Votre question
Résolu

Envoi de mail autmatique, virus

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Janvier 2011 00:28:07

Bonjour, j'aurai besoin de votre aide : mon ordi envoie des mails automatiquement à des adresses que je ne connais pas... Pourriez vous m'aider ? Merci d'avance !

Voici mon log hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:18:01, on 07/01/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\relevantknowledge\rlvknlg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Shareaza\MediaLibraryBuilder.exe
C:\Program Files\Shareaza\MediaImageServices.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lequipe.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ehTray.exe] C:\windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Lanceur.lnk = C:\Program Files\Micro Application\LauncherMA.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: EngineServer - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\ENGINE~1.EXE
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 12304 bytes



Merci de votre aide !!!

Autres pages sur : envoi mail autmatique virus

a c 627 8 Sécurité
7 Janvier 2011 11:02:00

[:arslan:13] Bonjour,

Citation :
mon ordi envoie des mails automatiquement à des adresses que je ne connais pas...

C'est à dire ? Comment le sais-tu ?

Rien d'infectieux à première vue sur ton rapport.
m
0
l
7 Janvier 2011 18:17:17

Bonjour !

Merci d'avoir répondu si vite déja !

Je le sais parce que dans les messages envoyés de windows live mail, il y en a des tonnes de messages envoyés automatiquement. Et en plus, je reçois des dizaines et des dizaines de messages "Delivery Status Notification (Failure)" par jour, pour des mails envoyés à des adresses que je ne connais même pas...

Mais si tu ne relèves aucun problème, tant pis pour moi, merci d'avoir essayé !
m
0
l
Contenus similaires
a c 627 8 Sécurité
7 Janvier 2011 18:42:32

Re,

Disons que je voulais avoir une confirmation que tu voyais bien des mail dans les dossiers "envoyé" de ton logiciel, et non simplement des spam à ton nom ou revenant. Si c'est le cas, comme tu le dis, on va pousser plus loin la recherche, hijackthis étant très limité comme outils maintenant.

Télécharge OTL (de Old Timer) sur ton bureau.
  • Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")
  • Sous Personnalisation, copie-colle l'ensemble du texte ci-dessous, laisse les autres options par défaut.
    netsvcs
    msconfig
    drivers32
    /md5start
    explorer.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    /md5stop
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT

  • Clique sur le bouton Analyse en haut à gauche puis patiente quelques instants.
  • A la fin du scan, deux rapports s'ouvriront OTL.Txt et Extras.Txt. Copie/colle ici l'ensemble des rapports.
    PS : Les rapports sont aussi enregistrés sur le bureau

    Pour les rapports, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
    m
    0
    l
    7 Janvier 2011 20:58:38

    Re

    J'en profite déja pour te remercier encore de t'occuper de mon problème !
    Le service de rapport en ligne ne marche pas, donc je vais les poster ici
    m
    0
    l
    7 Janvier 2011 20:58:59

    OTL.txt :


    OTL logfile created on: 07/01/2011 20:42:26 - Run 1
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\user\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
    6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 114,62 Gb Total Space | 12,75 Gb Free Space | 11,12% Space Free | Partition Type: NTFS
    Drive D: | 108,27 Gb Total Space | 16,52 Gb Free Space | 15,26% Space Free | Partition Type: NTFS
    Drive E: | 1021,00 Mb Total Space | 1018,75 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
    Drive F: | 9,00 Gb Total Space | 0,97 Gb Free Space | 10,83% Space Free | Partition Type: NTFS

    Computer Name: PC-DE-USER | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/07 20:38:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
    PRC - [2009/12/22 00:29:56 | 000,049,792 | ---- | M] (TMRG, Inc.) -- C:\Program Files\RelevantKnowledge\rlservice.exe
    PRC - [2009/12/22 00:29:54 | 001,815,168 | ---- | M] (TMRG, Inc.) -- c:\program files\relevantknowledge\rlvknlg.exe
    PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/05/21 01:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
    PRC - [2008/05/14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
    PRC - [2008/05/14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    PRC - [2008/05/12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
    PRC - [2008/05/08 01:34:10 | 000,238,984 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
    PRC - [2008/05/05 11:34:00 | 000,202,048 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
    PRC - [2008/05/05 11:33:54 | 000,271,680 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
    PRC - [2008/05/02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
    PRC - [2008/05/02 21:17:02 | 010,244,096 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
    PRC - [2008/04/29 00:18:04 | 000,013,632 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~1\McAfee\MANAGE~1\VScan\ENGINE~1.EXE
    PRC - [2008/04/18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    PRC - [2008/04/18 14:53:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2008/04/04 16:10:24 | 001,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
    PRC - [2008/03/31 22:41:22 | 000,091,440 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
    PRC - [2008/01/21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2007/12/11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
    PRC - [2007/10/19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
    PRC - [2007/05/23 23:30:32 | 000,841,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
    PRC - [2007/05/16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe
    PRC - [2007/05/16 00:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe
    PRC - [2007/05/16 00:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    PRC - [2007/04/03 23:29:15 | 000,165,784 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
    PRC - [2007/02/20 10:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    PRC - [2007/02/13 20:09:12 | 000,540,776 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/07 20:38:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
    MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    MOD - [2008/05/21 01:42:30 | 000,081,680 | ---- | M] (Bioscrypt Inc.) -- C:\Windows\System32\APSHook.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
    SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/22 00:29:56 | 000,049,792 | ---- | M] (TMRG, Inc.) [Auto | Running] -- C:\Program Files\RelevantKnowledge\rlservice.exe -- (RelevantKnowledge)
    SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2008/05/21 01:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
    SRV - [2008/05/21 01:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll -- (ASChannel)
    SRV - [2008/05/14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
    SRV - [2008/05/14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
    SRV - [2008/05/12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
    SRV - [2008/05/05 11:34:00 | 000,202,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc)
    SRV - [2008/05/02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
    SRV - [2008/04/29 00:21:28 | 000,144,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe -- (McShield)
    SRV - [2008/04/29 00:18:04 | 000,013,632 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\PROGRA~1\McAfee\MANAGE~1\VScan\ENGINE~1.EXE -- (EngineServer)
    SRV - [2008/04/18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
    SRV - [2008/04/08 13:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
    SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV - [2007/12/11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2007/10/19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
    SRV - [2007/05/23 23:30:32 | 000,841,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
    SRV - [2007/05/16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
    SRV - [2007/02/13 20:09:12 | 000,540,776 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe -- (McAfee HackerWatch Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - [2010/09/23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
    DRV - [2008/10/27 22:03:13 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2008/05/14 01:36:26 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
    DRV - [2008/05/14 01:36:22 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
    DRV - [2008/05/14 01:36:20 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
    DRV - [2008/05/14 01:36:18 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
    DRV - [2008/05/08 13:01:44 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2008/04/29 00:25:00 | 000,055,112 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
    DRV - [2008/04/29 00:23:22 | 000,034,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MfeRKDK.sys -- (MfeRKDK)
    DRV - [2008/04/29 00:22:44 | 000,205,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2008/04/29 00:22:18 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MfeBOPK.sys -- (MfeBOPK)
    DRV - [2008/04/29 00:22:10 | 000,079,560 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MfeAVFK.sys -- (MfeAVFK)
    DRV - [2008/04/28 07:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Pilote de carte Intel(R)
    DRV - [2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastor.sys -- (iaStor)
    DRV - [2008/04/14 22:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
    DRV - [2008/04/11 15:38:44 | 000,382,464 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
    DRV - [2008/04/10 17:27:34 | 001,804,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
    DRV - [2008/04/07 19:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
    DRV - [2008/04/07 19:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
    DRV - [2008/03/27 20:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2008/02/29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008/01/21 03:23:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
    DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008/01/21 03:23:20 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2008/01/17 22:28:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
    DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2007/03/02 22:17:34 | 000,120,360 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
    DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2005/09/23 21:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lequipe.fr/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT226905...{searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "Search"
    FF - prefs.js..browser.startup.homepage: "http://www.lequipe.fr/"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT226905..."

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/22 22:02:45 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/22 22:02:45 | 000,000,000 | ---D | M]

    [2009/07/05 17:53:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
    [2011/01/07 18:22:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\eq8di6ix.default\extensions
    [2010/04/29 18:16:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\eq8di6ix.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/10/10 16:35:05 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\eq8di6ix.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
    [2010/10/10 20:54:21 | 000,000,873 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\eq8di6ix.default\searchplugins\conduit.xml
    [2010/11/11 13:35:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
    [2010/06/18 19:36:57 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/05/09 18:10:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/09 01:04:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/11 13:35:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2009/07/05 17:53:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
    [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2010/03/12 19:05:13 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
    [2010/03/12 19:05:13 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2010/03/12 19:05:13 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
    [2009/07/05 17:53:35 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
    [2010/03/12 19:05:13 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
    [2010/03/24 16:52:55 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
    O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
    O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
    O2 - BHO: (IEHlprObj Class) - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - C:\windows\System32\LineAudio.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
    O4 - HKLM..\Run: [CognizanceTS] c:\Programmes\Hewlett-Packard\IAM\Bin\ASTSVCC.dll File not found
    O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [McAfee Managed Services Tray] C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe (McAfee, Inc.)
    O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [Nokia FastStart] C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe File not found
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
    O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
    O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe File not found
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
    O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lanceur.lnk = C:\Program Files\Micro Application\LauncherMA.exe File not found
    O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
    O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-wind... (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-wind... (Java Plug-in 1.6.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-wind... (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-wind... (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-wind... (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.188.0.1
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.0.295.dll (McAfee, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Fond d'écran.bmp
    O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Fond d'écran.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{07302c08-a520-11dd-90eb-002264490ac0}\Shell\Auto\command - "" = M:\AdobeR.exe -- File not found
    O33 - MountPoints2\{35c6e331-ce87-11dd-8ca1-002264490ac0}\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
    O33 - MountPoints2\{af567b8d-1ae3-11de-a805-002264490ac0}\Shell\Auto\command - "" = N:\AdobeR.exe -- File not found
    O33 - MountPoints2\{b7f50ca2-0942-11e0-8fd5-002264490ac0}\Shell\AutoRun\command - "" = explorer .
    O33 - MountPoints2\{b7f50ca2-0942-11e0-8fd5-002264490ac0}\Shell\mobile\command - "" = L:\MobileLaunch.exe -- File not found
    O33 - MountPoints2\{c013ad3f-b53c-11df-ba7a-002264490ac0}\Shell\Auto\command - "" = L:\AdobeR.exe -- File not found
    O33 - MountPoints2\{c8637e3f-acff-11dd-8539-002264490ac0}\Shell\Auto\command - "" = H:\AdobeR.exe -- File not found
    O33 - MountPoints2\{febfe08e-aa4a-11dd-b092-002264490ac0}\Shell\Auto\command - "" = L:\AdobeR.exe -- File not found
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
    O33 - MountPoints2\I\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
    O33 - MountPoints2\L\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
    O33 - MountPoints2\M\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found


    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\windows\System32\ff_vfw.dll ()
    Drivers32: vidc.mjpg - pvmjpg30.dll File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/07 20:38:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
    [2011/01/07 00:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011/01/07 00:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
    [2011/01/05 00:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\Winamax Poker
    [2010/12/29 22:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
    [2010/12/15 20:12:18 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
    [2010/12/15 20:12:17 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskschd.dll
    [2010/12/15 20:12:17 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmicmiplugin.dll
    [2010/12/15 20:12:17 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskcomp.dll
    [2010/12/15 20:12:15 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\consent.exe
    [2010/12/15 20:12:14 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
    [2010/12/15 20:12:14 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fontsub.dll
    [2010/12/15 20:12:14 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
    [2010/12/15 20:12:10 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
    [2010/12/15 20:12:09 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
    [2010/12/15 20:12:08 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
    [2010/12/15 20:12:08 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
    [2010/12/15 20:12:08 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
    [2010/12/15 20:12:08 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
    [2010/12/15 20:12:08 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
    [2010/12/15 20:12:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
    [2010/12/15 20:12:07 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
    [2010/12/15 20:12:07 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
    [2010/12/15 20:12:07 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
    [2010/12/15 20:12:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
    [2010/12/15 20:12:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
    [2010/12/15 20:12:07 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
    [2010/12/15 20:12:07 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
    [2010/12/15 20:12:07 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
    [2010/12/15 20:12:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
    [2010/12/15 20:12:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
    [2008/10/27 15:54:37 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
    [2008/10/27 15:54:36 | 000,176,128 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/01/07 20:38:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
    [2011/01/07 20:09:54 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/01/07 20:09:54 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/01/07 19:47:00 | 000,001,050 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/07 18:36:54 | 000,018,944 | ---- | M] () -- C:\Users\user\Desktop\comptes grenoble.xls
    [2011/01/07 18:17:22 | 000,738,098 | ---- | M] () -- C:\windows\System32\perfh00C.dat
    [2011/01/07 18:17:22 | 000,639,094 | ---- | M] () -- C:\windows\System32\perfh009.dat
    [2011/01/07 18:17:22 | 000,151,694 | ---- | M] () -- C:\windows\System32\perfc00C.dat
    [2011/01/07 18:17:22 | 000,124,466 | ---- | M] () -- C:\windows\System32\perfc009.dat
    [2011/01/07 18:10:28 | 000,001,046 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/07 18:09:52 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2011/01/07 00:58:32 | 000,010,253 | ---- | M] () -- C:\windows\System32\Config.MPF
    [2011/01/07 00:15:29 | 000,001,874 | ---- | M] () -- C:\Users\user\Desktop\HijackThis.lnk
    [2011/01/06 16:10:15 | 000,224,768 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/28 11:44:50 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
    [2010/12/20 00:57:26 | 000,000,533 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shareaza Downloads - Raccourci.lnk
    [2010/12/17 00:26:38 | 000,024,576 | ---- | M] () -- C:\Users\user\Desktop\Liste Paris-Grenoble.doc
    [2010/12/16 17:00:57 | 000,489,032 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
    [2010/12/08 20:54:17 | 000,002,401 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk

    ========== Files Created - No Company Name ==========

    [2011/01/07 00:15:29 | 000,001,874 | ---- | C] () -- C:\Users\user\Desktop\HijackThis.lnk
    [2010/11/12 23:10:22 | 000,085,504 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
    [2010/10/13 19:50:15 | 000,000,000 | ---- | C] () -- C:\windows\SMMVSplitter.INI
    [2010/07/17 15:59:18 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\FnF4.txt
    [2009/08/24 21:58:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/08/03 21:58:16 | 000,024,206 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
    [2009/06/19 12:35:01 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll
    [2009/05/21 16:05:01 | 000,000,039 | ---- | C] () -- C:\windows\Irremote.ini
    [2009/05/21 14:51:47 | 000,122,880 | ---- | C] () -- C:\windows\System32\LineAudio.dll
    [2009/03/21 12:20:05 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini
    [2009/03/21 12:09:19 | 000,000,025 | ---- | C] () -- C:\windows\CDE SX200DEFGIPS.ini
    [2008/11/16 14:08:28 | 000,005,885 | ---- | C] () -- C:\windows\UNWISE.INI
    [2008/11/12 17:10:03 | 000,002,781 | ---- | C] () -- C:\Users\user\AppData\Roaming\QuickZip45.ini
    [2008/10/28 16:06:02 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
    [2008/10/28 12:01:54 | 000,000,382 | ---- | C] () -- C:\windows\ODBC.INI
    [2008/10/27 22:03:13 | 000,682,232 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
    [2008/10/27 20:56:04 | 000,224,768 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/10/27 16:05:07 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\QSwitch.txt
    [2008/10/27 16:05:07 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\DSwitch.txt
    [2008/10/27 16:05:07 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\AtStart.txt
    [2008/10/27 15:54:37 | 001,804,160 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
    [2008/10/27 15:54:37 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
    [2008/10/27 15:54:36 | 000,028,160 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
    [2008/09/17 12:36:22 | 000,921,600 | ---- | C] () -- C:\windows\System32\vorbisenc.dll
    [2008/09/17 12:36:20 | 000,237,568 | ---- | C] () -- C:\windows\System32\OggDS.dll
    [2008/09/17 12:36:20 | 000,188,416 | ---- | C] () -- C:\windows\System32\vorbis.dll
    [2008/09/17 12:36:20 | 000,045,056 | ---- | C] () -- C:\windows\System32\Ogg.dll
    [2008/06/18 09:54:28 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
    [2008/05/14 01:36:18 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
    [2008/05/08 10:14:24 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll
    [2007/11/15 02:24:14 | 000,003,584 | ---- | C] () -- C:\windows\System32\wceprv.dll
    [2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\windows\System32\sysprepMCE.dll
    [2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
    [2006/03/09 10:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll
    [2005/04/03 23:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll
    [1998/05/07 04:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll

    ========== Custom Scans ==========



    < MD5 for: EXPLORER.EXE >
    [2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
    [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
    [2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
    [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
    [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
    [2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
    [2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
    [2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

    < MD5 for: WININIT.EXE >
    [2008/01/21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
    [2008/01/21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

    < MD5 for: WINLOGON.EXE >
    [2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
    [2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
    [2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

    < %SYSTEMDRIVE%\*.exe >

    < %ALLUSERSPROFILE%\Application Data\*. >

    < %ALLUSERSPROFILE%\Application Data\*.exe /s >

    < %APPDATA%\*. >
    [2010/07/29 18:41:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Adobe
    [2010/10/13 21:17:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Apple Computer
    [2008/10/27 16:05:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ATI
    [2010/09/17 18:01:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\avidemux
    [2010/12/02 17:04:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\codeblocks
    [2010/11/18 20:26:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\CPad
    [2010/01/02 15:58:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DataCast
    [2010/08/17 19:43:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\dvdcss
    [2009/12/20 20:13:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EPSON
    [2009/10/04 12:16:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FileZilla
    [2008/10/27 15:57:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Hewlett-Packard
    [2008/10/27 16:04:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HPQLOG
    [2010/02/26 23:43:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HpUpdate
    [2008/10/27 16:04:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Identities
    [2008/10/27 15:48:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\InstallShield
    [2008/10/27 17:46:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\InterVideo
    [2010/09/27 19:11:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LANGMasterTfl
    [2008/10/27 15:57:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Macromedia
    [2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Media Center Programs
    [2010/11/06 16:53:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Micro Application
    [2009/09/28 23:12:26 | 000,000,000 | --SD | M] -- C:\Users\user\AppData\Roaming\Microsoft
    [2009/07/05 17:53:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla
    [2009/05/21 16:24:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nero
    [2009/08/06 18:03:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nokia
    [2009/08/06 18:03:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Suite
    [2009/05/13 12:34:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\RayV
    [2009/07/14 21:28:59 | 000,000,000 | RH-D | M] -- C:\Users\user\AppData\Roaming\SecuROM
    [2010/03/19 23:33:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Shareaza
    [2010/12/08 23:22:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Skype
    [2010/12/08 20:54:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\skypePM
    [2009/07/04 10:51:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Talkback
    [2009/06/13 11:14:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\temp
    [2011/01/06 16:10:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\vlc
    [2010/07/20 12:02:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
    [2010/11/14 15:03:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Windows Live Writer

    < %APPDATA%\*.exe /s >
    [2010/10/28 20:47:59 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\user\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    [2008/12/21 20:31:38 | 000,010,134 | R--- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
    [2008/12/21 20:31:38 | 000,008,854 | R--- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe
    [2008/12/21 20:31:38 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
    [2010/09/19 17:40:58 | 000,029,926 | R--- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
    [2010/11/06 16:23:02 | 000,010,134 | R--- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{C06EFB22-B5DB-46C5-9215-BCB5C19C0858}\ARPPRODUCTICON.exe
    [2010/11/06 16:23:02 | 000,053,248 | R--- | M] (Macrovision Corporation) -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{C06EFB22-B5DB-46C5-9215-BCB5C19C0858}\NewShortcut1_C06EFB22B5DB46C59215BCB5C19C0858.exe

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2008/05/08 10:14:38 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
    [2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
    [2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >
    [2008/05/14 01:36:18 | 000,108,752 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\SafeBoot.sys
    [2008/10/27 22:03:13 | 000,682,232 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 16 bytes -> C:\Users\user\Documents\Shareaza Downloads:Shareaza.GUID

    < End of report >
    m
    0
    l
    7 Janvier 2011 20:59:29

    Extras.txt :


    OTL Extras logfile created on: 07/01/2011 20:42:26 - Run 1
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\user\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
    6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 114,62 Gb Total Space | 12,75 Gb Free Space | 11,12% Space Free | Partition Type: NTFS
    Drive D: | 108,27 Gb Total Space | 16,52 Gb Free Space | 15,26% Space Free | Partition Type: NTFS
    Drive E: | 1021,00 Mb Total Space | 1018,75 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
    Drive F: | 9,00 Gb Total Space | 0,97 Gb Free Space | 10,83% Space Free | Partition Type: NTFS

    Computer Name: PC-DE-USER | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{26DA4FAF-0C77-4A32-8630-7952BCB1AA49}" = lport=137 | protocol=17 | dir=in | app=system |
    "{339F3814-FF53-41D4-B6D2-B5A873C96F36}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{3517FC0E-7A01-4686-82CB-84BF80595422}" = lport=138 | protocol=17 | dir=in | app=system |
    "{3E4C2D37-459A-4DA0-9887-C21B4ECDE76D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{4D5D51B4-3B6D-4406-8EC2-1522BCD2DFD4}" = rport=138 | protocol=17 | dir=out | app=system |
    "{747E31A8-3E15-4B80-8B91-FE87FC172CA4}" = rport=137 | protocol=17 | dir=out | app=system |
    "{84481695-0084-4876-9EC4-09033FBB8639}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{8CF4631B-DFB8-4CEF-A934-5E377729FF30}" = rport=139 | protocol=6 | dir=out | app=system |
    "{8F8001CC-4AD6-497E-9F25-A62D171F85B7}" = lport=445 | protocol=6 | dir=in | app=system |
    "{B80EB439-8C7B-4BFC-A4DF-3CECFFB7587F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{C04C75F0-DA84-41F7-836F-F3343BA1BA6B}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{CC131ADB-4F66-4BB6-A1CF-F024A1F9D7CE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{E5DF6B87-FE93-4D6C-859E-0994573B82E5}" = rport=445 | protocol=6 | dir=out | app=system |
    "{EB5FE36D-4A9B-447A-A265-0AC4DE5348E2}" = lport=139 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{14289465-4824-463B-8733-8AC869B7BA0B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{1FD973C6-EFC3-43B6-A3FD-1F39022C6F5D}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
    "{22A2EA0A-2CD4-4652-A888-030E33257304}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{243A843C-368F-4454-A733-49711328E3F1}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
    "{2B852E98-B649-4412-9599-A49EA5826D55}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
    "{322FB7BE-41CE-4933-85E6-03680E1AF47E}" = protocol=17 | dir=in | app=c:\program files\adsltv\adsltv.exe |
    "{412E12DE-235A-4229-801E-E26A2A3DCB80}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
    "{4FDBF2D7-5641-450D-8DF8-52DB136E890A}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
    "{50A903D6-ABC5-4025-9527-2E883F35AA8A}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
    "{565A0D6D-2596-497B-A261-FA61DDA04C69}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
    "{590CA0F2-E910-4B67-9894-B2F2DC587C83}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe |
    "{628F290B-0E58-494C-88B2-128530AAF11C}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
    "{838DCCCA-3F7B-4C68-A4F8-212B410264EC}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe |
    "{87499CCA-7710-4CA6-94CA-5166E33FB1F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{891DE321-3D45-4537-8AAB-6825FE4FD798}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{AA4BA550-0F2B-42EA-9F9C-AAB41E8D1338}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
    "{B5ADF597-907C-4EC4-85E7-412B5BE07CBC}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe |
    "{B6EB5618-721C-439F-84ED-8855943BF0BB}" = protocol=6 | dir=in | app=c:\program files\adsltv\adsltv.exe |
    "{BB3FD6BA-49CF-4C8C-B091-BBB680163B41}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe |
    "{BCF2F237-F4A9-4F25-96F3-0CF19D0F054B}" = protocol=17 | dir=in | app=c:\program files\adsltv\vlc\vlc.exe |
    "{BDA8E081-02D3-4EB0-9BEB-5BE254F9F097}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{DB73CB3A-5DAE-4C3B-80C0-E1561B021CBD}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
    "{E067D68A-C528-4A78-B03E-3077C9BB5EBC}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
    "{E9E3F158-EF9B-424E-81E3-5927CBB445CE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{FA83FABA-2618-4223-942A-A95055E5024C}" = protocol=6 | dir=in | app=c:\program files\adsltv\vlc\vlc.exe |
    "{FDFBF598-E502-4FC2-B2F4-BD5C51863F5B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "TCP Query User{00FD86CA-7B0C-469E-AAD4-EA855BAAAFD0}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
    "TCP Query User{26F21180-0F66-43C0-8CD9-A7A4A6AEF335}L:\adober.exe" = protocol=6 | dir=in | app=l:\adober.exe |
    "TCP Query User{2C96B423-06F7-4047-892B-3F6ABB730AEA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{33C8FF7B-FABB-4A06-AC50-B54EDE82D21A}C:\program files\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |
    "TCP Query User{51A84A0E-32F1-43A7-BE9B-4C08AFA68A12}H:\adober.exe" = protocol=6 | dir=in | app=h:\adober.exe |
    "TCP Query User{C30F857B-41E2-444B-92DA-A2F48C1605B0}M:\adober.exe" = protocol=6 | dir=in | app=m:\adober.exe |
    "TCP Query User{D262A87D-C428-4296-ABED-ED1423171225}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
    "TCP Query User{DC6D2114-EBD8-4097-94E7-EBD66581D1BC}N:\adober.exe" = protocol=6 | dir=in | app=n:\adober.exe |
    "UDP Query User{236A7D77-3876-4297-9D9A-3E985A91A89E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{57D46851-19B1-47E9-96D4-2ABA1D2B8C51}C:\program files\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |
    "UDP Query User{6F155025-4B83-4009-B37A-950E486DB1B4}H:\adober.exe" = protocol=17 | dir=in | app=h:\adober.exe |
    "UDP Query User{9185493D-0AF5-4E5C-9A29-C0D9AACF9999}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
    "UDP Query User{A3A91E36-E58A-4A8D-8CB1-1C705DC5466B}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
    "UDP Query User{A86EFE5A-7ADE-4DAF-8C17-5705118B4454}L:\adober.exe" = protocol=17 | dir=in | app=l:\adober.exe |
    "UDP Query User{B7410B8F-C2D2-478D-BD73-BD72F70B08B5}N:\adober.exe" = protocol=17 | dir=in | app=n:\adober.exe |
    "UDP Query User{D460189D-5372-4578-8D45-8E761FE64B88}M:\adober.exe" = protocol=17 | dir=in | app=m:\adober.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{06CB77AB-CDE1-EF6B-175D-85FA59C7F0EE}" = Catalyst Control Center Core Implementation
    "{07D78C7B-2AA8-5C02-4238-EE3F39279221}" = Catalyst Control Center Localization Thai
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
    "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
    "{0AF9C2B7-2E98-8D77-3892-F8512305C6CE}" = CCC Help Turkish
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
    "{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
    "{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
    "{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder
    "{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
    "{164280AB-98C2-FD02-EC0B-5DFBB98E89C1}" = Catalyst Control Center Localization Chinese Standard
    "{173317B8-D99E-F58E-CAAE-924D8F26C435}" = CCC Help Czech
    "{1779522E-BFC6-738C-E97E-39405E196FA6}" = Catalyst Control Center Localization Spanish
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{1DB44CB7-D68E-9F09-D656-0FBC7D4D9C00}" = Catalyst Control Center Localization Norwegian
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FD3DF19-EF58-2A29-222B-A4B6E237D3DD}" = Catalyst Control Center Graphics Previews Vista
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}" = Vista Default Settings
    "{2086797F-A4BA-4CD3-8104-09B8D39DA5D8}" = HP JavaCard for HP ProtectTools
    "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 22
    "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
    "{2EC294E6-2E8C-23A7-C174-4E59532B0E06}" = Catalyst Control Center Localization Korean
    "{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
    "{30BF4E6C-D866-46F7-A4F6-81A45E97706E}" = Catalyst Control Center - Branding
    "{311BF3BF-6AAB-7859-1E5A-EB46644A6011}" = CCC Help French
    "{32063923-8066-18D5-BF07-2B692547AEF5}" = CCC Help Korean
    "{323C15C3-6DE1-05E6-B202-6F1D90BB1B06}" = Catalyst Control Center Localization Turkish
    "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
    "{3848DCD1-E356-ACB9-93AF-FB93485E1598}" = CCC Help Thai
    "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
    "{3A2AF807-9F9F-43C9-A24A-17B617238B74}" = OpenOffice.org Installer 1.0
    "{3A76F96A-637B-9A0E-F65B-AE595A49DEDA}" = ccc-core-static
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
    "{3FCFB6B6-B5DE-C5B8-825F-5998C220C24E}" = Catalyst Control Center Localization Russian
    "{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
    "{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
    "{4399857A-1F62-C75E-6CFE-C3DE5AD1E50A}" = Winamax Poker
    "{45BA0F82-FC61-828B-A188-49A24B7B39F4}" = Catalyst Control Center Localization Swedish
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4ADB08ED-A385-21BA-3511-00EB170C9CCA}" = Catalyst Control Center Localization Greek
    "{4C203E35-B5C7-4E35-9834-619668C0FFEE}" = HP 3D DriveGuard
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{500CAC18-1509-AC6C-3E91-A437F9457D5E}" = CCC Help Japanese
    "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
    "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5B5494F7-FD30-AFAB-ACD5-345F26B6AAF4}" = Catalyst Control Center Graphics Full Existing
    "{5BF2EC0B-2A01-DDEA-5645-E700BCE9CDA6}" = CCC Help Spanish
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5EF644FA-3703-3253-7372-AE46FD862588}" = ccc-utility
    "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{63BABF5E-B142-02F9-85E1-F0A1DBEC6D5D}" = Catalyst Control Center Localization Chinese Traditional
    "{647ED1EC-1D53-9886-B5A1-234CE9D7BE3F}" = Catalyst Control Center Localization Danish
    "{64F561F5-17B7-0721-8D08-78777BB91382}" = CCC Help Italian
    "{65E63D8F-F763-940E-38FA-1A6B2C30ADB2}" = Catalyst Control Center Graphics Light
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B4591DF-C531-255E-BDE6-25226A5AE115}" = Skins
    "{6C4592F5-A803-1740-A708-84F3578DC083}" = Catalyst Control Center Localization German
    "{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pilote vidéo Pinnacle
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6DF8EB4D-F5E5-369C-38B2-4F7CD0F02AC3}" = Catalyst Control Center Localization Italian
    "{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
    "{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
    "{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
    "{8BEA3254-8719-4815-9312-69AF21B8D779}" = CCC Help Chinese Traditional
    "{8BF85A3B-C2EE-2A32-DF54-B565062FBEC9}" = Catalyst Control Center Localization Japanese
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{8DD39028-8B90-88D8-781A-AB82A9AE6662}" = CCC Help English
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
    "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
    "{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
    "{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
    "{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
    "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
    "{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
    "{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
    "{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
    "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
    "{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
    "{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
    "{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
    "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
    "{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
    "{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
    "{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
    "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
    "{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
    "{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
    "{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
    "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
    "{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
    "{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
    "{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
    "{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
    "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
    "{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
    "{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
    "{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
    "{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
    "{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
    "{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{9028040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional avec FrontPage
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91B26C13-34A4-36FA-E1F0-22664915EED1}" = Catalyst Control Center Localization Dutch
    "{926F4D5F-C8FC-4FB7-8E09-BCB8A997D1C7}" = HP ProtectTools Security Manager
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{968933D6-A9FC-891C-6292-F7E68DB2C7EA}" = CCC Help Finnish
    "{96DB55D1-E21F-126C-1ADD-35EAAC852C7C}" = Catalyst Control Center Localization Finnish
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{988B865E-CC06-7B3D-FBC0-52093DB75C9A}" = CCC Help Dutch
    "{997F39AA-6CDC-2E23-F9C3-D59AACABAB8F}" = Catalyst Control Center Localization French
    "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DBD8BEE-B3EC-4D82-A81C-0F6250176DCC}" = Drive Encryption for HP ProtectTools
    "{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A1410161-F615-4B91-A019-FA33833EF00D}" = BIOS Configuration for HP ProtectTools
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
    "{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
    "{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
    "{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.1 - Français
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B0704448-6681-607E-D97F-A148C2E2F763}" = CCC Help Danish
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
    "{BABEDC2E-5718-1D6D-9E76-93C7EC76BBC4}" = CCC Help Greek
    "{BC1DC565-8B34-4B29-9DB2-BF281C2FB56E}" = ESU for Microsoft Vista SP1
    "{BD5DE09E-3C1C-1DCE-E98D-7B7BBDBE15AD}" = CCC Help Portuguese
    "{BFCBCC48-9027-17B7-BD08-5214898494CC}" = CCC Help German
    "{C06EFB22-B5DB-46C5-9215-BCB5C19C0858}" = LauncherMA
    "{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
    "{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
    "{C3036710-8564-ECEA-0E19-1B7880111167}" = CCC Help Swedish
    "{C7D03B2F-5B3A-A6D8-1C6C-AFCA02DDD3EC}" = Catalyst Control Center Localization Czech
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{C8A33E2B-5DDB-BF2E-24A9-95DFA1CDF56D}" = Catalyst Control Center Localization Polish
    "{CA144572-CEAD-5A14-A338-D28B35D9C7FF}" = Catalyst Control Center Localization Hungarian
    "{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 1.0
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE3020D2-1742-19F4-EFB4-4D76097C81D0}" = Catalyst Control Center Localization Portuguese
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF755AAE-7801-359C-E9D3-FE8572F8C760}" = Catalyst Control Center Graphics Full New
    "{d08d9f98-1c78-4704-87e6-368b0023d831}" = RelevantKnowledge
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DC04644B-C7B3-AF77-610C-7F0AF59AC44D}" = ATI Catalyst Install Manager
    "{DE80F89F-6132-42A9-1A47-542F6C60E1A2}" = CCC Help Russian
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E979B690-80A7-8E8B-1281-C68DBEDDB491}" = CCC Help Norwegian
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
    "{F23DFEB2-A5D1-3B97-FBF3-30DC859411C0}" = CCC Help Hungarian
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
    "{FBE38124-B7F0-3EEE-98C5-D8C3AE353FF5}" = CCC Help Chinese Standard
    "{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety
    "{FD9FAE60-2BF1-C877-9843-AABA9DA06A2B}" = CCC Help Polish
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "Audacity_is1" = Audacity 1.2.6
    "DVD Shrink_is1" = DVD Shrink 3.2
    "EPSON Scanner" = EPSON Scan
    "EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall
    "EPSON Stylus SX200_SX400_TX200_TX400 Guide d'utilisation" = EPSON Stylus SX200_SX400_TX200_TX400 Manuel
    "ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
    "FormatFactory" = FormatFactory 2.50
    "FoxTarot" = FoxTarot
    "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.6.2
    "Free Video Dub_is1" = Free Video Dub version 1.8
    "Google Chrome" = Google Chrome
    "HijackThis" = HijackThis 2.0.2
    "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
    "InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
    "McAfee Managed Firewall" = McAfee Firewall Protection Service
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "MVS" = McAfee Virus and Spyware Protection Service
    "MyFreeCodec" = MyFreeCodec
    "PDF Complete" = PDF Complete
    "PROHYBRIDR" = 2007 Microsoft Office system
    "Quick Zip_is1" = Quick Zip 4.60.019
    "Shareaza_is1" = Shareaza 2.5.3.0
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Uninstall_is1" = Uninstall 1.0.0.1
    "VLC media player" = VLC media player 1.1.3
    "wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1" = Winamax Poker
    "WinamaxPoker" = Winamax Poker (remove only)
    "WinLiveSuite" = Windows Live

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/12/2009 11:31:02 | Computer Name = PC-de-user | Source = WinMgmt | ID = 10
    Description =

    Error - 11/12/2009 11:51:21 | Computer Name = PC-de-user | Source = EventSystem | ID = 4621
    Description =

    Error - 11/12/2009 11:54:08 | Computer Name = PC-de-user | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 11/12/2009 11:54:09 | Computer Name = PC-de-user | Source = WinMgmt | ID = 10
    Description =

    Error - 12/12/2009 10:11:59 | Computer Name = PC-de-user | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 12/12/2009 10:12:21 | Computer Name = PC-de-user | Source = WinMgmt | ID = 10
    Description =

    Error - 12/12/2009 10:47:30 | Computer Name = PC-de-user | Source = WinMgmt | ID = 10
    Description =

    Error - 12/12/2009 19:25:29 | Computer Name = PC-de-user | Source = EventSystem | ID = 4621
    Description =

    Error - 13/12/2009 06:44:49 | Computer Name = PC-de-user | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 13/12/2009 06:45:09 | Computer Name = PC-de-user | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 05/01/2011 10:16:33 | Computer Name = PC-de-user | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
    Description =

    Error - 06/01/2011 03:51:15 | Computer Name = PC-de-user | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
    Description =

    Error - 06/01/2011 03:51:28 | Computer Name = PC-de-user | Source = Service Control Manager | ID = 7000
    Description =

    Error - 06/01/2011 03:51:28 | Computer Name = PC-de-user | Source = Service Control Manager | ID = 7000
    Description =

    Error - 06/01/2011 10:31:51 | Computer Name = PC-de-user | Source = Service Control Manager | ID = 7000
    Description =

    Error - 06/01/2011 10:31:51 | Computer Name = PC-de-user | Source = Service Control Manager | ID = 7000
    Description =

    Error - 06/01/2011 10:33:29 | Computer Name = PC-de-user | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
    Description =

    Error - 07/01/2011 13:10:36 | Computer Name = PC-de-user | Source = Service Control Manager | ID = 7000
    Description =

    Error - 07/01/2011 13:10:36 | Computer Name = PC-de-user | Source = Service Control Manager | ID = 7000
    Description =

    Error - 07/01/2011 13:10:58 | Computer Name = PC-de-user | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
    Description =


    < End of report >
    m
    0
    l

    Meilleure solution

    a c 627 8 Sécurité
    7 Janvier 2011 22:11:01

    Re,

    Oui, cijoint à des souci de serveur ces derniers temps, tu as bien fait.

    Infection via support amovible, et d'autres fioritures ...
    On y va :

    Préambule à toute désinfection :

    La désinfection demande l'utilisation d'outils et de procédures plus ou moins complexes, sensibles et potentiellement dangereux.
    Nous nous efforçons donc de traduire cela le plus clairement possible, néanmoins, il convient de respecter quelques conseils pour son bon déroulement :

  • Le PC infecté doit être utilisé le moins possible, mis à part pour les procédures et communiquer sur le forum.
  • Lis toujours l'intégralité des procédures avant de les entamer, ou sauvegarde-les (impression/ fichier texte).
    (En effet certaines circonstances pourraient t'empêcher de poursuivre la lecture, redémarrage de pc par exemple)
  • Réalise entièrement, précisément et dans l'ordre donné, les procédures demandées, sans cela tu risques de créer plus de problèmes que tu n'en résoudrais. Ne tente rien par toi-même sans nous en faire part avant !
  • N'hésite pas à poser toute question avant d'entamer les procédures, et rapporte immédiatement les problèmes rencontrés lors de celles-ci.


    Enfin, sache que la désinfection n'est terminée que lorsque la personne qui t'a pris en main te le dit.
    La disparition des symptômes ne signifie pas obligatoirement la disparition de l'infection !

    De plus, malgré nos précautions, un plantage du PC est toujours possible, pense à sauvegarder le maximum possible tes documents auparavant !


    1) Désinstalle les programmes suivant (si présent) :

    - Java(TM) 6 Update 6
    - Java(TM) 6 Update 7
    - RelevantKnowledge (Adware)


    2) Relance OTL.exe
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

  • Copie/colle ce qui suit dans le cadre Personnalisation en bas à gauche.
    :OTL
    PRC - [2009/12/22 00:29:56 | 000,049,792 | ---- | M] (TMRG, Inc.) -- C:\Program Files\RelevantKnowledge\rlservice.exe
    PRC - [2009/12/22 00:29:54 | 001,815,168 | ---- | M] (TMRG, Inc.) -- c:\program files\relevantknowledge\rlvknlg.exe
    SRV - [2009/12/22 00:29:56 | 000,049,792 | ---- | M] (TMRG, Inc.) [Auto | Running] -- C:\Program Files\RelevantKnowledge\rlservice.exe -- (RelevantKnowledge)
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
    [2010/10/10 20:54:21 | 000,000,873 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\eq8di6ix.default\searchplugins\conduit.xml
    O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lanceur.lnk = C:\Program Files\Micro Application\LauncherMA.exe File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Java Plug-in 1.6.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Java Plug-in 1.6.0_07)
    O33 - MountPoints2\{07302c08-a520-11dd-90eb-002264490ac0}\Shell\Auto\command - "" = M:\AdobeR.exe -- File not found
    O33 - MountPoints2\{af567b8d-1ae3-11de-a805-002264490ac0}\Shell\Auto\command - "" = N:\AdobeR.exe -- File not found
    O33 - MountPoints2\{b7f50ca2-0942-11e0-8fd5-002264490ac0}\Shell\AutoRun\command - "" = explorer .
    O33 - MountPoints2\{c013ad3f-b53c-11df-ba7a-002264490ac0}\Shell\Auto\command - "" = L:\AdobeR.exe -- File not found
    O33 - MountPoints2\{c8637e3f-acff-11dd-8539-002264490ac0}\Shell\Auto\command - "" = H:\AdobeR.exe -- File not found
    O33 - MountPoints2\{febfe08e-aa4a-11dd-b092-002264490ac0}\Shell\Auto\command - "" = L:\AdobeR.exe -- File not found
    [2010/12/29 22:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{4FDBF2D7-5641-450D-8DF8-52DB136E890A}"=-
    "{50A903D6-ABC5-4025-9527-2E883F35AA8A}"=-
    "{565A0D6D-2596-497B-A261-FA61DDA04C69}"=-
    "{628F290B-0E58-494C-88B2-128530AAF11C}"=-
    "TCP Query User{26F21180-0F66-43C0-8CD9-A7A4A6AEF335}L:\adober.exe"=-
    "TCP Query User{51A84A0E-32F1-43A7-BE9B-4C08AFA68A12}H:\adober.exe"=-
    "TCP Query User{C30F857B-41E2-444B-92DA-A2F48C1605B0}M:\adober.exe"=-
    "TCP Query User{DC6D2114-EBD8-4097-94E7-EBD66581D1BC}N:\adober.exe"=-
    "UDP Query User{6F155025-4B83-4009-B37A-950E486DB1B4}H:\adober.exe"=-
    "UDP Query User{A86EFE5A-7ADE-4DAF-8C17-5705118B4454}L:\adober.exe"=-
    "UDP Query User{B7410B8F-C2D2-478D-BD73-BD72F70B08B5}N:\adober.exe"=-
    "UDP Query User{D460189D-5372-4578-8D45-8E761FE64B88}M:\adober.exe"=-


    :Files
    c:\program files\relevantknowledge
    adober.exe /s /alldrives

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [CREATERESTOREPOINT]


  • Puis clique sur le bouton Correction en haut à gauche
  • Si le pc demande à redémarrer accepte.
  • Poste le rapport de suppression.



    3) Télécharge UsbFix (de El Desaparecido et C_XX) sur ton Bureau.

    /!\ Déconnecte-toi et ferme toutes les applications en cours /!\
    /!\ Branche tous tes périphériques ayant pu être infectés (clés usb, disque dur externe, etc ...) /!\


  • Double-clique sur "UsbFix" pour lancer le programme
    (Utilisateur de Vista/Windows 7, clique-droit sur UsbFix > Exécuter en tant qu'administrateur)
  • Clique sur "Recherche" pour lancer le scan. Branche tes périphériques si ce n'est pas fait, puis valide l'avertissement.
  • Laisse travailler l'outil.
  • A la fin, un rapport apparaitra (sinon, il est situé ici C:\Usbfix.txt). Poste-le dans ta prochaine réponse

    Une aide à l'utilisation ici

    [:_tom_:7]
    partage
    8 Janvier 2011 12:54:51

    Bonjour

    Je vais avoir un petit problème pour faire tout cela tout de suite. J'habite à Paris mais je fais mes études à Grenoble, et tous mes disques durs externes etc... sont à Paris.
    Je le ferais quand je rentrerai chez moi dans une semaine 1/2.

    Je te recontacterai à ce moment là.

    Merci de ton aide et à bientôt !
    m
    0
    l
    a c 627 8 Sécurité
    8 Janvier 2011 14:10:45

    Re,

    Tu peux commencer la manoeuvre sur le pc, mais il faudra absolument traité tout les support amovible qui auront pu être infecté ensuite.

    Bref, c'est comme tu veux.

    [:_tom_:7]
    m
    0
    l
    19 Janvier 2011 21:40:38

    Bonsoir

    Je suis maintenant prêt à suivre tes instructions !

    Comme tu m'as invité à le faire, je vais juste te poser une petite question : je n'avais pas d'autres choix que de continuer à utiliser mon ordi depuis une semaine. Donc je voulais savoir si je continue à faire exactement ce que tu m'as dit de faire.

    Voici mes nouveaux otl.txt et extras.txt
    m
    0
    l
    19 Janvier 2011 22:25:17

    Alors j'ai un petit problème : il n'y a plus qu'un otl.txt qui s'ouvre, plus d'extras...

    Le voici :

    OTL logfile created on: 19/01/2011 22:16:34 - Run 5
    OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\user\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 50,00% Memory free
    6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 114,62 Gb Total Space | 13,75 Gb Free Space | 12,00% Space Free | Partition Type: NTFS
    Drive D: | 108,27 Gb Total Space | 13,33 Gb Free Space | 12,32% Space Free | Partition Type: NTFS
    Drive E: | 1021,00 Mb Total Space | 1018,75 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
    Drive F: | 9,00 Gb Total Space | 0,97 Gb Free Space | 10,83% Space Free | Partition Type: NTFS

    Computer Name: PC-DE-USER | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/19 22:15:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
    PRC - [2009/12/22 00:29:56 | 000,049,792 | ---- | M] (TMRG, Inc.) -- C:\Program Files\RelevantKnowledge\rlservice.exe
    PRC - [2009/12/22 00:29:54 | 001,815,168 | ---- | M] (TMRG, Inc.) -- c:\program files\relevantknowledge\rlvknlg.exe
    PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/05/21 01:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
    PRC - [2008/05/14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
    PRC - [2008/05/14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    PRC - [2008/05/12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
    PRC - [2008/05/08 01:34:10 | 000,238,984 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
    PRC - [2008/05/05 11:34:00 | 000,202,048 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
    PRC - [2008/05/05 11:33:54 | 000,271,680 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
    PRC - [2008/05/02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
    PRC - [2008/05/02 21:17:02 | 010,244,096 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
    PRC - [2008/04/29 00:18:04 | 000,013,632 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~1\McAfee\MANAGE~1\VScan\ENGINE~1.EXE
    PRC - [2008/04/18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    PRC - [2008/04/18 14:53:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2008/04/04 16:10:24 | 001,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
    PRC - [2008/03/31 22:41:22 | 000,091,440 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
    PRC - [2008/01/21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2007/12/11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
    PRC - [2007/10/19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
    PRC - [2007/05/23 23:30:32 | 000,841,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
    PRC - [2007/05/16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe
    PRC - [2007/05/16 00:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe
    PRC - [2007/05/16 00:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    PRC - [2007/04/03 23:29:15 | 000,165,784 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
    PRC - [2007/02/20 10:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    PRC - [2007/02/13 20:09:12 | 000,540,776 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/19 22:15:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
    MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    MOD - [2008/05/21 01:42:30 | 000,081,680 | ---- | M] (Bioscrypt Inc.) -- C:\Windows\System32\APSHook.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
    SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
    SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/22 00:29:56 | 000,049,792 | ---- | M] (TMRG, Inc.) [Auto | Running] -- C:\Program Files\RelevantKnowledge\rlservice.exe -- (RelevantKnowledge)
    SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2008/05/21 01:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
    SRV - [2008/05/21 01:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll -- (ASChannel)
    SRV - [2008/05/14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
    SRV - [2008/05/14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
    SRV - [2008/05/12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
    SRV - [2008/05/05 11:34:00 | 000,202,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc)
    SRV - [2008/05/02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
    SRV - [2008/04/29 00:21:28 | 000,144,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe -- (McShield)
    SRV - [2008/04/29 00:18:04 | 000,013,632 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\PROGRA~1\McAfee\MANAGE~1\VScan\ENGINE~1.EXE -- (EngineServer)
    SRV - [2008/04/18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
    SRV - [2008/04/08 13:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
    SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV - [2007/12/11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2007/10/19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
    SRV - [2007/05/23 23:30:32 | 000,841,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
    SRV - [2007/05/16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
    SRV - [2007/02/13 20:09:12 | 000,540,776 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe -- (McAfee HackerWatch Service)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/09/23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
    DRV - [2008/10/27 22:03:13 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2008/05/14 01:36:26 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
    DRV - [2008/05/14 01:36:22 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
    DRV - [2008/05/14 01:36:20 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
    DRV - [2008/05/14 01:36:18 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
    DRV - [2008/05/08 13:01:44 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2008/04/29 00:25:00 | 000,055,112 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
    DRV - [2008/04/29 00:23:22 | 000,034,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MfeRKDK.sys -- (MfeRKDK)
    DRV - [2008/04/29 00:22:44 | 000,205,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2008/04/29 00:22:18 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MfeBOPK.sys -- (MfeBOPK)
    DRV - [2008/04/29 00:22:10 | 000,079,560 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MfeAVFK.sys -- (MfeAVFK)
    DRV - [2008/04/28 07:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Pilote de carte Intel(R)
    DRV - [2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastor.sys -- (iaStor)
    DRV - [2008/04/14 22:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
    DRV - [2008/04/11 15:38:44 | 000,382,464 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
    DRV - [2008/04/10 17:27:34 | 001,804,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
    DRV - [2008/04/07 19:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
    DRV - [2008/04/07 19:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
    DRV - [2008/03/27 20:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2008/02/29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008/01/21 03:23:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
    DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008/01/21 03:23:20 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2008/01/17 22:28:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
    DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2007/03/02 22:17:34 | 000,120,360 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
    DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2005/09/23 21:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lequipe.fr/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT226905...{searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "Search"
    FF - prefs.js..browser.startup.homepage: "http://www.lequipe.fr/"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT226905..."

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/22 22:02:45 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/11 20:01:29 | 000,000,000 | ---D | M]

    [2009/07/05 17:53:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
    [2011/01/14 20:03:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\eq8di6ix.default\extensions
    [2010/04/29 18:16:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\eq8di6ix.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/10/10 16:35:05 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\eq8di6ix.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
    [2010/10/10 20:54:21 | 000,000,873 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\eq8di6ix.default\searchplugins\conduit.xml
    [2010/11/11 13:35:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
    [2010/06/18 19:36:57 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/05/09 18:10:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/09 01:04:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/11 13:35:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2009/07/05 17:53:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
    [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2010/03/12 19:05:13 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
    [2010/03/12 19:05:13 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2010/03/12 19:05:13 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
    [2009/07/05 17:53:35 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
    [2010/03/12 19:05:13 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
    [2010/03/24 16:52:55 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
    O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
    O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
    O2 - BHO: (IEHlprObj Class) - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - C:\windows\System32\LineAudio.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
    O4 - HKLM..\Run: [CognizanceTS] File not found
    O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [McAfee Managed Services Tray] C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe (McAfee, Inc.)
    O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [Nokia FastStart] File not found
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
    O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
    O4 - HKLM..\Run: [WatchDog] File not found
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
    O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lanceur.lnk = File not found
    O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
    O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-wind... (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-wind... (Java Plug-in 1.6.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-wind... (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-wind... (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-wind... (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.0.295.dll (McAfee, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Fond d'écran.bmp
    O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Fond d'écran.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{07302c08-a520-11dd-90eb-002264490ac0}\Shell\Auto\command - "" = M:\AdobeR.exe e
    O33 - MountPoints2\{35c6e331-ce87-11dd-8ca1-002264490ac0}\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
    O33 - MountPoints2\{af567b8d-1ae3-11de-a805-002264490ac0}\Shell\Auto\command - "" = N:\AdobeR.exe e
    O33 - MountPoints2\{b7f50ca2-0942-11e0-8fd5-002264490ac0}\Shell\AutoRun\command - "" = explorer .
    O33 - MountPoints2\{b7f50ca2-0942-11e0-8fd5-002264490ac0}\Shell\mobile\command - "" = M:\MobileLaunch.exe
    O33 - MountPoints2\{c013ad3f-b53c-11df-ba7a-002264490ac0}\Shell\Auto\command - "" = L:\AdobeR.exe e
    O33 - MountPoints2\{c8637e3f-acff-11dd-8539-002264490ac0}\Shell\Auto\command - "" = H:\AdobeR.exe e
    O33 - MountPoints2\{febfe08e-aa4a-11dd-b092-002264490ac0}\Shell\Auto\command - "" = L:\AdobeR.exe e
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
    O33 - MountPoints2\I\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
    O33 - MountPoints2\L\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
    O33 - MountPoints2\M\Shell\AutoRun\command - "" = explorer .
    O33 - MountPoints2\M\Shell\mobile\command - "" = M:\MobileLaunch.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found


    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\windows\System32\ff_vfw.dll ()
    Drivers32: vidc.mjpg - pvmjpg30.dll File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/19 22:15:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
    [2011/01/15 15:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Winamax Poker
    [2011/01/12 17:03:14 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbc32.dll
    [2011/01/12 17:03:06 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdclt.exe
    [2011/01/11 19:59:51 | 000,000,000 | ---D | C] -- C:\windows\System32\Adobe
    [2011/01/07 00:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011/01/07 00:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
    [2010/12/29 22:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
    [2008/10/27 15:54:37 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
    [2008/10/27 15:54:36 | 000,176,128 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/01/19 22:15:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
    [2011/01/19 21:47:06 | 000,001,050 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/19 20:47:00 | 000,001,046 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/19 20:41:44 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/01/19 20:41:44 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/01/19 16:48:19 | 000,738,098 | ---- | M] () -- C:\windows\System32\perfh00C.dat
    [2011/01/19 16:48:19 | 000,636,760 | ---- | M] () -- C:\windows\System32\perfh009.dat
    [2011/01/19 16:48:19 | 000,151,694 | ---- | M] () -- C:\windows\System32\perfc00C.dat
    [2011/01/19 16:48:19 | 000,122,132 | ---- | M] () -- C:\windows\System32\perfc009.dat
    [2011/01/19 16:41:00 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2011/01/19 14:44:31 | 000,010,253 | ---- | M] () -- C:\windows\System32\Config.MPF
    [2011/01/19 00:17:13 | 000,024,576 | ---- | M] () -- C:\Users\user\Desktop\Liste Paris-Grenoble.doc
    [2011/01/17 16:23:56 | 000,018,944 | ---- | M] () -- C:\Users\user\Desktop\comptes grenoble.xls
    [2011/01/17 08:05:57 | 000,225,280 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/01/16 20:41:41 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
    [2011/01/15 22:40:40 | 000,002,401 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
    [2011/01/07 00:15:29 | 000,001,874 | ---- | M] () -- C:\Users\user\Desktop\HijackThis.lnk
    [2010/12/28 16:55:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\odbc32.dll

    ========== Files Created - No Company Name ==========

    [2011/01/07 00:15:29 | 000,001,874 | ---- | C] () -- C:\Users\user\Desktop\HijackThis.lnk
    [2010/11/12 23:10:22 | 000,085,504 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
    [2010/10/13 19:50:15 | 000,000,000 | ---- | C] () -- C:\windows\SMMVSplitter.INI
    [2010/07/17 15:59:18 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\FnF4.txt
    [2009/08/24 21:58:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/08/03 21:58:16 | 000,024,206 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
    [2009/06/19 12:35:01 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll
    [2009/05/21 16:05:01 | 000,000,039 | ---- | C] () -- C:\windows\Irremote.ini
    [2009/05/21 14:51:47 | 000,122,880 | ---- | C] () -- C:\windows\System32\LineAudio.dll
    [2009/03/21 12:20:05 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini
    [2009/03/21 12:09:19 | 000,000,025 | ---- | C] () -- C:\windows\CDE SX200DEFGIPS.ini
    [2008/11/16 14:08:28 | 000,005,885 | ---- | C] () -- C:\windows\UNWISE.INI
    [2008/11/12 17:10:03 | 000,002,781 | ---- | C] () -- C:\Users\user\AppData\Roaming\QuickZip45.ini
    [2008/10/28 16:06:02 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
    [2008/10/28 12:01:54 | 000,000,382 | ---- | C] () -- C:\windows\ODBC.INI
    [2008/10/27 22:03:13 | 000,682,232 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
    [2008/10/27 20:56:04 | 000,225,280 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/10/27 16:05:07 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\QSwitch.txt
    [2008/10/27 16:05:07 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\DSwitch.txt
    [2008/10/27 16:05:07 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\AtStart.txt
    [2008/10/27 15:54:37 | 001,804,160 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
    [2008/10/27 15:54:37 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
    [2008/10/27 15:54:36 | 000,028,160 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
    [2008/09/17 12:36:22 | 000,921,600 | ---- | C] () -- C:\windows\System32\vorbisenc.dll
    [2008/09/17 12:36:20 | 000,237,568 | ---- | C] () -- C:\windows\System32\OggDS.dll
    [2008/09/17 12:36:20 | 000,188,416 | ---- | C] () -- C:\windows\System32\vorbis.dll
    [2008/09/17 12:36:20 | 000,045,056 | ---- | C] () -- C:\windows\System32\Ogg.dll
    [2008/06/18 09:54:28 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
    [2008/05/14 01:36:18 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
    [2008/05/08 10:14:24 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll
    [2007/11/15 02:24:14 | 000,003,584 | ---- | C] () -- C:\windows\System32\wceprv.dll
    [2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\windows\System32\sysprepMCE.dll
    [2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
    [2006/03/09 10:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll
    [2005/04/03 23:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll
    [1998/05/07 04:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll

    ========== Custom Scans ==========



    < MD5 for: EXPLORER.EXE >
    [2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
    [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
    [2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
    [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
    [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
    [2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
    [2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
    [2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

    < MD5 for: WININIT.EXE >
    [2008/01/21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
    [2008/01/21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

    < MD5 for: WINLOGON.EXE >
    [2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
    [2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
    [2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

    < %SYSTEMDRIVE%\*.exe >

    < %ALLUSERSPROFILE%\Application Data\*. >

    < %ALLUSERSPROFILE%\Application Data\*.exe /s >

    < %APPDATA%\*. >
    [2010/07/29 18:41:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Adobe
    [2010/10/13 21:17:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Apple Computer
    [2008/10/27 16:05:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ATI
    [2010/09/17 18:01:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\avidemux
    [2010/12/02 17:04:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\codeblocks
    [2010/11/18 20:26:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\CPad
    [2010/01/02 15:58:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DataCast
    [2010/08/17 19:43:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\dvdcss
    [2009/12/20 20:13:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EPSON
    [2009/10/04 12:16:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FileZilla
    [2008/10/27 15:57:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Hewlett-Packard
    [2008/10/27 16:04:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HPQLOG
    [2010/02/26 23:43:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HpUpdate
    [2008/10/27 16:04:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Identities
    [2008/10/27 15:48:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\InstallShield
    [2008/10/27 17:46:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\InterVideo
    [2010/09/27 19:11:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LANGMasterTfl
    [2008/10/27 15:57:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Macromedia
    [2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Media Center Programs
    [2010/11/06 16:53:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Micro Application
    [2009/09/28 23:12:26 | 000,000,000 | --SD | M] -- C:\Users\user\AppData\Roaming\Microsoft
    [2009/07/05 17:53:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla
    [2009/05/21 16:24:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nero
    [2009/08/06 18:03:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nokia
    [2009/08/06 18:03:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Suite
    [2009/05/13 12:34:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\RayV
    [2009/07/14 21:28:59 | 000,000,000 | RH-D | M] -- C:\Users\user\AppData\Roaming\SecuROM
    [2010/03/19 23:33:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Shareaza
    [2011/01/15 22:41:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Skype
    [2011/01/15 22:40:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\skypePM
    [2009/07/04 10:51:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Talkback
    [2009/06/13 11:14:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\temp
    [2011/01/19 14:44:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\vlc
    [2010/07/20 12:02:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
    [2010/11/14 15:03:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Windows Live Writer

    < %APPDATA%\*.exe /s >
    [2010/10/28 20:47:59 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\user\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    [2008/12/21 20:31:38 | 000,010,134 | R--- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
    [2008/12/21 20:31:38 | 000,008,854 | R--- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe
    [2008/12/21 20:31:38 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
    [2010/09/19 17:40:58 | 000,029,926 | R--- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
    [2010/11/06 16:23:02 | 000,010,134 | R--- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{C06EFB22-B5DB-46C5-9215-BCB5C19C0858}\ARPPRODUCTICON.exe
    [2010/11/06 16:23:02 | 000,053,248 | R--- | M] (Macrovision Corporation) -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{C06EFB22-B5DB-46C5-9215-BCB5C19C0858}\NewShortcut1_C06EFB22B5DB46C59215BCB5C19C0858.exe

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2008/05/08 10:14:38 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
    [2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
    [2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >
    [2008/05/14 01:36:18 | 000,108,752 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\SafeBoot.sys
    [2008/10/27 22:03:13 | 000,682,232 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 16 bytes -> C:\Users\user\Documents\Shareaza Downloads:Shareaza.GUID

    < End of report >
    m
    0
    l
    a c 627 8 Sécurité
    20 Janvier 2011 21:20:49

    Re-bonsoir,

    Citation :
    Alors j'ai un petit problème : il n'y a plus qu'un otl.txt qui s'ouvre, plus d'extras...

    Normal le extra ne se créer qu'au premier passage, sauf si je le redemande ...


    Refais EXACTEMENT et entièrement ce qui est décrit ici :
    http://www.infos-du-net.com/forum/296793-11-envoi-mail-...
    m
    0
    l
    21 Janvier 2011 18:15:49

    Bonjour !

    Voila, j'ai suivi toutes tes instructions.

    Et voici mes 2 rapports
    m
    0
    l
    21 Janvier 2011 18:16:14

    Mon rapport OTL :

    All processes killed
    ========== OTL ==========
    No active process named rlservice.exe was found!
    No active process named rlvknlg.exe was found!
    Error: No service named RelevantKnowledge was found to stop!
    Service\Driver key RelevantKnowledge not found.
    File C:\Program Files\RelevantKnowledge\rlservice.exe not found.
    Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT226905...{searchTerms}" removed from browser.search.defaulturl
    Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT226905..." removed from keyword.URL
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\eq8di6ix.default\searchplugins\conduit.xml moved successfully.
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lanceur.lnk moved successfully.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07302c08-a520-11dd-90eb-002264490ac0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07302c08-a520-11dd-90eb-002264490ac0}\ not found.
    File M:\AdobeR.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af567b8d-1ae3-11de-a805-002264490ac0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af567b8d-1ae3-11de-a805-002264490ac0}\ not found.
    File N:\AdobeR.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7f50ca2-0942-11e0-8fd5-002264490ac0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7f50ca2-0942-11e0-8fd5-002264490ac0}\ not found.
    File explorer . not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c013ad3f-b53c-11df-ba7a-002264490ac0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c013ad3f-b53c-11df-ba7a-002264490ac0}\ not found.
    File L:\AdobeR.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8637e3f-acff-11dd-8539-002264490ac0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8637e3f-acff-11dd-8539-002264490ac0}\ not found.
    File H:\AdobeR.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{febfe08e-aa4a-11dd-b092-002264490ac0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{febfe08e-aa4a-11dd-b092-002264490ac0}\ not found.
    File L:\AdobeR.exe not found.
    Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\ not found.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4FDBF2D7-5641-450D-8DF8-52DB136E890A} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4FDBF2D7-5641-450D-8DF8-52DB136E890A}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{50A903D6-ABC5-4025-9527-2E883F35AA8A} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50A903D6-ABC5-4025-9527-2E883F35AA8A}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{565A0D6D-2596-497B-A261-FA61DDA04C69} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{565A0D6D-2596-497B-A261-FA61DDA04C69}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{628F290B-0E58-494C-88B2-128530AAF11C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{628F290B-0E58-494C-88B2-128530AAF11C}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{26F21180-0F66-43C0-8CD9-A7A4A6AEF335}L:\adober.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{51A84A0E-32F1-43A7-BE9B-4C08AFA68A12}H:\adober.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C30F857B-41E2-444B-92DA-A2F48C1605B0}M:\adober.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DC6D2114-EBD8-4097-94E7-EBD66581D1BC}N:\adober.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6F155025-4B83-4009-B37A-950E486DB1B4}H:\adober.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A86EFE5A-7ADE-4DAF-8C17-5705118B4454}L:\adober.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B7410B8F-C2D2-478D-BD73-BD72F70B08B5}N:\adober.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D460189D-5372-4578-8D45-8E761FE64B88}M:\adober.exe deleted successfully.
    ========== FILES ==========
    File\Folder c:\program files\relevantknowledge not found.
    adober.exe not found in C:\
    adober.exe not found in D:\
    adober.exe not found in E:\
    adober.exe not found in F:\
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56502 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: user
    ->Temp folder emptied: 6581218680 bytes
    ->Temporary Internet Files folder emptied: 192745695 bytes
    ->Java cache emptied: 52980051 bytes
    ->FireFox cache emptied: 64776014 bytes
    ->Google Chrome cache emptied: 6068772 bytes
    ->Flash cache emptied: 146434 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 101033886 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 32768 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 988934 bytes

    Total Files Cleaned = 6 676,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: user
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0,00 mb



    OTL by OldTimer - Version 3.2.20.2 log created on 01212011_171000

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
    m
    0
    l
    21 Janvier 2011 18:17:02

    Mon rapport USBfix :

    ############################## | UsbFix 7.038 | [Recherche]

    Utilisateur: user (Administrateur) # PC-DE-USER [Hewlett-Packard HP Compaq 6830s]
    Mis à jour le 14/01/2011 par El Desaparecido / C_XX
    Lancé à 18:10:57 | 21/01/2011
    Site Web: http://www.teamxscript.org
    Contact: eldesaparecido@teamxscript.org

    CPU: Intel(R) Core(TM)2 Duo CPU T5670 @ 1.80GHz
    CPU 2: Intel(R) Core(TM)2 Duo CPU T5670 @ 1.80GHz
    Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-Bit) # Service Pack 2
    Internet Explorer 8.0.6001.18999

    Pare-feu Windows: Activé
    Antivirus: Total Protection 4.9.0.295 [Enabled | (!) Outdated]
    Firewall: Total Protection 4.0 [(!) Disabled]
    RAM -> 3066 Mo
    C:\ (%systemdrive%) -> Disque fixe # 115 Go (19 Go libre(s) - 17%) [] # NTFS
    D:\ -> Disque fixe # 108 Go (13 Go libre(s) - 12%) [LUDO] # NTFS
    E:\ -> Disque fixe # 1021 Mo (1019 Mo libre(s) - 100%) [HP_TOOLS] # FAT32
    F:\ -> Disque fixe # 9 Go (998 Mo libre(s) - 11%) [HP_RECOVERY] # NTFS
    G:\ -> CD-ROM
    H:\ -> CD-ROM
    I:\ -> CD-ROM
    J:\ -> CD-ROM
    K:\ -> CD-ROM
    L:\ -> Disque amovible # 982 Mo (922 Mo libre(s) - 94%) [] # FAT32
    M:\ -> Disque fixe # 141 Go (28 Go libre(s) - 20%) [DD pb ] # NTFS
    N:\ -> Disque fixe # 466 Go (291 Go libre(s) - 63%) [My Book] # FAT32

    ################## | Éléments infectieux |


    Présent! L:\msvcr71.dll
    Présent! M:\AUTORUN.INF
    Présent! M:\adober.exe
    Présent! M:\msvcr71.dll
    Présent! N:\autorun.inf

    ################## | Registre |


    ################## | Mountpoints2 |

    HKCU\.\.\.\.\Explorer\MountPoints2\H
    Shell\AutoRun\Command = wd_windows_tools\WDSetup.exe

    HKCU\.\.\.\.\Explorer\MountPoints2\I
    Shell\AutoRun\Command = wd_windows_tools\WDSetup.exe

    HKCU\.\.\.\.\Explorer\MountPoints2\L
    Shell\AutoRun\Command = wd_windows_tools\WDSetup.exe

    HKCU\.\.\.\.\Explorer\MountPoints2\M
    Shell\AutoRun\Command = explorer .
    Shell\mobile\Command = M:\MobileLaunch.exe

    HKCU\.\.\.\.\Explorer\MountPoints2\N
    Shell\AutoRun\Command = wd_windows_tools\WDSetup.exe

    HKCU\.\.\.\.\Explorer\MountPoints2\{07302c08-a520-11dd-90eb-002264490ac0}
    Shell\Auto\Command = M:\AdobeR.exe e
    Shell\AutoRun\Command = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL M:\AdobeR.exe e

    HKCU\.\.\.\.\Explorer\MountPoints2\{35c6e331-ce87-11dd-8ca1-002264490ac0}
    Shell\AutoRun\Command = wd_windows_tools\WDSetup.exe


    ################## | Vaccin |

    M:\Autorun.inf -> Dossier créé par Panda USB Vaccine
    N:\Autorun.inf -> Dossier créé par Panda USB Vaccine

    ################## | E.O.F |
    m
    0
    l
    a c 627 8 Sécurité
    22 Janvier 2011 16:22:00

    Re,

    Ok, la suite :

    Relance USBFix

    /!\ Déconnecte-toi et ferme toutes les applications en cours /!\
    /!\ Branche tous tes périphériques ayant pu être infectés (clés usb, disque dur externe, etc ...) /!\


    note : Notamment ceux qui étaient en L: et N:
    L:\ -> Disque amovible # 982 Mo (922 Mo libre(s) - 94%) [] # FAT32
    M:\ -> Disque fixe # 141 Go (28 Go libre(s) - 20%) [DD pb ] # NTFS
    N:\ -> Disque fixe # 466 Go (291 Go libre(s) - 63%) [My Book] # FAT32

  • Double-clique sur "UsbFix" pour lancer le programme
    (Utilisateur de Vista/Windows 7, clique-droit sur UsbFix > Exécuter en tant qu'administrateur)
  • Clique sur "Suppression" pour lancer le nettoyage. Branche tes périphériques si ce n'est pas fait, puis valide l'avertissement.
  • Laisse travailler l'outil, ton bureau va disparaitre, c'est normal.
  • S'il te demande d'envoyer un fichier .zip, accepte.
  • A la fin, un rapport apparaitra (sinon, il est situé ici C:\Usbfix.txt). Poste-le dans ta prochaine réponse



    Pour les rapports, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
    m
    0
    l
    a c 627 8 Sécurité
    23 Janvier 2011 11:41:00

    Re,

    Ok, laisse brancher tous tes supports amovibles, puis fait ceci :

    Télécharge MalwareByte's Anti-Malware :

  • Installe le programme (aide ici)
  • Lance-le et met à jour la base de définition.

  • Choisi ensuite "Exécuter un examen complet" puis "Rechercher"
  • Sélectionne les disques dur et clique sur "Lancer l'examen"
  • Laisse l'analyse se faire (cela peut durer longtemps).
  • A la fin, vérifie que les éléments trouvés soient coché (dans "Résultat de l'examen).
  • Puis clique sur "Supprimer la sélection" en bas.
  • Un redémarrage peut être nécessaire.

  • Un rapport va s'afficher, enregistre-le sur ton bureau.
  • ou sinon, après le démarrage, il se trouvera dans "Rapports/logs"
    m
    0
    l
    a c 627 8 Sécurité
    23 Janvier 2011 19:06:55

    Ok,

    Tu as encore des envois de mails ?

    Normalement ce doit être bon, on va faire un dernier tour du proprio :

    Télécharge OTL (de Old Timer) sur ton bureau.
  • Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")
  • Sous Personnalisation, copie-colle l'ensemble du texte ci-dessous, laisse les autres options par défaut.
    netsvcs
    msconfig
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT

  • Clique sur le bouton Analyse en haut à gauche puis patiente quelques instants.
  • A la fin du scan, le rapport OTL.Txt s'ouvrira. Copie/colle ici son contenu.
    PS : Les rapports sont aussi enregistrés sur le bureau

    Pour les rapports, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
    m
    0
    l
    a c 627 8 Sécurité
    24 Janvier 2011 19:38:42

    Re,

    Ok, on fini le ménage alors.


    1) Relance OTL.exe
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

  • Clique sur "Purge d'outils"
  • Valide l'avertissement par "ok" et laisse le pc redémarrer.

    2) Si encore présent, supprime les programme suivants :

    USBFix (double-clique pour ouvrir puis choisi "Désinstaller")
    Hijackthis via le gestionnaire des programmes

    Tu peux conserver Malwarebyte's pour des scans occasionnels en pensant bien à le mettre à jour auparavant.


    3) Purge de la restauration système :

    Elle contient des restes de l'infection, suis ce tuto pour la purger :

    Vista/7 :
    http://www.inforumatique.fr/post82670.html#p82670


    4) Met à jour les programmes suivants :

    Java vers la version 6 update 23



    Pour aller plus loin dans ta protection et éviter de te faire réinfecter voici quelques conseils supplémentaires :


  • Attention lors de l'installation de logiciel :
    Veiller à toujours lire les conditions d'utilisation (CLUF), afin de déceler la gestion des données personnelles, l'installation de sponsors publicitaires ou tout autre atteintes à la vie privée. Refuser les toolbars et autres addons proposés.


  • Maintenir ses logiciels et son système à jour :
    De nombreuses infections sont dû à des failles de windows, mais aussi de logiciel tiers, comme Sun Java, Adobe Acrobat Reader, etc
    Tu peux faire un scan de vulnérabilité pour connaitre tes logiciels présentant des failles non corrigées ou à mettre à jour.

    Enfin, le plus important reste ton comportement sur ton PC, tu restes la plus importante protection : Évites les comportement à risque : P2P, cracks, téléchargements et installations douteux via des pubs, les messageries instantanées, ou des sites inconnu, sites pornographiques.
    A lire !


    Tu peux indiquer ton sujet "réglé" en cliquant sur le bouton "éditer" dans ton tout premier message.
    -> Ajoute ensuite "résolu" à coté de ton titre et valide.

    Tu peux aussi, si tu le souhaites, valider une "meilleure réponse", ton sujet sera alors automatiquement marqué comme "résolu"

    A bientôt sur les forums Tom's Guide
    m
    0
    l
    24 Janvier 2011 23:17:23

    Bonsoir

    Voila tout est fait (à part java que je n'ai pas réussi à installer, mais j'ai l'update 22).

    Je voulais te remercier pour tout ce que tu as fait, et tout le temps que tu m'as accordé. Toutes tes réponses étaient simples, précises et parfaitement expliquées. Elles étaient également très rapides, ce qui est un avantage considérable.

    J'avais une dernière question : je voulais savoir (c'est peut être un peu indiscret...) si tu étais employé par le site, ou alors si tu es ici juste par passion pour l'informatique.

    Merci encore et bonne soirée !
    m
    0
    l
    24 Janvier 2011 23:18:05

    Meilleure réponse sélectionnée par ludofandejjg.
    m
    0
    l
    25 Janvier 2011 19:36:54

    J'ai parlé trop vite... J'ai eu la désagréable surprise de trouver 1 tonne de mails envoyés en ouvrant ma boîte ce soir...
    m
    0
    l
    a c 627 8 Sécurité
    25 Janvier 2011 19:47:36

    Re,

    Sur quel boite mail es-tu ?

    Celle de ton FAI (Orange, Neuf-sfr, etc )

    Une de type Hotmail/Gmail, etc ?



    Citation :
    J'avais une dernière question : je voulais savoir (c'est peut être un peu indiscret...) si tu étais employé par le site, ou alors si tu es ici juste par passion pour l'informatique.

    :lol:  Nan on nous paye pas pour notre boulot, nous sommes tous bénévole ici (enfin à part certains admins bien sur :D  )

    [:_tom_:7]
    m
    0
    l
    25 Janvier 2011 22:42:07

    Re

    Je suis sur hotmail.

    Ca vient de là le problème ?
    m
    0
    l
    a c 627 8 Sécurité
    26 Janvier 2011 17:06:48

    R,

    Oui, c'est un webmail, donc faut changer ton mot de passe et question secrète. Soit l'infection l'a piratée (j'en doute), soit tu l'as communiquée volontairement ou non et elle a été piratée

    -> http://explore.live.com/windows-live-hotmail-security-c...

    Regarde ensuite si les envoies cessent.

    [:_tom_:7]
    m
    0
    l
    27 Janvier 2011 13:28:24

    Bonjour

    Je viens de me rendre compte que l'adresse mail qui me permet de changer de mot de passe, je n'y ai plus accès (c'est une adresse télé2 qui date de 8 ans...).

    Donc je crois que je vais tout simplement changer d'adresse e-mail.
    m
    0
    l
    a c 627 8 Sécurité
    28 Janvier 2011 15:12:40

    Re,


    Mais tu as accès ou non à ta boite mail avec ton mot de passe normal ?

    Si c'est le cas, tu peux changer sans l'adresse de secours.
    Change juste cette adresse de secours.

    [:_tom_:7]
    m
    0
    l
    29 Janvier 2011 14:03:39

    Re

    Oui j'y ai accès.
    Mais le problème c'est que pour changer mon adresse de secours, il me demande de me connecter à cette adresse télé2 !
    Donc du coup je suis bloqué.
    Je vais donc changer d'adresse. Si j'ai à nouveau des problèmes, je te recontacterai.

    Merci encore de ton aide.

    Bonne journée !
    m
    0
    l
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS