus, mais d\'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d\'où l\'alerte émise par ces antivirus.
Si tu ne sais pas demande, si tu sais partage !!
malwarebleach malwarebleach
2 125 contributions
Membre depuis le 12/09/2009
Envoyé le 24/11/2009 à 20:01


Pourras tu aussi copier/coller les rapports qui se trouvent ici :

C:\\WINDOWS\\ntbtlog.txt
C:\\WINDOWS\\SchedLgU.Txt

Merci !
Si tu ne sais pas demande, si tu sais partage !!

Discussion trop ancienne

Cette discussion a été automatiquement fermée car elle n'a plus reçue de nouveau message depuis trop longtemps.

Nous vous suggérons de créer un nouveau message

« Retour sur la liste des messages de ce forum