Votre question

Doutes d'Espionnage

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
19 Mars 2011 21:57:49

Bonjour,
Suis tombe sur ce site par hasard a la recherche d'une réponse et je sollicite votre aide...j'ai des doutes que mon copain espionne mon ordi.
Quelque mois derrière j'ai trouve des mails que j'ai échangé a la famille/amis qu'il a imprime. Après quelques mois, j'ai change d'ordinateur et il n'a pas pu l'acceder et malgre cela, aujourd’hui, il me sort le contenu d'une conversation avec un ami en reproche.

Comment faire pour savoir si effectivement il m'espionne? Le fait d'avoir un nouveau d'ordi ne règle pas le problème?

Merci d'avance

Autres pages sur : doutes espionnage

a c 614 8 Sécurité
20 Mars 2011 09:40:48

Bonjour,

Ce genre de problème se règle plutôt avec la personne intéressée, son comportement n'est pas admissible, à toi d'en faire état et de choisir la conséquence.

L'espionnage me parait douteux, sauf s'il connait ton mot de passe pour ta boite mail, ou ta question secrète pour le réinitialiser (msn, hotmail, etc ...)
Tu peux toujours en changer par précaution, le reste c'est à toi de lui faire comprendre.

[:_tom_:7]
20 Mars 2011 14:56:59

Impossible d'avoir une bonne conversation avec lui...on se voit plus depuis qq mois. Les mots de passe, question secrète...j'ai tout change et il continue a savoir ce que je fais sur mon ordi.

je pensais a un genre de scanner/software (nessus) qui récupère les données et les envoie par émail. Comment peux t il savoir le contenu de ma discussion sur MSN?

pff, complique!! j'ai essaye le Spy-Boot (search and destroy) et Ad-Ware, cela suffit de régler le problème? trouve 7 cookies qui ont ete supprime...mais je comprend un m...du langage informatique!!

mes16
Contenus similaires
a c 614 8 Sécurité
20 Mars 2011 17:59:19

Re,

Citation :
ff, complique!! j'ai essaye le Spy-Boot (search and destroy) et Ad-Ware, cela suffit de régler le problème?


Ils sont complètement obsolète, et surement inutile de toute manière ...

S'il n'a jamais eu accès à ton pc, seul l'histoire des mots de passes trop simple ou connue est plausible ...

Maintenant je dirais aussi qu'il faut laisser tomber çà, de toute manière c'est lui qui perd son temps, et là toi tu joues son jeu ... bref je suis pas ici pour régler les histoire de couple, mais franchement, je vois pas pourquoi tu tiens absolument à trouver un truc.

Si je te dis que je pense pas à des logiciels d'espionnage, tu me croiras pas, sauf si je te fais utiliser de super outils ou tu comprendras rien, mais au moins tu seras rassuré ... c'est ce que tu veux ?

Alors allons-y sinon tu va rester sur ta faim ...

Télécharge OTL (de Old Timer) sur ton bureau.
  • Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")
  • Coche en haut la case devant "Tous les utilisateurs"
  • Sous Personnalisation, copie-colle l'ensemble du texte ci-dessous, laisse les autres options par défaut.
    netsvcs
    msconfig
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT

  • Clique sur le bouton Analyse en haut à gauche puis patiente quelques instants.
  • A la fin du scan, deux rapports s'ouvriront OTL.Txt et Extras.Txt. Copie/colle ici l'ensemble des rapports.
    PS : Les rapports sont aussi enregistrés sur le bureau

    Pour les rapports, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
    20 Mars 2011 19:04:25

    je te remercie pour ton aide...

    le scan a été fait et les rapports copie/coller
    20 Mars 2011 19:05:34

    OTL logfile created on: 20-Mar-11 10:32:58 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\User\Downloads
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
    4.00 Gb Paging File | 2.00 Gb Available in Paging File | 62.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 146.39 Gb Total Space | 118.71 Gb Free Space | 81.09% Space Free | Partition Type: NTFS
    Drive D: | 151.60 Gb Total Space | 151.51 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
    Unable to calculate disk information.

    Computer Name: USER-PC | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011-03-20 21:43:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
    PRC - [2011-03-08 18:35:14 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010-11-22 12:50:18 | 001,375,992 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2010-11-22 12:50:18 | 000,928,496 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2010-02-26 04:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
    PRC - [2010-01-21 04:10:00 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
    PRC - [2010-01-21 04:10:00 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_92dbc85c81034340\stacsv.exe
    PRC - [2010-01-06 11:22:20 | 002,930,968 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
    PRC - [2009-07-14 05:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009-07-14 05:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009-07-14 05:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2009-07-01 18:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    PRC - [2009-07-01 18:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2009-07-01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    PRC - [2009-03-03 02:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_92dbc85c81034340\AEstSrv.exe
    PRC - [2009-01-26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2007-10-23 14:19:06 | 001,410,344 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    PRC - [2007-10-23 14:18:46 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe


    ========== Modules (SafeList) ==========

    MOD - [2011-03-20 21:43:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
    MOD - [2009-07-14 05:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010-11-22 12:50:18 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2010-02-26 04:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
    SRV - [2010-01-21 04:10:00 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_92dbc85c81034340\stacsv.exe -- (STacSV)
    SRV - [2009-07-14 05:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009-07-14 05:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009-07-14 05:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009-07-01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV - [2009-03-03 02:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_92dbc85c81034340\AEstSrv.exe -- (AESTFilters)
    SRV - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


    ========== Driver Services (SafeList) ==========

    DRV - [2011-02-26 01:59:12 | 000,800,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110309.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2011-01-20 10:41:06 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110320.003\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011-01-20 10:41:06 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011-01-20 10:41:06 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110320.003\NAVENG.SYS -- (NAVENG)
    DRV - [2010-12-23 12:53:24 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010-12-01 01:03:34 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110317.002\IDSvix86.sys -- (IDSVix86)
    DRV - [2010-11-23 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010-11-22 12:50:19 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2010-11-22 12:50:18 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
    DRV - [2010-05-06 08:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS -- (SYMTDIv)
    DRV - [2010-04-29 09:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1108000.005\Ironx86.SYS -- (SymIRON)
    DRV - [2010-04-22 07:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS -- (SymEFA)
    DRV - [2010-04-22 06:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS -- (SRTSP)
    DRV - [2010-04-22 06:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2010-04-14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
    DRV - [2010-02-27 05:01:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
    DRV - [2010-02-26 04:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1108000.005\ccHPx86.sys -- (ccHP)
    DRV - [2010-02-03 19:06:36 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV - [2010-01-21 04:10:00 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2009-09-17 12:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
    DRV - [2009-08-30 04:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1108000.005\SYMDS.SYS -- (SymDS)
    DRV - [2009-07-14 05:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009-07-14 05:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009-07-14 05:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009-07-14 03:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009-07-14 03:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2007-07-05 02:57:54 | 000,873,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athru6.sys -- (athrusb6)
    DRV - [2007-01-04 13:48:04 | 000,104,344 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e4usbaw.sys -- (e4usbaw)
    DRV - [2007-01-04 13:47:48 | 000,069,656 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\e4ldr.sys -- (E4LOADER) General Purpose USB Driver (e4ldr.sys)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3129991965-2013169323-3145457843-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKU\S-1-5-21-3129991965-2013169323-3145457843-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-3129991965-2013169323-3145457843-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 69 E9 57 78 A0 E1 CB 01 [binary data]
    IE - HKU\S-1-5-21-3129991965-2013169323-3145457843-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.google.fr"
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
    FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
    FF - prefs.js..extensions.enabledItems: fr-moderne@dictionaries.addons.mozilla.org:4.0.3
    FF - prefs.js..extensions.enabledItems: vinceturk@gmail.com:2.7.0.788


    FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2011-01-21 19:05:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2011-01-20 20:36:32 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-03-08 18:35:17 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-03-08 18:35:17 | 000,000,000 | ---D | M]

    [2011-01-19 08:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
    [2011-03-20 21:35:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qf21u9oy.default\extensions
    [2011-03-13 09:36:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qf21u9oy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011-02-20 17:10:21 | 000,000,000 | ---D | M] (Dictionnaire français «Moderne») -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qf21u9oy.default\extensions\fr-moderne@dictionaries.addons.mozilla.org
    [2011-02-27 16:09:11 | 000,000,000 | ---D | M] (KwiClick) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qf21u9oy.default\extensions\vinceturk@gmail.com
    [2011-01-20 11:38:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011-01-20 11:38:06 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2011-01-20 20:36:32 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN
    [2011-01-21 19:05:55 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN

    O1 HOSTS File: ([2011-01-19 05:54:21 | 000,000,902 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
    O3 - HKU\S-1-5-21-3129991965-2013169323-3145457843-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-3129991965-2013169323-3145457843-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - HKU\S-1-5-21-3129991965-2013169323-3145457843-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
    O4 - HKU\S-1-5-21-3129991965-2013169323-3145457843-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O13 - gopher Prefix: missing
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/fl... (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009-06-11 01:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found


    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)


    ========== Files/Folders - Created Within 30 Days ==========

    [2011-03-20 17:18:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DD5746BD-CCA7-4FDA-9877-A9C42EAD01E9}
    [2011-03-20 03:05:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C752AD77-4011-47E4-899B-4A3C87B30E49}
    [2011-03-20 00:19:01 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
    [2011-03-20 00:07:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Sunbelt Software
    [2011-03-19 22:27:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}
    [2011-03-19 22:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    [2011-03-19 22:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2011-03-19 22:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2011-03-19 20:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2011-03-19 20:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011-03-19 20:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011-03-19 15:05:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0B02A3DD-A13F-4879-AADC-DBB17C2AC12B}
    [2011-03-18 20:20:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3720B0A3-0FEB-446F-9B8C-C9607B7A867B}
    [2011-03-18 08:18:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{555C7AE7-0E51-4C7D-A618-E380FF4335B7}
    [2011-03-17 18:50:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1DC11939-CFB4-4C24-B68B-302576497ADC}
    [2011-03-16 20:05:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9D64D78B-CA6C-4563-94BA-DBC761D7CEB2}
    [2011-03-15 19:01:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C0B167B0-FF98-4475-AD96-715C848B14AD}
    [2011-03-14 19:02:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{79DE974D-A868-4284-B009-11661F8135C7}
    [2011-03-13 21:35:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7E5652CA-6C31-4196-9820-592443B97E89}
    [2011-03-13 09:35:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FD871997-CF28-4C5F-96E9-4D0E31C134C4}
    [2011-03-12 12:51:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{ED02B9BE-C558-403B-90CF-A7360DAD10AE}
    [2011-03-11 18:38:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A5413E4F-BF53-43EA-A47B-125CC1408B55}
    [2011-03-10 19:12:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DBF74E30-68D6-449B-A3E2-959A29F42F09}
    [2011-03-09 19:51:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{47FBF190-E5D7-45E2-92B3-F3EAE904702C}
    [2011-03-09 07:50:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BA5E02B8-C46A-4D68-9620-84D37751A1E0}
    [2011-03-08 18:33:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F2227B38-C937-463E-BCFF-1236A0A1899B}
    [2011-03-07 18:22:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9E81D6D5-C6A3-400F-BB39-6827679E0E82}
    [2011-03-06 21:13:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A9BDB256-0878-42D7-94AD-D31EF04BA6F3}
    [2011-03-06 09:13:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3DE3C5E8-5532-4E91-BA01-348254E81DCD}
    [2011-03-05 21:13:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5A55FB7B-BB7A-4277-84E1-20D7FD7D064F}
    [2011-03-05 09:12:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{271617C2-DC2C-431A-B993-D6E4B1AAE068}
    [2011-03-04 18:58:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1752DE56-836F-4521-AB64-7FC908A75422}
    [2011-03-04 06:58:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{36307BEE-59BF-4DCA-A223-5C59BBF25AD5}
    [2011-03-03 18:57:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{56E9BBC2-2B94-427C-A9A4-24E9E5F00856}
    [2011-03-02 10:01:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8647BD59-502D-4C76-A104-9EA3328B5787}
    [2011-03-01 22:01:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A0110CA9-7C38-4096-B017-C82EAC4E8A9C}
    [2011-02-28 19:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2011-02-28 19:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Socusoft
    [2011-02-28 19:52:13 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\DVD Photo Slideshow
    [2011-02-28 19:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Photo Slideshow Professional
    [2011-02-28 19:52:03 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
    [2011-02-28 19:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Socusoft
    [2011-02-28 19:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Photo Slideshow Professional
    [2011-02-28 19:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo to Sketch
    [2011-02-28 19:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Photo to Sketch
    [2011-02-28 19:23:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Nero
    [2011-02-28 18:52:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D349960B-43CC-47B1-B94E-B0768D308844}
    [2011-02-27 18:51:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\vlc
    [2011-02-27 17:57:29 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
    [2011-02-27 16:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\AmazonIcon
    [2011-02-27 16:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\ToolbarInstaller
    [2011-02-27 16:03:41 | 000,000,000 | ---D | C] -- C:\Temp
    [2011-02-27 11:55:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{84152133-CD77-40B2-836F-C308E3AC82D7}
    [2011-02-26 23:22:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{22FEC3DA-99C4-4217-89C4-E781EC78E512}
    [2011-02-26 11:22:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{60DA0464-3B90-44F9-991A-53F63B35D9EC}
    [2011-02-25 18:15:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D6B81DDE-925E-46D2-A816-70DF599DCEBC}
    [2011-02-22 19:49:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6436B4C7-E65E-4CAE-B541-497AF91AB114}
    [2011-02-21 19:52:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{21E090ED-E600-4805-B4A5-50FBDB568508}
    [2011-02-20 21:18:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PhotoScape
    [2011-02-20 21:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
    [2011-02-20 21:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
    [2011-02-20 21:02:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0A4C6E15-B17E-45C8-9149-29815FA42DAB}
    [2011-02-20 08:25:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E528EB2F-4D50-4611-A921-84150461B3C3}
    [2011-02-19 14:54:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{55F07157-C4A3-4195-B477-91946EAFEF6B}
    [2010-06-02 21:21:18 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

    ========== Files - Modified Within 30 Days ==========

    [2011-03-20 21:25:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011-03-20 17:22:37 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011-03-20 17:22:37 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011-03-20 17:17:31 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
    [2011-03-20 17:17:22 | 1502,625,792 | -HS- | M] () -- C:\hiberfil.sys
    [2011-03-19 22:27:57 | 000,001,124 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2011-03-19 22:27:56 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2011-03-17 06:04:19 | 000,624,128 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011-03-17 06:04:19 | 000,107,728 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011-03-14 22:12:50 | 000,104,331 | ---- | M] () -- C:\Users\User\Desktop\dash.PNG
    [2011-03-10 19:51:30 | 000,012,317 | ---- | M] () -- C:\Users\User\Desktop\195239_1735407777_2669368_n.jpg
    [2011-03-09 17:26:14 | 220,664,102 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011-03-09 08:07:08 | 000,014,641 | ---- | M] () -- C:\Users\User\Desktop\Dashima.jpg
    [2011-03-04 19:37:06 | 000,022,232 | ---- | M] () -- C:\Users\User\Desktop\thumb-083610hum-tum.gif
    [2011-02-28 20:11:07 | 000,003,584 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011-02-25 20:58:52 | 000,003,072 | -H-- | M] () -- C:\Users\User\Desktop\photothumb.db
    [2011-02-20 21:17:27 | 000,001,017 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
    [2011-02-20 21:17:27 | 000,000,993 | ---- | M] () -- C:\Users\User\Desktop\PhotoScape.lnk

    ========== Files Created - No Company Name ==========

    [2011-03-20 01:37:04 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
    [2011-03-19 22:27:57 | 000,001,124 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2011-03-19 22:27:56 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2011-03-14 22:12:50 | 000,104,331 | ---- | C] () -- C:\Users\User\Desktop\dash.PNG
    [2011-03-10 19:51:29 | 000,012,317 | ---- | C] () -- C:\Users\User\Desktop\195239_1735407777_2669368_n.jpg
    [2011-03-09 08:07:07 | 000,014,641 | ---- | C] () -- C:\Users\User\Desktop\Dashima.jpg
    [2011-03-04 19:37:06 | 000,022,232 | ---- | C] () -- C:\Users\User\Desktop\thumb-083610hum-tum.gif
    [2011-02-28 20:11:07 | 000,003,584 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011-02-25 20:58:51 | 000,003,072 | -H-- | C] () -- C:\Users\User\Desktop\photothumb.db
    [2011-02-20 21:17:27 | 000,001,017 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
    [2011-02-20 21:17:27 | 000,000,993 | ---- | C] () -- C:\Users\User\Desktop\PhotoScape.lnk
    [2011-01-20 11:41:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011-01-19 22:28:33 | 000,000,169 | ---- | C] () -- C:\Windows\adidsl.ini
    [2011-01-19 22:28:33 | 000,000,021 | ---- | C] () -- C:\Windows\Fast800.ini
    [2011-01-19 22:28:23 | 000,194,128 | ---- | C] () -- C:\Windows\adiras.exe
    [2011-01-19 22:28:23 | 000,000,990 | ---- | C] () -- C:\Windows\adiras.ini
    [2011-01-19 22:28:22 | 000,253,008 | ---- | C] () -- C:\Windows\adirasx64.exe
    [2011-01-19 22:28:21 | 000,127,456 | ---- | C] () -- C:\Windows\System32\IPDETECT.EXE
    [2011-01-19 22:28:20 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9P2.BIN
    [2011-01-19 22:28:19 | 000,024,576 | ---- | C] () -- C:\Windows\enddisk32.exe
    [2011-01-19 22:28:18 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9P1.BIN
    [2011-01-19 22:28:18 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9P0.BIN
    [2011-01-19 22:28:18 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9I2.BIN
    [2011-01-19 22:28:18 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9I1.BIN
    [2011-01-19 22:28:18 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9I0.BIN
    [2011-01-19 22:28:18 | 000,046,892 | ---- | C] () -- C:\Windows\System32\ADADIX16.DLL
    [2011-01-19 22:28:17 | 000,152,308 | ---- | C] () -- C:\Windows\System32\drivers\L1E4I2.BIN
    [2011-01-19 22:28:17 | 000,152,306 | ---- | C] () -- C:\Windows\System32\drivers\L1E4I1.BIN
    [2011-01-19 22:28:17 | 000,152,306 | ---- | C] () -- C:\Windows\System32\drivers\L1E4I0.BIN
    [2011-01-19 22:28:17 | 000,152,034 | ---- | C] () -- C:\Windows\System32\drivers\L1E4D0.BIN
    [2011-01-19 22:28:16 | 000,152,146 | ---- | C] () -- C:\Windows\System32\drivers\L1E4P2.BIN
    [2011-01-19 22:28:16 | 000,152,145 | ---- | C] () -- C:\Windows\System32\drivers\L1E4P1.BIN
    [2011-01-19 22:28:16 | 000,152,145 | ---- | C] () -- C:\Windows\System32\drivers\L1E4P0.BIN
    [2011-01-19 22:28:16 | 000,152,036 | ---- | C] () -- C:\Windows\System32\drivers\L1E4D2.BIN
    [2011-01-19 22:28:14 | 000,152,034 | ---- | C] () -- C:\Windows\System32\drivers\L1E4D1.BIN
    [2011-01-19 22:28:14 | 000,022,395 | ---- | C] () -- C:\Windows\System32\drivers\fpga.bin
    [2010-06-02 22:05:28 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
    [2010-06-02 22:05:26 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
    [2010-06-02 22:05:24 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
    [2010-06-02 21:19:12 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
    [2010-06-02 21:15:30 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
    [2010-06-02 21:15:28 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
    [2009-07-14 08:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009-07-14 08:33:53 | 000,435,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009-07-14 06:05:48 | 000,624,128 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009-07-14 06:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009-07-14 06:05:48 | 000,107,728 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009-07-14 06:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009-07-14 06:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009-07-14 06:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009-07-14 04:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2009-07-14 03:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009-07-14 03:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009-07-14 03:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009-06-11 01:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >

    < %ALLUSERSPROFILE%\Application Data\*. >

    < %ALLUSERSPROFILE%\Application Data\*.exe /s >

    < %APPDATA%\*. >
    [2011-01-26 22:30:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Adobe
    [2010-12-22 10:57:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Identities
    [2011-01-19 22:27:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\InstallShield
    [2011-01-19 09:14:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Macromedia
    [2009-07-14 11:48:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Media Center Programs
    [2011-03-13 15:21:47 | 000,000,000 | --SD | M] -- C:\Users\User\AppData\Roaming\Microsoft
    [2011-01-19 08:19:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla
    [2011-01-19 22:29:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nero
    [2011-03-06 10:30:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PhotoScape
    [2011-03-20 22:13:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Skype
    [2011-03-20 21:35:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\skypePM
    [2011-02-17 09:14:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\UseNeXT
    [2011-02-27 18:51:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\vlc

    < %APPDATA%\*.exe /s >

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2009-07-14 05:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
    [2009-07-14 05:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < End of report >
    20 Mars 2011 19:06:22

    OTL Extras logfile created on: 20-Mar-11 10:32:58 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\User\Downloads
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
    4.00 Gb Paging File | 2.00 Gb Available in Paging File | 62.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 146.39 Gb Total Space | 118.71 Gb Free Space | 81.09% Space Free | Partition Type: NTFS
    Drive D: | 151.60 Gb Total Space | 151.51 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
    Unable to calculate disk information.

    Computer Name: USER-PC | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3129991965-2013169323-3145457843-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
    "{06040081-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta Premium 2006 DVD
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{42CC40A6-332E-4F53-8FB8-BD6D77D764FB}_is1" = Photo to Sketch 4.0
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{5BB7355C-28D1-469B-9AD6-F4A863C51033}" = Nero 8 Essentials
    "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{95140000-007A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX v2.1
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
    "{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Ad-Aware" = Ad-Aware
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "DVD Photo Slideshow Professional_is1" = DVD Photo Slideshow Professional 8.00
    "Macromedia Shockwave Player" = Macromedia Shockwave Player
    "Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
    "MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
    "NIS" = Norton Internet Security
    "PhotoScape" = PhotoScape
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "UseNeXT_is1" = UseNeXT
    "VLC media player" = VLC media player 1.1.7
    "WinLiveSuite" = Windows Live
    "WinRAR archiver" = WinRAR archiver

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 05-Mar-11 8:26:17 AM | Computer Name = User-PC | Source = RasClient | ID = 20227
    Description =

    Error - 05-Mar-11 8:26:21 AM | Computer Name = User-PC | Source = RasClient | ID = 20227
    Description =

    Error - 06-Mar-11 9:40:18 AM | Computer Name = User-PC | Source = RasClient | ID = 20227
    Description =

    Error - 18-Mar-11 8:49:10 AM | Computer Name = User-PC | Source = RasClient | ID = 20227
    Description =

    Error - 18-Mar-11 8:49:13 AM | Computer Name = User-PC | Source = RasClient | ID = 20227
    Description =

    Error - 18-Mar-11 2:19:26 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: OfficeLiveSignIn.exe, version: 2.0.2313.0,
    time stamp: 0x491c0a79 Faulting module name: OfficeLiveSignIn.exe, version: 2.0.2313.0,
    time stamp: 0x491c0a79 Exception code: 0xc0000005 Fault offset: 0x00003ce7 Faulting
    process id: 0x1514 Faulting application start time: 0x01cbe57d154ad818 Faulting application
    path: C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe Faulting module
    path: C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe Report Id: 416b9e90-518c-11e0-929f-c0cb38ba7cc3

    Error - 19-Mar-11 4:07:46 PM | Computer Name = User-PC | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 19-Mar-11 5:57:51 PM | Computer Name = User-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
    - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
    in element "assemblyIdentity" is invalid.

    Error - 20-Mar-11 1:25:56 PM | Computer Name = User-PC | Source = ESENT | ID = 455
    Description = wlcomm (1604) C:\Users\User\AppData\Local\Microsoft\Windows Live\Contacts\xxxxxxx@hotmail.com\15.4\:
    Error -1023 (0xfffffc01) occurred while opening logfile C:\Users\User\AppData\Local\Microsoft\Windows
    Live\Contacts\xxxxxxx@hotmail.com\15.4\DBStore\LogFiles\edb.log.

    Error - 20-Mar-11 1:25:56 PM | Computer Name = User-PC | Source = ESENT | ID = 455
    Description = wlcomm (1604) C:\Users\User\AppData\Local\Microsoft\Windows Live\Contacts\xxxxxxx@hotmail.com\15.4\:
    Error -1023 (0xfffffc01) occurred while opening logfile C:\Users\User\AppData\Local\Microsoft\Windows
    Live\Contacts\xxxxxxx@hotmail.com\15.4\DBStore\LogFiles\edb.log.

    [ System Events ]
    Error - 19-Mar-11 2:24:40 PM | Computer Name = User-PC | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.

    Error - 19-Mar-11 3:31:49 PM | Computer Name = User-PC | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.

    Error - 19-Mar-11 4:07:46 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7030
    Description = The Lavasoft Ad-Aware Service service is marked as an interactive
    service. However, the system is configured to not allow interactive services.
    This service may not function properly.

    Error - 19-Mar-11 4:20:43 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
    Description = The General Purpose USB Driver (e4ldr.sys) service failed to start
    due to the following error: %%1058

    Error - 19-Mar-11 11:38:12 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
    Description = The General Purpose USB Driver (e4ldr.sys) service failed to start
    due to the following error: %%1058

    Error - 20-Mar-11 3:19:33 AM | Computer Name = User-PC | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.

    Error - 20-Mar-11 3:35:11 AM | Computer Name = User-PC | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.

    Error - 20-Mar-11 9:17:25 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
    Description = The General Purpose USB Driver (e4ldr.sys) service failed to start
    due to the following error: %%1058

    Error - 20-Mar-11 11:41:52 AM | Computer Name = User-PC | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.

    Error - 20-Mar-11 1:25:52 PM | Computer Name = User-PC | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.


    < End of report >
    a c 614 8 Sécurité
    20 Mars 2011 20:00:28

    Re,

    Désinstalle AdAware et Spybot.


    Affiche tes dossiers cachés :
    http://www.inforumatique.fr/afficher-les-fichiers-cache...

    Y'a pas de trace de quoi que ce soit comme spyware, mais un truc m'étonne, t'as un dossier qui se crée chaque jour.

    Ouvre ces dossiers :
    Citation :
    [2011-03-18 20:20:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3720B0A3-0FEB-446F-9B8C-C9607B7A867B}
    [2011-03-18 08:18:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{555C7AE7-0E51-4C7D-A618-E380FF4335B7}
    [2011-03-17 18:50:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1DC11939-CFB4-4C24-B68B-302576497ADC}
    [2011-03-16 20:05:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9D64D78B-CA6C-4563-94BA-DBC761D7CEB2}
    [2011-03-15 19:01:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C0B167B0-FF98-4475-AD96-715C848B14AD}
    [2011-03-14 19:02:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{79DE974D-A868-4284-B009-11661F8135C7}


    Dis-moi ce qu'il y a dedans, (s'il y a quelque chose ...)
    20 Mars 2011 20:15:02

    les dossiers sont vides...c un problem?
    20 Mars 2011 20:36:22

    les dossiers que tu m'as demande d'ouvrir sont vides et qq uns contiennent des dossiers vides ou des documents ETL file, TMP file, text document etc...

    j'ai un notepad qui s'appelle DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini.notepad

    et un DAT file sous le nom de GDIPFONTCACHEV1.DAT
    20 Mars 2011 21:12:02

    Bonjour de l'ile maurice...

    Je désinstalle le OTL aussi?

    Je sais pas si cela t'aidera a mieux comprendre, je te donne le rapport du scan d' AdAware...

    Logfile created: 20-Mar-11 00:22:47
    Ad-Aware version: 8.3.5
    Extended engine: 3
    Extended engine version: 3.1.2770
    User performing scan: User

    *********************** Definitions database information ***********************
    Lavasoft definition file: 150.167
    Genotype definition file version: Unknown
    Extended engine definition file: 7368.0

    ******************************** Scan results: *********************************
    Scan profile name: Full Scan (ID: full)
    Objects scanned: 92277
    Objects detected: 9


    Type Detected
    ==========================
    Processes.......: 0
    Registry entries: 0
    Hostfile entries: 0
    Files...........: 2
    Folders.........: 0
    LSPs............: 0
    Cookies.........: 7
    Browser hijacks.: 0
    MRU objects.....: 0



    Removed items:
    Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
    Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
    Description: *insightexpressai* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409259 Family ID: 0
    Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
    Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
    Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Failed Item ID: 408910 Family ID: 0
    Description: *insightexpressai* Family Name: Cookies Engine: 1 Clean status: Failed Item ID: 409259 Family ID: 0

    Quarantined items:
    Description: c:\program files\autorunremover\autorunremover.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 843b39143e88a917e9fab2ac03b7488b
    Description: c:\program files\winrar\unrar.exe Family Name: Win32.Worm.Kelvir Engine: 1 Clean status: Success Item ID: 0 Family ID: 1498 MD5: c67822aaf19ed4582153239ed06aa5c3

    Scan and cleaning complete: Finished correctly after 4457 seconds

    *********************************** Settings ***********************************

    Scan profile:
    ID: full, enabled:1, value: Full Scan
    ID: folderstoscan, enabled:1, value: C:\,D:\
    ID: useantivirus, enabled:1, value: true
    ID: sections, enabled:1
    ID: scancriticalareas, enabled:1, value: true
    ID: scanrunningapps, enabled:1, value: true
    ID: scanregistry, enabled:1, value: true
    ID: scanlsp, enabled:1, value: true
    ID: scanads, enabled:1, value: true
    ID: scanhostsfile, enabled:1, value: true
    ID: scanmru, enabled:1, value: true
    ID: scanbrowserhijacks, enabled:1, value: true
    ID: scantrackingcookies, enabled:1, value: true
    ID: closebrowsers, enabled:1, value: false
    ID: filescanningoptions, enabled:1
    ID: archives, enabled:1, value: true
    ID: onlyexecutables, enabled:1, value: false
    ID: skiplargerthan, enabled:1, value: 20480
    ID: scanrootkits, enabled:1, value: true
    ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
    ID: usespywareheuristics, enabled:1, value: true

    Scan global:
    ID: global, enabled:1
    ID: addtocontextmenu, enabled:1, value: true
    ID: playsoundoninfection, enabled:1, value: false
    ID: soundfile, enabled:0, value: N/A

    Scheduled scan settings:
    <Empty>

    Update settings:
    ID: updates, enabled:1
    ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
    ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
    ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
    ID: schedules, enabled:1, value: true
    ID: updatedaily1, enabled:1, value: Daily 1
    ID: time, enabled:1, value: Sun Mar 20 00:18:00 2011
    ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
    ID: weekdays, enabled:1
    ID: monday, enabled:1, value: false
    ID: tuesday, enabled:1, value: false
    ID: wednesday, enabled:1, value: false
    ID: thursday, enabled:1, value: false
    ID: friday, enabled:1, value: false
    ID: saturday, enabled:1, value: false
    ID: sunday, enabled:1, value: false
    ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
    ID: scanprofile, enabled:1, value:
    ID: auto_deal_with_infections, enabled:1, value: false
    ID: updatedaily2, enabled:1, value: Daily 2
    ID: time, enabled:1, value: Sun Mar 20 06:18:00 2011
    ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
    ID: weekdays, enabled:1
    ID: monday, enabled:1, value: false
    ID: tuesday, enabled:1, value: false
    ID: wednesday, enabled:1, value: false
    ID: thursday, enabled:1, value: false
    ID: friday, enabled:1, value: false
    ID: saturday, enabled:1, value: false
    ID: sunday, enabled:1, value: false
    ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
    ID: scanprofile, enabled:1, value:
    ID: auto_deal_with_infections, enabled:1, value: false
    ID: updatedaily3, enabled:1, value: Daily 3
    ID: time, enabled:1, value: Sun Mar 20 12:18:00 2011
    ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
    ID: weekdays, enabled:1
    ID: monday, enabled:1, value: false
    ID: tuesday, enabled:1, value: false
    ID: wednesday, enabled:1, value: false
    ID: thursday, enabled:1, value: false
    ID: friday, enabled:1, value: false
    ID: saturday, enabled:1, value: false
    ID: sunday, enabled:1, value: false
    ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
    ID: scanprofile, enabled:1, value:
    ID: auto_deal_with_infections, enabled:1, value: false
    ID: updatedaily4, enabled:1, value: Daily 4
    ID: time, enabled:1, value: Sun Mar 20 18:18:00 2011
    ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
    ID: weekdays, enabled:1
    ID: monday, enabled:1, value: false
    ID: tuesday, enabled:1, value: false
    ID: wednesday, enabled:1, value: false
    ID: thursday, enabled:1, value: false
    ID: friday, enabled:1, value: false
    ID: saturday, enabled:1, value: false
    ID: sunday, enabled:1, value: false
    ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
    ID: scanprofile, enabled:1, value:
    ID: auto_deal_with_infections, enabled:1, value: false
    ID: updateweekly1, enabled:1, value: Weekly
    ID: time, enabled:1, value: Sun Mar 20 00:18:00 2011
    ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
    ID: weekdays, enabled:1
    ID: monday, enabled:1, value: false
    ID: tuesday, enabled:1, value: false
    ID: wednesday, enabled:1, value: true
    ID: thursday, enabled:1, value: false
    ID: friday, enabled:1, value: false
    ID: saturday, enabled:1, value: false
    ID: sunday, enabled:1, value: true
    ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
    ID: scanprofile, enabled:1, value:
    ID: auto_deal_with_infections, enabled:1, value: false

    Appearance settings:
    ID: appearance, enabled:1
    ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
    ID: showtrayicon, enabled:1, value: true
    ID: autoentertainmentmode, enabled:1, value: true
    ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
    ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

    Realtime protection settings:
    ID: realtime, enabled:1
    ID: layers, enabled:1
    ID: useantivirus, enabled:1, value: true
    ID: usespywareheuristics, enabled:1, value: true
    ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
    ID: modules, enabled:1
    ID: processprotection, enabled:1, value: true
    ID: onaccessprotection, enabled:1, value: true
    ID: registryprotection, enabled:1, value: true
    ID: networkprotection, enabled:1, value: true


    ****************************** System information ******************************
    Computer name: USER-PC
    Processor name: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
    Processor identifier: x86 Family 6 Model 37 Stepping 5
    Processor speed: ~2533MHZ
    Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 9477, number of processors 4, processor features: [MMX,SSE,SSE2,SSE3]
    Physical memory available: 885112832 bytes
    Physical memory total: 2003501056 bytes
    Virtual memory available: 1840840704 bytes
    Virtual memory total: 2147352576 bytes
    Memory load: 55%
    Microsoft (build 7600)
    Windows startup mode:

    Running processes:
    PID: 300 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 400 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 456 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 464 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 512 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 528 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 540 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 628 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 692 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 768 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
    PID: 848 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
    PID: 892 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 928 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 964 name: C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_92dbc85c81034340\stacsv.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 1184 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
    PID: 1296 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
    PID: 1404 name: C:\Windows\System32\wlanext.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 1412 name: C:\Windows\System32\conhost.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 1464 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 1548 name: C:\Windows\System32\dwm.exe owner: User domain: User-PC
    PID: 1648 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 1708 name: C:\Windows\System32\taskhost.exe owner: User domain: User-PC
    PID: 1716 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
    PID: 1828 name: C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_92dbc85c81034340\AEstSrv.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 1860 name: C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 1896 name: C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 1944 name: C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 2024 name: C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe owner: <UNKNOWN> domain: <UNKNOWN>
    PID: 268 name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 420 name: C:\Windows\System32\sppsvc.exe owner: NETWORK SERVICE domain: NT AUTHORITY
    PID: 600 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
    PID: 752 name: C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE owner: SYSTEM domain: NT AUTHORITY
    PID: 1532 name: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 2080 name: C:\Windows\explorer.exe owner: User domain: User-PC
    PID: 2240 name: C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE owner: SYSTEM domain: NT AUTHORITY
    PID: 2488 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 2732 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: NETWORK SERVICE domain: NT AUTHORITY
    PID: 2756 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 2884 name: C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe owner: <UNKNOWN> domain: <UNKNOWN>
    PID: 3196 name: C:\Program Files\Dell\QuickSet\quickset.exe owner: User domain: User-PC
    PID: 3208 name: C:\Program Files\IDT\WDM\sttray.exe owner: User domain: User-PC
    PID: 3252 name: C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe owner: User domain: User-PC
    PID: 3276 name: C:\Windows\System32\igfxtray.exe owner: User domain: User-PC
    PID: 3304 name: C:\Windows\System32\hkcmd.exe owner: User domain: User-PC
    PID: 3348 name: C:\Windows\System32\igfxpers.exe owner: User domain: User-PC
    PID: 3404 name: C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe owner: User domain: User-PC
    PID: 3584 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
    PID: 3604 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
    PID: 3748 name: C:\Program Files\Windows Live\Messenger\msnmsgr.exe owner: User domain: User-PC
    PID: 3992 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
    PID: 4036 name: C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe owner: User domain: User-PC
    PID: 4048 name: C:\Program Files\Windows Sidebar\sidebar.exe owner: User domain: User-PC
    PID: 4088 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: User domain: User-PC
    PID: 1492 name: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe owner: User domain: User-PC
    PID: 2656 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 3332 name: C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 3820 name: C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe owner: User domain: User-PC
    PID: 3932 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 3500 name: C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe owner: User domain: User-PC
    PID: 3956 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: User domain: User-PC
    PID: 4616 name: C:\Windows\System32\SearchProtocolHost.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 4636 name: C:\Windows\System32\SearchFilterHost.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 4732 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: User domain: User-PC

    Startup items:
    Name: QuickSet
    imagepath: C:\Program Files\Dell\QuickSet\QuickSet.exe
    Name: SysTrayApp
    imagepath: C:\Program Files\IDT\WDM\sttray.exe
    Name: RemoteControl
    imagepath: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    Name: IgfxTray
    imagepath: C:\Windows\system32\igfxtray.exe
    Name: HotKeysCmds
    imagepath: C:\Windows\system32\hkcmd.exe
    Name: Persistence
    imagepath: C:\Windows\system32\igfxpers.exe
    Name: Adobe Reader Speed Launcher
    imagepath: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    Name: Adobe ARM
    imagepath: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    Name: NeroFilterCheck
    imagepath: C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    Name: WebCheck
    imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
    Name:
    location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    imagepath: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    Name:
    imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

    Bootexecute items:
    Name:
    imagepath: autocheck autochk *

    Running services:
    Name: AESTFilters
    displayname: Andrea ST Filters Service
    Name: AudioEndpointBuilder
    displayname: Windows Audio Endpoint Builder
    Name: Audiosrv
    displayname: Windows Audio
    Name: BFE
    displayname: Base Filtering Engine
    Name: BITS
    displayname: Background Intelligent Transfer Service
    Name: bthserv
    displayname: Bluetooth Support Service
    Name: btwdins
    displayname: Bluetooth Service
    Name: CryptSvc
    displayname: Cryptographic Services
    Name: CscService
    displayname: Offline Files
    Name: DcomLaunch
    displayname: DCOM Server Process Launcher
    Name: Dhcp
    displayname: DHCP Client
    Name: Dnscache
    displayname: DNS Client
    Name: DPS
    displayname: Diagnostic Policy Service
    Name: EapHost
    displayname: Extensible Authentication Protocol
    Name: eventlog
    displayname: Windows Event Log
    Name: EventSystem
    displayname: COM+ Event System
    Name: FontCache
    displayname: Windows Font Cache Service
    Name: gpsvc
    displayname: Group Policy Client
    Name: hidserv
    displayname: Human Interface Device Access
    Name: IKEEXT
    displayname: IKE and AuthIP IPsec Keying Modules
    Name: iphlpsvc
    displayname: IP Helper
    Name: KeyIso
    displayname: CNG Key Isolation
    Name: LanmanServer
    displayname: Server
    Name: LanmanWorkstation
    displayname: Workstation
    Name: Lavasoft Ad-Aware Service
    displayname: Lavasoft Ad-Aware Service
    Name: lmhosts
    displayname: TCP/IP NetBIOS Helper
    Name: MDM
    displayname: Machine Debug Manager
    Name: MMCSS
    displayname: Multimedia Class Scheduler
    Name: MpsSvc
    displayname: Windows Firewall
    Name: Nero BackItUp Scheduler 3
    displayname: Nero BackItUp Scheduler 3
    Name: Netman
    displayname: Network Connections
    Name: netprofm
    displayname: Network List Service
    Name: NIS
    displayname: Norton Internet Security
    Name: NlaSvc
    displayname: Network Location Awareness
    Name: NMIndexingService
    displayname: NMIndexingService
    Name: nsi
    displayname: Network Store Interface Service
    Name: PcaSvc
    displayname: Program Compatibility Assistant Service
    Name: PlugPlay
    displayname: Plug and Play
    Name: PolicyAgent
    displayname: IPsec Policy Agent
    Name: Power
    displayname: Power
    Name: ProfSvc
    displayname: User Profile Service
    Name: RasMan
    displayname: Remote Access Connection Manager
    Name: RpcEptMapper
    displayname: RPC Endpoint Mapper
    Name: RpcSs
    displayname: Remote Procedure Call (RPC)
    Name: SamSs
    displayname: Security Accounts Manager
    Name: SBSDWSCService
    displayname: SBSD Security Center Service
    Name: Schedule
    displayname: Task Scheduler
    Name: SeaPort
    displayname: SeaPort
    Name: SENS
    displayname: System Event Notification Service
    Name: ShellHWDetection
    displayname: Shell Hardware Detection
    Name: Spooler
    displayname: Print Spooler
    Name: sppsvc
    displayname: Software Protection
    Name: SSDPSRV
    displayname: SSDP Discovery
    Name: SstpSvc
    displayname: Secure Socket Tunneling Protocol Service
    Name: STacSV
    displayname: Audio Service
    Name: StiSvc
    displayname: Windows Image Acquisition (WIA)
    Name: SysMain
    displayname: Superfetch
    Name: TapiSrv
    displayname: Telephony
    Name: Themes
    displayname: Themes
    Name: TrkWks
    displayname: Distributed Link Tracking Client
    Name: UxSms
    displayname: Desktop Window Manager Session Manager
    Name: WdiServiceHost
    displayname: Diagnostic Service Host
    Name: WdiSystemHost
    displayname: Diagnostic System Host
    Name: WerSvc
    displayname: Windows Error Reporting Service
    Name: Winmgmt
    displayname: Windows Management Instrumentation
    Name: Wlansvc
    displayname: WLAN AutoConfig
    Name: wlidsvc
    displayname: Windows Live ID Sign-in Assistant
    Name: WPDBusEnum
    displayname: Portable Device Enumerator Service
    Name: wscsvc
    displayname: Security Center
    Name: WSearch
    displayname: Windows Search
    Name: wudfsvc
    displayname: Windows Driver Foundation - User-mode Driver Framework

    a c 614 8 Sécurité
    21 Mars 2011 08:54:17

    Bonjour,

    Alors dejà, comme je l'avais dis, j'm'en fou d'ADaware, il est absolument obsolète et inutile ...

    Donc comme je disais, vire-le tout comme Spybot serach and destroy.

    C'est bon pour les dossier, çà m'a attiré l'oeil c'est tout.

    Donc c'est bien ce que je disais, y'a rien niveau spyware, malware et tout la famille ;) 


    Tu peux remettre l'affichage des dossiers normal, et supprimer OTL.

    [:_tom_:7]



    22 Mars 2011 16:41:44

    :)  merci pour ton aide.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS