Se connecter / S'enregistrer
Votre question
Résolu

Windows Vista : Ecran Bleu, quelque minute aprés le démarage ![résolu]

Tags :
  • Sécurité
  • Écrans
Dernière réponse : dans Sécurité et virus
11 Janvier 2011 21:14:52

:hello:  ,

Un écran bleu (photo ci-dessous) s'affiche quelque minute après le démarrage du PC !



  • Le problème s'affiche sur toute les sessions !
  • En mode sans échec, il n'y a aucun problème !

    Comment résoudre ce problème ? :??: 

    En l'attente de vos réponse, je vous en remercie d'avance ! :ange: 
  • Autres pages sur : windows vista ecran bleu minute demarage resolu

    a b 8 Sécurité
    a b C Ecran
    11 Janvier 2011 21:34:50

    Bonjour,

  • Depuis un autre PC ou depuis le PC endommagé en Mode sans échec avec prise en charge réseau, fais ceci :

  • Télécharge Bluescreenview (de Nirsoft). Transmets le fichier au PC endommagé via une clé USB par exemple si tu as choisi de le télécharger depuis un autre PC.

  • Va dans le dossier compressé, puis double-clique sur l'application pour lancer le programme. (il n'est pas nécessaire de décompresser le dossier)

  • Patiente jusqu'à ce qu'une liste de crashes s'affichent. Pour chacun des crashes, clique dessus, va dans Options > Lower Pane Mode > Bluescreen in XP style. En bas va s'afficher le contenu de l'écran bleu, copie le texte (clic droit > Copier) et colle-le dans ta prochaine réponse sur ce forum.

    Pour t'aider : Tuto sur les écrans bleus

    m
    0
    l
    11 Janvier 2011 23:07:04

    Merci de ta réponse ! :ange: 

    Donc voila la copie de tous les message ! Je sais pas si tu as besoin de tous donc j'ai tous publié !

    A problem has been detected and Windows has been shut down to prevent damage
    to your computer.

    The problem seems to be caused by the following file: ntkrnlpa.exe

    BAD_POOL_HEADER

    If this is the first time you've seen this stop error screen,
    restart your computer. If this screen appears again, follow
    these steps:

    Check to make sure any new hardware or software is properly installed.
    If this is a new installation, ask your hardware or software manufacturer
    for any Windows updates you might need.

    If problems continue, disable or remove any newly installed hardware
    or software. Disable BIOS memory options such as caching or shadowing.
    If you need to use safe mode to remove or disable components, restart
    your computer, press F8 to select Advanced Startup Options, and then
    select Safe Mode.

    Technical Information:

    *** STOP: 0x00000019 (0x00000020, 0x858c8eb8, 0x858c8ed0, 0x18030011)

    *** ntkrnlpa.exe - Address 0x82901b8d base at 0x82834000 DateStamp 0x4c0e557c


    A problem has been detected and Windows has been shut down to prevent damage
    to your computer.

    The problem seems to be caused by the following file: ntkrnlpa.exe

    BAD_POOL_HEADER

    If this is the first time you've seen this stop error screen,
    restart your computer. If this screen appears again, follow
    these steps:

    Check to make sure any new hardware or software is properly installed.
    If this is a new installation, ask your hardware or software manufacturer
    for any Windows updates you might need.

    If problems continue, disable or remove any newly installed hardware
    or software. Disable BIOS memory options such as caching or shadowing.
    If you need to use safe mode to remove or disable components, restart
    your computer, press F8 to select Advanced Startup Options, and then
    select Safe Mode.

    Technical Information:

    *** STOP: 0x00000019 (0x00000020, 0x85b64d10, 0x85b64d28, 0x18030008)

    *** ntkrnlpa.exe - Address 0x828e2b8d base at 0x82815000 DateStamp 0x4c0e557c


    A problem has been detected and Windows has been shut down to prevent damage
    to your computer.

    The problem seems to be caused by the following file: ntkrnlpa.exe

    BAD_POOL_HEADER

    If this is the first time you've seen this stop error screen,
    restart your computer. If this screen appears again, follow
    these steps:

    Check to make sure any new hardware or software is properly installed.
    If this is a new installation, ask your hardware or software manufacturer
    for any Windows updates you might need.

    If problems continue, disable or remove any newly installed hardware
    or software. Disable BIOS memory options such as caching or shadowing.
    If you need to use safe mode to remove or disable components, restart
    your computer, press F8 to select Advanced Startup Options, and then
    select Safe Mode.

    Technical Information:

    *** STOP: 0x00000019 (0x00000020, 0x85a01228, 0x85a01240, 0x18030045)

    *** ntkrnlpa.exe - Address 0x82909b8d base at 0x8283c000 DateStamp 0x4c0e557c


    A problem has been detected and Windows has been shut down to prevent damage
    to your computer.

    The problem seems to be caused by the following file: ntkrnlpa.exe

    BAD_POOL_HEADER

    If this is the first time you've seen this stop error screen,
    restart your computer. If this screen appears again, follow
    these steps:

    Check to make sure any new hardware or software is properly installed.
    If this is a new installation, ask your hardware or software manufacturer
    for any Windows updates you might need.

    If problems continue, disable or remove any newly installed hardware
    or software. Disable BIOS memory options such as caching or shadowing.
    If you need to use safe mode to remove or disable components, restart
    your computer, press F8 to select Advanced Startup Options, and then
    select Safe Mode.

    Technical Information:

    *** STOP: 0x00000019 (0x00000020, 0x85bf2900, 0x85bf2918, 0x1803000d)

    *** ntkrnlpa.exe - Address 0x82910b8d base at 0x82843000 DateStamp 0x4c0e557c


    A problem has been detected and Windows has been shut down to prevent damage
    to your computer.

    The problem seems to be caused by the following file: ntkrnlpa.exe

    BAD_POOL_HEADER

    If this is the first time you've seen this stop error screen,
    restart your computer. If this screen appears again, follow
    these steps:

    Check to make sure any new hardware or software is properly installed.
    If this is a new installation, ask your hardware or software manufacturer
    for any Windows updates you might need.

    If problems continue, disable or remove any newly installed hardware
    or software. Disable BIOS memory options such as caching or shadowing.
    If you need to use safe mode to remove or disable components, restart
    your computer, press F8 to select Advanced Startup Options, and then
    select Safe Mode.

    Technical Information:

    *** STOP: 0x00000019 (0x00000020, 0xa4ba73b8, 0xa4ba73d0, 0x18030007)

    *** ntkrnlpa.exe - Address 0x828dfb8d base at 0x82812000 DateStamp 0x4c0e557c


    A problem has been detected and Windows has been shut down to prevent damage
    to your computer.

    The problem seems to be caused by the following file: ntkrnlpa.exe

    BAD_POOL_HEADER

    If this is the first time you've seen this stop error screen,
    restart your computer. If this screen appears again, follow
    these steps:

    Check to make sure any new hardware or software is properly installed.
    If this is a new installation, ask your hardware or software manufacturer
    for any Windows updates you might need.

    If problems continue, disable or remove any newly installed hardware
    or software. Disable BIOS memory options such as caching or shadowing.
    If you need to use safe mode to remove or disable components, restart
    your computer, press F8 to select Advanced Startup Options, and then
    select Safe Mode.

    Technical Information:

    *** STOP: 0x00000019 (0x00000020, 0xa43d40d0, 0xa43d40e8, 0x18030005)

    *** ntkrnlpa.exe - Address 0x82917b8d base at 0x8284a000 DateStamp 0x4c0e557c


    A problem has been detected and Windows has been shut down to prevent damage
    to your computer.

    The problem seems to be caused by the following file: ntkrnlpa.exe

    BAD_POOL_HEADER

    If this is the first time you've seen this stop error screen,
    restart your computer. If this screen appears again, follow
    these steps:

    Check to make sure any new hardware or software is properly installed.
    If this is a new installation, ask your hardware or software manufacturer
    for any Windows updates you might need.

    If problems continue, disable or remove any newly installed hardware
    or software. Disable BIOS memory options such as caching or shadowing.
    If you need to use safe mode to remove or disable components, restart
    your computer, press F8 to select Advanced Startup Options, and then
    select Safe Mode.

    Technical Information:

    *** STOP: 0x00000019 (0x00000020, 0xa106aa50, 0xa106aa68, 0x18030005)

    *** ntkrnlpa.exe - Address 0x828e2b8d base at 0x82815000 DateStamp 0x4c0e557c


    A problem has been detected and Windows has been shut down to prevent damage
    to your computer.

    The problem seems to be caused by the following file: ntkrnlpa.exe

    SYSTEM_THREAD_EXCEPTION_NOT_HANDLED

    If this is the first time you've seen this stop error screen,
    restart your computer. If this screen appears again, follow
    these steps:

    Check to make sure any new hardware or software is properly installed.
    If this is a new installation, ask your hardware or software manufacturer
    for any Windows updates you might need.

    If problems continue, disable or remove any newly installed hardware
    or software. Disable BIOS memory options such as caching or shadowing.
    If you need to use safe mode to remove or disable components, restart
    your computer, press F8 to select Advanced Startup Options, and then
    select Safe Mode.

    Technical Information:

    *** STOP: 0x1000007e (0xc0000005, 0x828715d8, 0x8b96f794, 0x8b96f490)

    *** ntkrnlpa.exe - Address 0x828715d8 base at 0x82833000 DateStamp 0x4c0e557c


    A problem has been detected and Windows has been shut down to prevent damage
    to your computer.

    The problem seems to be caused by the following file: ntkrnlpa.exe

    PAGE_FAULT_IN_NONPAGED_AREA

    If this is the first time you've seen this stop error screen,
    restart your computer. If this screen appears again, follow
    these steps:

    Check to make sure any new hardware or software is properly installed.
    If this is a new installation, ask your hardware or software manufacturer
    for any Windows updates you might need.

    If problems continue, disable or remove any newly installed hardware
    or software. Disable BIOS memory options such as caching or shadowing.
    If you need to use safe mode to remove or disable components, restart
    your computer, press F8 to select Advanced Startup Options, and then
    select Safe Mode.

    Technical Information:

    *** STOP: 0x00000050 (0xc1653bd0, 0x00000000, 0x87946793, 0x00000000)

    *** ntkrnlpa.exe - Address 0x828db38d base at 0x82843000 DateStamp 0x4c0e557c


    Voila ! :heink: 

    m
    0
    l
    Contenus similaires
    a b 8 Sécurité
    a b C Ecran
    12 Janvier 2011 13:13:47

    Le souci vient du noyau de Windows > ntkrnlpa.exe

    En mode sans échec : --> On va vérifier que tes fichiers systèmes n'ont pas été modifiés :

  • Une fois le PC démarré, va dans Démarrer, puis dans la barre de recherche, tape cmd . Fais un clic droit sur le résultat, puis clique sur Exécuter en tant qu'administrateur .

  • Dans la fenêtre d'invite de commandes (la fenêtre noire), tape sfc/verifyonly et appuie sur entrée.

  • A la fin de l'opération, mets une capture d'écran sur ce topic.

    Pour t'aider : Tuto sur sfc
    m
    0
    l
    12 Janvier 2011 15:27:17

    Don voila le PC se matin n'ouvre plus du tout la session après le choix de la session rien ne s'affiche ! écran noir !

    Donc j'ai redémarrer en mode "invite de commande en mode sans échec"

    Après avoir taper : sfc/verifyonly dans l'invité de commande cela me marque :

    C:\Windows\system32>sfc/verifyonly

    Début de l'analyse du système. cette opération peut nécessiter certain temps

    Démarrage de la phase de vérification de l'analyse du système.
    La vérification 100% est terminée

    La protection de ressources Windows a trouvé des violation d'intégrité. Des détails sont fournis dans le journalCBS.log windir\Logs\CBS\CBS.log. Par
    exemple C:\Windows\Logs\CBS\CBS.log

    C:\Windows\system32>


    PS: Si il y a besoin de faire une restauration du système, je n'ai pas les CD de Vista ! (CD non fournie a la vente)


    => J'crois la dernière solution que j'ai est dallé apporté le PC au dépannage informatique !!! :fou: 
    m
    0
    l
    a b 8 Sécurité
    a b C Ecran
    12 Janvier 2011 16:53:36

    Non, ne t'inquiète pas, une simple restauration sans le cd pourra résoudre le souci.

    Il y a des problèmes, qu'on va corriger :

    /!\ Il serait préférable d'imprimer ou de noter les instructions ci-dessous parce que tu n'auras pas accès à celles-ci durant la manip !

  • Redémarre en mode Invite de commandes en mode sans échec (pour ça, redémarre le PC, appuye sur F8 jusqu'à avoir des options de démarrage avancées : là, tu sélectionnes ce mode et tu valides)

  • La même fenêtre noire s'affiche. Cette fois, tape sfc/scannow, valide et patiente durant l'opération.

  • Une fois que c'est fini, note bien ce qui est affiché, puis redémarre ton ordi normalement en tapant shutdown -r -t 0 et en validant.

  • Dis-moi ce qui était marqué ;) 

    Pour t'aider : Tuto sur les options de démarrage
    m
    0
    l
    12 Janvier 2011 18:25:00

    OK, je suis vos consignes ! :ange: 

    Donc après avoir marqué sfc/scannow dans l'invité de commande cela me met :
    La protection des ressources Windows a trouvé des fichier endommagés,mais n'a pas reussi à tous les réparer. Des détails sont inclus dans le journal CBS.log windir\Logs\CBS\CBS.log. Par
    exemple C:\Windows\Logs\CBS\CBS.log
    m
    0
    l
    a b 8 Sécurité
    a b C Ecran
    12 Janvier 2011 18:27:20

    Re, tu peux démarrer normalement ?
    m
    0
    l
    12 Janvier 2011 18:41:56

    Non toujours écran noir mais je vois le curseur !
    Je peut aller dans gestionnaire des tache en fessait ctrl+maj+echap (la fenêtre s'affiche niquel !)
    et en je peut aussi faire ctrl+alt+sup m'affiche l'écran avec les choix verrouiller cet ordinateur,changer d'utilisateur,fermer la session, ...

    édit : l'explorateur Windows ne se lance pas, il n'est pas dans les processus !
    m
    0
    l
    a b 8 Sécurité
    a b C Ecran
    12 Janvier 2011 19:24:37

    Re :) 

    A l'aide du gestionnaire des tâches, fais nouvelle tâche et tape explorer.exe

    Dis-moi si ça fonctionne.

    Ensuite on passera à la suite.
    m
    0
    l
    12 Janvier 2011 19:29:19

    ça fonctionne !
    m
    0
    l
    a b 8 Sécurité
    a b C Ecran
    12 Janvier 2011 19:34:01

    Ok, on progresse, mais je ne serais pas surpris si un virus se cacherait derrière tout ça...


    Télécharge [#ff9000]OTL[/#ff] (de OldTimer) sur ton Bureau.

  • Double-clique sur OTL.exe pour le lancer. Ferme toutes les fenêtres sauf celle d'OTL.
  • Une fenêtre apparaît.
  • Coche la case : Tous les utilisateurs
  • Dans la section Rapport en haut de cette fenêtre, coche la case Rapport Minimal.
  • Coche également les cases correspondant à la Recherche LOP et à la Recherche Purity (En bleu vers le bas de la fenêtre).
  • Enfin, clique sur le bouton Analyse. Pendant la durée du scanne, ne touche à rien. Le scan ne prendra pas beaucoup de temps.
  • Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau)
  • Copie ici (Éditer -> Sélectionner tout; Éditer -> Copier) le contenu des deux fichiers, un par post, et poste-le dans ta prochaine réponse.

    m
    0
    l
    12 Janvier 2011 19:39:51

    La page du fichier/programme "OTL" n'existe plus, je tombe sur une erreur 404 !

    édit: non c'est bon juste une balise HTML qui c'est glisser dans le lien a supprimer !
    m
    0
    l
    a b 8 Sécurité
    a b C Ecran
    12 Janvier 2011 19:45:17

    J'ai édité mon message précédent, le lien est maintenant valide ;) 
    m
    0
    l
    12 Janvier 2011 20:00:28

    OTL :

    OTL logfile created on: 12/01/2011 19:50:20 - Run 1
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Marie\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18975)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
    6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 286,88 Gb Total Space | 140,84 Gb Free Space | 49,09% Space Free | Partition Type: NTFS
    Drive G: | 982,72 Mb Total Space | 982,09 Mb Free Space | 99,94% Space Free | Partition Type: FAT

    Computer Name: PC-DE-ANTHONY | User Name: Marie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    [color=#E56717]========== Processes (SafeList) ==========[/color]

    PRC - C:\Users\Marie\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Users\Marie\AppData\Roaming\xssend2\svcnost.exe (Microsoft Corporation)
    PRC - C:\Users\Marie\AppData\Roaming\ewwhbggqdkshefw2fbvqr1yenpwbn1a2\csrss.exe (Microsoft Corporation)
    PRC - C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
    PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Broadcom Corporation.)
    PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    PRC - C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
    PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
    PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)


    [color=#E56717]========== Modules (SafeList) ==========[/color]

    MOD - C:\Users\Marie\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


    [color=#E56717]========== Win32 Services (SafeList) ==========[/color]

    SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    SRV - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
    SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
    SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
    SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
    SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
    SRV - (FTRTSVC) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
    SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
    SRV - (RtkAudioService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
    SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
    SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
    SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
    SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
    SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
    SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
    SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
    SRV - (SOHDms) -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation)
    SRV - (SOHCImp) -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation)
    SRV - (SOHDs) -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation)
    SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
    SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
    SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
    SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
    SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
    SRV - (Service CANALPLAY) -- C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe (Canal+ Active)
    SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
    SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
    SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)


    [color=#E56717]========== Driver Services (SafeList) ==========[/color]

    DRV - (UIUSys) -- C:\Windows\System32\DRIVERS\UIUSYS.SYS File not found
    DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
    DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
    DRV - (sftvol) -- C:\Program Files\Microsoft Application Virtualization Client\drivers\sftvollh.sys (Microsoft Corporation)
    DRV - (sftplay) -- C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys (Microsoft Corporation)
    DRV - (sftfs) -- C:\Program Files\Microsoft Application Virtualization Client\drivers\sftfslh.sys (Microsoft Corporation)
    DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
    DRV - (PCAMp50) -- C:\Windows\System32\drivers\PCAMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (PCASp50) -- C:\Windows\System32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
    DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
    DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
    DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
    DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
    DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
    DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
    DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
    DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
    DRV - (NETw5v32) Pilote de carte Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
    DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
    DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
    DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
    DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
    DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
    DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
    DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
    DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
    DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
    DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
    DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
    DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
    DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
    DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
    DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
    DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
    DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
    DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
    DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
    DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
    DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
    DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
    DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
    DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
    DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
    DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
    DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
    DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
    DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
    DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
    DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
    DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
    DRV - (SQTECH905C) -- C:\Windows\System32\drivers\Capt905c.sys (Service & Quality Technology.)
    DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
    DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
    DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
    DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
    DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
    DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
    DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
    DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
    DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
    DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
    DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
    DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
    DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
    DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
    DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
    DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
    DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
    DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
    DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
    DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
    DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
    DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)


    [color=#E56717]========== Standard Registry (SafeList) ==========[/color]


    [color=#E56717]========== Internet Explorer ==========[/color]

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    IE - HKLM\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)
    IE - HKLM\..\URLSearchHook: {b9e20919-fa55-471f-989b-b107bf8de785} - Reg Error: Key error. File not found


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/402
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/402
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4153504202-3772131068-2209810794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
    IE - HKU\S-1-5-21-4153504202-3772131068-2209810794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
    IE - HKU\S-1-5-21-4153504202-3772131068-2209810794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-4153504202-3772131068-2209810794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKU\S-1-5-21-4153504202-3772131068-2209810794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.wikikou.fr
    IE - HKU\S-1-5-21-4153504202-3772131068-2209810794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-4153504202-3772131068-2209810794-1000\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-4153504202-3772131068-2209810794-1000\..\URLSearchHook: {b9e20919-fa55-471f-989b-b107bf8de785} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-4153504202-3772131068-2209810794-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
    IE - HKU\S-1-5-21-4153504202-3772131068-2209810794-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-4153504202-3772131068-2209810794-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    [color=#E56717]========== FireFox ==========[/color]

    FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "MessengerPlusLive France TB Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/402"
    FF - prefs.js..extensions.enabledItems: {b9e20919-fa55-471f-989b-b107bf8de785}:3.2.3.3
    FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
    FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0
    FF - prefs.js..extensions.enabledItems: offerboxffx@offerbox.com:2.1.3304.104
    FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=402&q="
    FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
    FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2719315&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2719315&SearchSource=13"
    FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2719315&q="


    FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/07/29 17:53:16 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.0.2156.0\Firefox [2010/12/22 17:48:47 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\offerboxffx@offerbox.com: C:\Program Files\OfferBox\offerboxffx@offerbox.com [2011/01/09 19:09:11 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/26 18:15:29 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/26 18:15:29 | 000,000,000 | ---D | M]

    [2010/01/17 22:01:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marie\AppData\Roaming\mozilla\Extensions
    [2010/01/17 22:01:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marie\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
    [2011/01/10 23:07:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marie\AppData\Roaming\mozilla\Firefox\Profiles\xyal9qxv.default\extensions
    [2010/04/28 19:50:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marie\AppData\Roaming\mozilla\Firefox\Profiles\xyal9qxv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/08/26 15:20:12 | 000,000,000 | ---D | M] (Softonic_France Toolbar) -- C:\Users\Marie\AppData\Roaming\mozilla\Firefox\Profiles\xyal9qxv.default\extensions\{364d4e0c-543f-4b85-abe3-19551139da4f}
    [2010/01/06 15:42:33 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Marie\AppData\Roaming\mozilla\Firefox\Profiles\xyal9qxv.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    [2011/01/06 21:18:42 | 000,000,000 | ---D | M] (MessengerPlusLive France TB Community Toolbar) -- C:\Users\Marie\AppData\Roaming\mozilla\Firefox\Profiles\xyal9qxv.default\extensions\{b9e20919-fa55-471f-989b-b107bf8de785}
    [2010/10/03 20:02:33 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Marie\AppData\Roaming\mozilla\Firefox\Profiles\xyal9qxv.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
    [2011/01/06 23:17:38 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Marie\AppData\Roaming\mozilla\Firefox\Profiles\xyal9qxv.default\extensions\engine@conduit.com
    [2010/07/29 17:17:44 | 000,000,957 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\xyal9qxv.default\searchplugins\conduit.xml
    [2010/10/03 20:02:29 | 000,003,915 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\xyal9qxv.default\searchplugins\sweetim.xml
    [2009/05/16 13:06:31 | 000,003,705 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\xyal9qxv.default\searchplugins\YouGoo.xml
    [2011/01/11 20:02:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
    [2011/01/09 19:09:11 | 000,000,000 | ---D | M] (OfferBox) -- C:\PROGRAM FILES\OFFERBOX\OFFERBOXFFX@OFFERBOX.COM
    [2011/01/09 19:14:41 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
    [2010/12/26 18:15:26 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
    [2010/12/26 18:15:26 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2010/12/26 18:15:26 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
    [2010/12/26 18:15:26 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
    [2010/12/26 18:15:26 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)
    O2 - BHO: (no name) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll ()
    O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
    O2 - BHO: (no name) - {b9e20919-fa55-471f-989b-b107bf8de785} - No CLSID value found.
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name)
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll (Microsoft Corporation)
    O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O2 - BHO: (OfferBox) - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Program Files\OfferBox\OfferBoxBHO.dll (Secure Digital Services Limited)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll ()
    O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {b9e20919-fa55-471f-989b-b107bf8de785} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O3 - HKU\S-1-5-21-4153504202-3772131068-2209810794-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-4153504202-3772131068-2209810794-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\S-1-5-21-4153504202-3772131068-2209810794-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-4153504202-3772131068-2209810794-1000\..\Toolbar\WebBrowser: (Softonic_France Toolbar) - {4DAAC69C-CBA7-45E2-9BC8-1044483D3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE (Discordia, LTD)
    O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-4153504202-3772131068-2209810794-1000..\Run: [mssend] C:\Users\Marie\AppData\Roaming\xssend2\svcnost.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-4153504202-3772131068-2209810794-1000..\Run: [qujrurmzfvd2kzfhpkgc2vdrdpbpyko] C:\Users\Marie\AppData\Roaming\yiesigfectwxnnemknouodordjwrgr32\csrss.exe File not found
    O4 - HKU\S-1-5-21-4153504202-3772131068-2209810794-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKU\S-1-5-21-4153504202-3772131068-2209810794-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O4 - HKU\.DEFAULT..\RunOnce: [!SearchquFF] C:\Windows\Temp\InstallHelper.dll ()
    O4 - HKU\S-1-5-18..\RunOnce: [!SearchquFF] C:\Windows\Temp\InstallHelper.dll ()
    O7 - HKU\S-1-5-21-4153504202-3772131068-2209810794-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Ajouter au fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convertir en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
    O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKLM\..Trusted Domains: canalplay.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: canalplusactive.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-4153504202-3772131068-2209810794-1000\..Trusted Domains: canalplay.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-4153504202-3772131068-2209810794-1000\..Trusted Domains: canalplusactive.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-4153504202-3772131068-2209810794-1000\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-4153504202-3772131068-2209810794-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll) - C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Discordia, LTD)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL (Google)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - ("C:\Users\Marie\AppData\Roaming\ewwhbggqdkshefw2fbvqr1yenpwbn1a2\csrss.exe") - C:\Users\Marie\AppData\Roaming\ewwhbggqdkshefw2fbvqr1yenpwbn1a2\csrss.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
    O24 - Desktop WallPaper: C:\Users\Marie\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Papier peint de la Galerie de photos Windows Live.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Marie\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Papier peint de la Galerie de photos Windows Live.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{136f85d5-0cf2-11de-bced-001dba85dea0}\Shell - "" = AutoRun
    O33 - MountPoints2\{136f85d5-0cf2-11de-bced-001dba85dea0}\Shell\AutoRun\command - "" = G:\AutoRunCardDetector.exe -- File not found
    O33 - MountPoints2\{136f8609-0cf2-11de-bced-001dba85dea0}\Shell - "" = AutoRun
    O33 - MountPoints2\{136f8609-0cf2-11de-bced-001dba85dea0}\Shell\AutoRun\command - "" = G:\AutoRunCardDetector.exe -- File not found
    O33 - MountPoints2\{136f860b-0cf2-11de-bced-00214f4abe6b}\Shell - "" = AutoRun
    O33 - MountPoints2\{136f860b-0cf2-11de-bced-00214f4abe6b}\Shell\AutoRun\command - "" = G:\AutoRunCardDetector.exe -- File not found
    O33 - MountPoints2\{4b8808e4-1011-11de-a8e1-00214f4abe6b}\Shell - "" = AutoRun
    O33 - MountPoints2\{4b8808e4-1011-11de-a8e1-00214f4abe6b}\Shell\AutoRun\command - "" = G:\AutoRunCardDetector.exe -- File not found
    O33 - MountPoints2\{4b8808e7-1011-11de-a8e1-00214f4abe6b}\Shell - "" = AutoRun
    O33 - MountPoints2\{4b8808e7-1011-11de-a8e1-00214f4abe6b}\Shell\AutoRun\command - "" = G:\AutoRunCardDetector.exe -- File not found
    O33 - MountPoints2\{5a72ad58-143d-11e0-a98c-00214f4abe6b}\Shell\AutoRun\command - "" = G:\.\EncryptionTool\MaxtorEncryption.exe -- File not found
    O33 - MountPoints2\{5ec43648-5792-11de-ba8f-00214f4abe6b}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
    O33 - MountPoints2\{8a3591f3-0db7-11de-9f46-001dba85dea0}\Shell - "" = AutoRun
    O33 - MountPoints2\{8a3591f3-0db7-11de-9f46-001dba85dea0}\Shell\AutoRun\command - "" = G:\AutoRunCardDetector.exe -- File not found
    O33 - MountPoints2\{8a3591fa-0db7-11de-9f46-00214f4abe6b}\Shell - "" = AutoRun
    O33 - MountPoints2\{8a3591fa-0db7-11de-9f46-00214f4abe6b}\Shell\AutoRun\command - "" = G:\AutoRunCardDetector.exe -- File not found
    O33 - MountPoints2\{949995c6-0223-11df-9554-00214f4abe6b}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
    O33 - MountPoints2\{ba25c35d-f5c2-11dd-b495-00214f4abe6b}\Shell - "" = AutoRun
    O33 - MountPoints2\{ba25c35d-f5c2-11dd-b495-00214f4abe6b}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

    [2011/01/12 19:49:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marie\Desktop\OTL.exe
    [2011/01/12 19:38:47 | 000,000,000 | ---D | C] -- C:\Users\Marie\Desktop\Nouveau dossier
    [2011/01/11 21:59:17 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
    [2011/01/11 21:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
    [2011/01/11 21:29:34 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\xssend2
    [2011/01/11 21:29:28 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\ewwhbggqdkshefw2fbvqr1yenpwbn1a2
    [2011/01/10 18:05:21 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\OfferBox
    [2011/01/09 19:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Fun4IM
    [2011/01/09 19:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Searchqu Toolbar
    [2011/01/09 19:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Fun4IM
    [2011/01/09 19:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\OfferBox
    [2010/12/28 16:44:37 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\xssendawfmawik2hysxo2nuycuutisaopsqdt
    [2010/12/28 16:43:24 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\xssendfojozstjfgih2cmuahmxrsxtiyomg2k
    [2010/12/28 16:42:04 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\yiesigfectwxnnemknouodordjwrgr32
    [2010/12/26 18:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2010/12/26 18:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2010/12/26 18:43:36 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010/12/26 18:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2010/12/13 21:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(266)
    [2010/12/13 21:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(267)
    [2010/12/13 21:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour(119)

    [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

    [2011/01/12 19:49:10 | 000,723,462 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
    [2011/01/12 19:49:10 | 000,634,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/01/12 19:49:10 | 000,146,798 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
    [2011/01/12 19:49:10 | 000,120,150 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/01/12 19:41:19 | 000,207,360 | ---- | M] () -- C:\Users\Marie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/01/12 19:40:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marie\Desktop\OTL.exe
    [2011/01/12 18:39:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/01/12 18:24:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/01/12 18:24:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/01/12 17:54:28 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2011/01/11 21:29:21 | 000,008,188 | ---- | M] () -- C:\Users\Marie\AppData\Local\d3d9caps.dat
    [2011/01/11 20:00:31 | 307,082,992 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/12/28 16:39:13 | 000,022,299 | ---- | M] () -- C:\Users\Marie\Desktop\Capturer.JPG
    [2010/12/26 18:47:48 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2010/12/26 18:47:48 | 000,001,955 | ---- | M] () -- C:\Users\Marie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/12/26 18:43:51 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cac6b5ae385cb0.job
    [2010/12/26 18:43:49 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2010/12/26 18:43:49 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

    [color=#E56717]========== Files Created - No Company Name ==========[/color]

    [2010/12/30 18:51:15 | 307,082,992 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2010/12/28 16:39:11 | 000,022,299 | ---- | C] () -- C:\Users\Marie\Desktop\Capturer.JPG
    [2010/12/26 18:47:48 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2010/12/26 18:47:48 | 000,001,955 | ---- | C] () -- C:\Users\Marie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/12/26 18:43:49 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2009/09/24 11:58:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/05/14 20:15:09 | 000,001,750 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2009/02/25 19:17:41 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2009/01/23 14:37:27 | 000,138,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2009/01/23 14:37:27 | 000,022,328 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\PnkBstrK.sys
    [2008/12/27 22:31:41 | 000,370,176 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
    [2008/12/19 18:47:11 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
    [2008/12/19 18:47:11 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
    [2008/11/23 20:25:37 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini
    [2008/11/20 20:10:18 | 000,000,093 | ---- | C] () -- C:\Users\Marie\AppData\Local\fusioncache.dat
    [2008/11/19 18:19:54 | 000,207,360 | ---- | C] () -- C:\Users\Marie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/11/19 16:50:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2008/11/19 16:22:41 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2008/11/19 16:22:41 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2008/11/19 16:22:35 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2008/11/19 16:22:35 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2008/11/19 16:22:33 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2008/11/19 14:32:49 | 000,002,478 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\wklnhst.dat
    [2008/11/19 14:31:26 | 000,000,516 | ---- | C] () -- C:\Windows\ODBC.INI
    [2008/11/18 12:24:06 | 000,008,188 | ---- | C] () -- C:\Users\Marie\AppData\Local\d3d9caps.dat
    [2008/08/26 14:56:37 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
    [2008/08/26 14:48:57 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
    [2008/08/26 14:18:30 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2008/08/13 20:04:05 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2007/09/12 00:57:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

    [color=#E56717]========== LOP Check ==========[/color]

    [2008/12/12 15:08:17 | 000,000,000 | ---D | M] -- C:\Users\Aurelien\AppData\Roaming\Autodesk
    [2009/11/27 22:43:02 | 000,000,000 | ---D | M] -- C:\Users\Aurelien\AppData\Roaming\igraal
    [2010/03/10 15:10:30 | 000,000,000 | ---D | M] -- C:\Users\Aurelien\AppData\Roaming\NVD
    [2011/01/11 20:02:52 | 000,000,000 | ---D | M] -- C:\Users\Aurelien\AppData\Roaming\OfferBox
    [2008/12/02 19:16:04 | 000,000,000 | ---D | M] -- C:\Users\Aurelien\AppData\Roaming\OpenOffice.org
    [2010/08/06 12:20:02 | 000,000,000 | ---D | M] -- C:\Users\Aurelien\AppData\Roaming\SoftGrid Client
    [2010/03/10 15:05:53 | 000,000,000 | ---D | M] -- C:\Users\Aurelien\AppData\Roaming\TP
    [2011/01/12 15:08:28 | 000,000,000 | ---D | M] -- C:\Users\Aurelien\AppData\Roaming\xssend2
    [2011/01/12 14:46:27 | 000,000,000 | ---D | M] -- C:\Users\Aurelien\AppData\Roaming\xssendgc3m1xfm1rikczw2ggtsrosmvotwswk
    [2010/11/29 23:04:35 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\A01DCC7912F6B72C4E1240D8EDF6942C
    [2009/01/10 23:20:26 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Autodesk
    [2011/01/11 21:29:28 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\ewwhbggqdkshefw2fbvqr1yenpwbn1a2
    [2010/06/27 12:16:46 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Facebook
    [2010/11/25 23:13:42 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\FrostWire
    [2009/05/16 13:05:40 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Icones
    [2009/11/21 13:45:13 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\igraal
    [2008/11/19 22:26:14 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\InterVideo
    [2008/11/19 19:24:08 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\LimeWire
    [2008/12/27 22:30:31 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\NeoDivX2008
    [2010/04/04 20:20:09 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\NVD
    [2011/01/11 21:17:01 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\OfferBox
    [2009/01/12 21:25:46 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\OpenOffice.org
    [2010/11/30 23:29:27 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\SoftGrid Client
    [2010/01/17 22:01:37 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\TomTom
    [2008/11/19 15:34:56 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Unigraphics Solutions
    [2008/11/22 17:42:37 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Windows Live Writer
    [2011/01/11 21:29:34 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\xssend2
    [2011/01/05 18:13:54 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\xssendawfmawik2hysxo2nuycuutisaopsqdt
    [2010/12/28 16:43:24 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\xssendfojozstjfgih2cmuahmxrsxtiyomg2k
    [2010/12/30 19:09:28 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\yiesigfectwxnnemknouodordjwrgr32
    [2011/01/12 17:54:28 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    [color=#E56717]========== Purity Check ==========[/color]



    [color=#E56717]========== Alternate Data Streams ==========[/color]

    @Alternate Data Stream - 64 bytes -> C:\Users\Marie\Desktop\le_fantasme_des_mecs2.mp4:TOC.WMV

    < End of report >
    m
    0
    l
    12 Janvier 2011 20:08:09

    EXTRAS :

    OTL Extras logfile created on: 12/01/2011 19:50:20 - Run 1
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Marie\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18975)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
    6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 286,88 Gb Total Space | 140,84 Gb Free Space | 49,09% Space Free | Partition Type: NTFS
    Drive G: | 982,72 Mb Total Space | 982,09 Mb Free Space | 99,94% Space Free | Partition Type: FAT

    Computer Name: PC-DE-ANTHONY | User Name: Marie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    [color=#E56717]========== Extra Registry (SafeList) ==========[/color]


    [color=#E56717]========== File Associations ==========[/color]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-4153504202-3772131068-2209810794-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [color=#E56717]========== Shell Spawning ==========[/color]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [color=#E56717]========== Security Center Settings ==========[/color]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4153504202-3772131068-2209810794-1000]
    "EnableNotifications" = 0
    "EnableNotificationsRef" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [color=#E56717]========== Firewall Settings ==========[/color]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [color=#E56717]========== Authorized Applications List ==========[/color]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\M6Mobile\Connectivity\ConnectivityManager.exe" = C:\Program Files\M6Mobile\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)
    "C:\Users\Marie\AppData\Local\Temp\0.7660951827566339.exe" = C:\Users\Marie\AppData\Local\Temp\0.7660951827566339.exe:*:Enabled:ldrsoft -- File not found
    "C:\Users\Marie\AppData\Roaming\xssend2\svcnost.exe" = C:\Users\Marie\AppData\Roaming\xssend2\svcnost.exe:*:Enabled:ldrsoft -- (Microsoft Corporation)
    "C:\Users\Marie\AppData\Roaming\ewwhbggqdkshefw2fbvqr1yenpwbn1a2\csrss.exe" = C:\Users\Marie\AppData\Roaming\ewwhbggqdkshefw2fbvqr1yenpwbn1a2\csrss.exe:*:Enabled:ldrsoft -- (Microsoft Corporation)


    [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{058CA255-0D5C-42E4-8742-E3E1E77783D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{0CA19AB6-8203-4471-B3F0-BCF4AF85E0CE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{138221A9-AE91-4C5B-8658-1D6D13212FE8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{152BB939-A564-482E-8C9F-E67E93CF36CD}" = rport=137 | protocol=17 | dir=out | app=system |
    "{272A248D-5639-4C3D-B7FE-F29CF90A2D77}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{28F91043-2A85-49CD-9A24-17BC5091F9D5}" = lport=138 | protocol=17 | dir=in | app=system |
    "{2A1B5F16-D346-45EE-AAF9-66160F77F04B}" = rport=138 | protocol=17 | dir=out | app=system |
    "{2CFBE7FF-077A-42BE-89F0-BC3608903439}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{2E73A430-2C3E-4103-ADAE-00A6D258B81A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{452319F7-2AC0-456A-9CC2-0E9949563D92}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{52700CB0-C023-4142-8795-EE97EBB9EB94}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{52DA49E2-89E5-4B17-89C0-BFF08677E058}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{5F430E2E-E821-4885-B4C9-47C9E03AC173}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{70E9A9C7-AAE3-4D66-8CAB-A2F128078749}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{91C1B4F4-7492-4621-B332-E6DADF28ED29}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{9357FA4B-407F-4F9D-A80A-B776C5C6FA86}" = lport=445 | protocol=6 | dir=in | app=system |
    "{93CE7D92-C08B-46DD-AB20-6C79B9321D09}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{AAF8343D-0041-461B-8B4A-1CF1CF65FC46}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{AE769DBA-1402-432E-BF7E-2749AACCA6E7}" = rport=139 | protocol=6 | dir=out | app=system |
    "{C8FAC32A-EFA9-4B69-886E-9A2A69AA40E2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{D15E4113-FC3D-432C-B85A-777C5F602884}" = lport=139 | protocol=6 | dir=in | app=system |
    "{D31F4A65-8A30-451A-A313-18D802601547}" = lport=137 | protocol=17 | dir=in | app=system |
    "{D8514EC6-7FF2-4A6C-9D2F-5451C3058E27}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{DBD42947-CD80-46BA-848F-E01AF0FE25DA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E2751F68-A127-4168-B7D3-8CC58C318975}" = rport=445 | protocol=6 | dir=out | app=system |
    "{EA1901EF-37C9-4DF1-B43A-3026606A4DFC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{EBA52319-E922-4B41-8927-EA727506A5D3}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{EC0C1A3B-A380-41DC-B158-CFABEF337ED8}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{F2A25F69-9A55-4012-AB1B-C2CDBE9336E7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

    [color=#E56717]========== Vista Active Application Exception List ==========[/color]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04FCC1A3-77FF-4445-8B29-85DD78FDEE60}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{086E61F9-FE9F-46C0-9AAB-93C2F3787FEC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{13EBF4B9-8514-400E-A138-FFF8991A1076}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
    "{1DD3B243-A9FC-427E-A80F-4364065898E3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{1F415C4D-6A06-47F2-9A76-03389289E167}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{1F83DFEB-B3C2-4173-896D-5E16F8CB61AC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{2001BD61-8228-47CD-BC0C-A4624D96405F}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
    "{2B9495F7-6599-4550-BF05-5112785F32BA}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
    "{2CA4BC30-93C7-429C-ABC5-D623F23B8DE3}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{3A613804-71BE-44FE-962D-A8D859C17F37}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
    "{3DFDB0D1-D7A8-4B93-A1B1-8ED89FD55076}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{43CD60E3-C937-4C25-9BA5-2A5EC702C577}" = protocol=17 | dir=in | app=c:\program files\k-lite codec pack\filters\ac3config.exe |
    "{46CD6F4B-B5C0-4C37-B788-64E0695551A6}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\vmp.exe |
    "{4C09ECF7-79F6-455F-85E0-6F4C9575761A}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{5289EC2B-C51C-4369-B40F-C1DC58BBBF1E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{52DC9784-6329-4761-9DFF-A2619CAEA67F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{533D1934-BFC8-46B7-ACCE-B20BE5E27C9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{56432164-C675-4A66-8347-E6D6E7674E5B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{5F02D033-6AB4-490C-926C-7446FB44EA92}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\vmp.exe |
    "{64354049-46C9-4850-920C-85D38C70AACC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{647BC23C-45F5-41F8-8A80-7254CB6DE8AC}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{665D61DE-2147-4582-87C8-DF5C870141D6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{68864387-0E65-4E77-AFCF-75622334AE10}" = protocol=17 | dir=in | app=c:\program files\sierra entertainment\fear perseus mandate\fearxp2.exe |
    "{6AADC7CD-8E06-4A69-8D93-408CEED72FBC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{7099090E-69E0-49F1-BB30-7B4FF709F130}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\sohdms.exe |
    "{79FDA2B9-9D58-450A-984F-5CE4B7DE18E1}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\sohcimp.exe |
    "{83B67D3F-FDC1-4FF5-8465-8CAAD87314DE}" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
    "{887982A7-5036-48A9-9679-1DB2BA374B3F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{909331FA-6C25-490A-9E87-6BA27EA3F7CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{986D87EE-C34F-4427-A074-1F6EE7203984}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{9CE8F114-4EE0-45D6-B133-05443D2FA6C3}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
    "{A96C7DD4-5F06-4452-AD79-2047C579EF5D}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
    "{ACB6DD71-B698-42FE-A3BC-126C78361A80}" = protocol=6 | dir=in | app=c:\program files\k-lite codec pack\filters\ac3config.exe |
    "{AEC2A700-5CA0-42FE-B6DA-972A721A94D9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{AFF13FA1-673D-43D0-B17B-7965F44A7BF8}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
    "{B0979F62-1B1F-412A-A93F-A42D2F59D939}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
    "{B20C29AD-E484-4E3A-9ED4-CC494E7B4190}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
    "{B33EB66F-4C3C-45E7-AC4F-897E4DCD3A1E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{BB91E5F8-5B69-4483-9B6E-2EC7B5FEA103}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\sohdms.exe |
    "{BC6A1013-2427-425A-AD18-869107A429EC}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
    "{BD15AD4B-1E25-470C-8504-BD60A6F34A09}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\sohds.exe |
    "{BE4EB004-0785-4860-A6D4-ECBCADB658E6}" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
    "{BEC25E4D-3F83-4426-A06A-66BE72089850}" = protocol=6 | dir=out | app=system |
    "{CAF9663E-22B7-4BBC-B8D7-ACE864C4F550}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\sohcimp.exe |
    "{CCB73E3A-0105-483C-92B6-85F5BE038400}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{CD322CEA-8A27-4F8F-B67D-BD362AD507DC}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
    "{CE28F04C-9D36-4531-A250-8B0C0F6059E2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{CFF81E6A-8802-4CB9-972F-1594DE73E621}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{D037A86E-9549-4B06-BF52-050404A1C7BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D329B4FA-B947-4513-80DA-90314C8C31A7}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
    "{E1397802-A6FF-43F7-A210-49E0ED73CDD0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{E1D23915-9863-4ACA-B5E6-D2B9B0A1E881}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
    "{E3D88615-C4AB-4695-BAB4-5DECF58BA64D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{E6E83712-9E3A-4285-81A3-2BC0A0264CDF}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\sohds.exe |
    "{EA6BB5E5-3BDB-4729-8D05-6EA6F6D3FC57}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{EB57C385-B656-4B4B-8D1E-CD622D0CD6D0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{EE5FEDC5-F4BD-4E50-9750-F4FF08B03DEF}" = protocol=6 | dir=in | app=c:\program files\sierra entertainment\fear perseus mandate\fearxp2.exe |
    "{F3736C4B-5466-49AB-A519-7EE94674BE63}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{F3A67CC9-26FB-43D3-BC85-267E678766E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{F9CE8CE0-1C04-4DBD-ADD0-0C0183E5EC59}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
    "TCP Query User{15D66746-E3D0-41B9-8AA3-AA429330A9F2}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
    "TCP Query User{58C47F2D-DCD9-4B06-8FAF-E03759ACBB3C}C:\program files\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
    "TCP Query User{6B5923FE-FD9B-4D91-8219-A689693F4253}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
    "TCP Query User{6BBAC0F3-650E-4577-85EA-7DF8077AC45A}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
    "TCP Query User{701A9D7F-21BC-4964-8461-74D175B78219}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "TCP Query User{9EE269C5-F412-45D3-9C08-4F30538AC9BC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "TCP Query User{A16DD624-BCF8-42C6-B71B-926F0FFE2338}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
    "TCP Query User{DB1DB1CB-CEAC-49F4-BC54-DC840F5CB404}C:\users\marie\appdata\local\temp\nero web\setupxu.exe" = protocol=6 | dir=in | app=c:\users\marie\appdata\local\temp\nero web\setupxu.exe |
    "UDP Query User{0438FD0E-EFEB-4270-AEEE-8FBA8E058E96}C:\program files\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
    "UDP Query User{148343DF-8A8D-4248-B0F0-510328E0C6D3}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "UDP Query User{3BD66196-AEB7-4668-98D0-677A83EB7F74}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "UDP Query User{98C2AB53-096F-4B03-B272-02F0251EA263}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
    "UDP Query User{A0DF7465-105E-4B5A-80FB-C3BEC26B1F28}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
    "UDP Query User{BDD9B976-89FA-44BF-A70C-EB89C9DC2437}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
    "UDP Query User{BE312E81-3484-47EF-B4BD-A14F3A919104}C:\users\marie\appdata\local\temp\nero web\setupxu.exe" = protocol=17 | dir=in | app=c:\users\marie\appdata\local\temp\nero web\setupxu.exe |
    "UDP Query User{F1C5321D-40CD-42F7-916E-BC990586A79F}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |

    [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{018F8F57-B46B-B9B9-C452-DE8F5618434F}" = Catalyst Control Center Graphics Full Existing
    "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
    "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
    "{04738311-DFA4-4CBE-A549-6D7CB0F78B15}" = Windows Live Writer Resources
    "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
    "{07766F89-EFAA-4635-86B7-636B89EA2C0D}" = Bing Bar Platform
    "{07C93E59-2DE3-1565-28A9-8C848B26D0F5}" = CCC Help German
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Barre d'outils Bing
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
    "{08ED8855-4C2E-429B-A878-F129E1F624FA}" = SweetIM for Messenger 3.2
    "{0A6F9244-8C79-1296-3A43-097F67EB666A}" = Catalyst Control Center Localization Dutch
    "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
    "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
    "{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
    "{0FBED033-E697-4531-BECF-8469AAF7223F}" = Windows Live Mail
    "{11B5D7DE-EFD9-4403-83CE-35376D8E6D6A}" = Windows Live Writer
    "{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
    "{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
    "{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
    "{158154A2-4267-44FA-BB07-65E101E2920E}" = Windows Live Remote Service
    "{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
    "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
    "{1790FDA2-938F-C886-8988-1ECB74E45517}" = Catalyst Control Center Localization Norwegian
    "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1A5B743C-FD87-48D0-9386-C4CCB5D3552C}" = Windows Live Sync Beta
    "{1C815731-19F3-0770-8776-D78D6BEBC291}" = Catalyst Control Center Localization Hungarian
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
    "{1EC06E70-BE43-DAAA-A217-E5C98869B1F8}" = Catalyst Control Center Localization Greek
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
    "{20140000-006D-040C-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 (Beta)
    "{20140062-0062-040C-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 (Beta) - Français
    "{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Support de Présentation VAIO
    "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
    "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
    "{252E50FD-F27C-C8DD-C9E2-D2845A2DC399}" = ATI Catalyst Install Manager
    "{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
    "{25BA8D5A-228A-7192-6FA1-890D9F1C679F}" = CCC Help Korean
    "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
    "{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Logiciel Intel(R) PROSet/Wireless WiFi
    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 13
    "{2739CCB7-2861-4858-9B2E-4CB19B489F8F}" = Windows Live Movie Maker
    "{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help
    "{326DC400-1FC4-4D7D-946D-06D1EAB93200}" = VAIO Guide
    "{363611D9-1106-41F2-B74E-BD8481C41219}" = Click to Disc
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{3932CA01-E514-48A1-8D2D-B9DA712C58B5}" = Windows Live Writer
    "{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
    "{3A81D825-184F-4ED4-9B1F-8E7E40B63617}" = Windows Live Photo Common Beta
    "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
    "{3B160861-7250-451E-B5EE-8B92BF30A710}" = Microsoft Works
    "{3B311FB9-5B6A-328C-D7AE-2445D639D886}" = CCC Help Norwegian
    "{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D333C7C-102B-F474-9524-72AAA3F292B8}" = Catalyst Control Center Localization Danish
    "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
    "{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
    "{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
    "{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}" = Adobe InDesign CS
    "{41A15ABD-081B-43DC-91A5-8727265E8D77}" = Windows Live Photo Common
    "{41F29458-1402-4849-BF68-BCF728DD8EEA}" = Windows Live Family Safety
    "{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
    "{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
    "{4529BC6B-16AE-6829-4946-36C33DBF8DD1}" = Catalyst Control Center Localization French
    "{46D7A7FB-305B-F77D-60F8-8FAE1C432374}" = Catalyst Control Center InstallProxy
    "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
    "{4D40C773-18B8-4521-8D3C-2C9DD6EF1303}" = Windows Live UX Platform Language Pack
    "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
    "{4E89C074-29D6-4756-B820-A95F5E15B33A}" = Windows Live MIME IFilter
    "{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
    "{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}" = upapp
    "{4F88F5D8-767A-4EB4-9AFA-A7CBCC69D767}" = Windows Live SOXE
    "{527EB2A4-BF51-B1B6-3F09-2032A861548E}" = Catalyst Control Center Graphics Light
    "{52CDDA92-56B6-4BA5-BD8D-E13B186008CB}" = D3DX10
    "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
    "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
    "{5545EEE3-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.5)
    "{55C0F7C1-8B6D-CBBD-2B88-EE7261A87254}" = CCC Help Greek
    "{568261B6-CBB0-440E-A8B3-FAECC6D256D3}" = Galerie de photos Windows Live (bêta)
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5783F2D7-6001-040C-0002-0060B0CE6BBA}" = AutoCAD 2008 - Français
    "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = Outil de restauration de données VAIO
    "{5863B6EF-76D0-4FF8-AA2F-EEBE7CC49DAA}" = ArcSoft PhotoImpression 5
    "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
    "{5B15759F-B7A0-400C-9A5E-634C9D0871CE}" = FEAR Perseus Mandate
    "{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
    "{5F5867F0-2D23-4338-A206-01A76C823924}" = Gestion de l’alimentation de VAIO
    "{629FD96D-5877-0832-2D31-0EFE781F870D}" = CCC Help Portuguese
    "{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
    "{64D114CE-4234-45C2-B60A-2B07D5A48F72}" = Microsoft Works 7.0
    "{652C5DED-9B9F-93D0-5E94-931B8C38EF0E}" = Catalyst Control Center Localization Thai
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{66069562-D3AF-4515-B1FD-7EE4DE5CE7D2}" = Windows Live PIMT Platform
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
    "{6860B340-530D-46B3-91F8-1AE1F70F7C33}" = OpenOffice.org 3.0
    "{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A54CB6A-59D1-6A3A-08F3-E34ECF8905A9}" = Catalyst Control Center Graphics Previews Vista
    "{6AA6EEA5-BF09-932B-AC25-0E9CCA4B709A}" = CCC Help Danish
    "{6AEE2B0B-B3C1-4367-B1EF-FC4ED98DEED1}" = C4100
    "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
    "{6BF81CE7-3D5A-497F-8912-2A65A0253E1B}" = Beyond Good & Evil
    "{6C4EF0CA-A9DD-96CF-B722-CCDEB589DD26}" = Catalyst Control Center Localization Chinese Traditional
    "{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
    "{711D43D7-24FE-A2B7-CC52-A48BCAAF3926}" = Catalyst Control Center Graphics Previews Common
    "{71E0982E-918C-4522-B947-4B71C768EF0C}" = Windows Live Remote Client Resources
    "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73496381-83C9-7BE6-6EB6-4CF97C00E5FD}" = CCC Help Polish
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{79347C9E-3647-4542-845A-62F3914083BA}" = Windows Live Messenger
    "{79BBD55C-9FF6-D496-8AE6-E2EC2829F974}" = Catalyst Control Center Localization Czech
    "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
    "{7CC28423-465C-F4B9-9379-343DF715BE62}" = CCC Help Swedish
    "{7E432D8D-D78A-44A8-9FE8-B8942F7FD01F}" = Windows Live UX Platform
    "{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting
    "{80828DF5-270E-F8E6-6274-55ACA4C7E229}" = Catalyst Control Center Localization Japanese
    "{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
    "{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
    "{84037798-D63A-F5CA-9FB2-829B362BF712}" = CCC Help Finnish
    "{8470A1D9-536E-C7C1-AE2D-24B739B1665A}" = Catalyst Control Center Localization Russian
    "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{882683C6-8B60-5CBC-38A8-55ED185FD975}" = CCC Help Turkish
    "{8843C5E1-51E5-DFA6-1AD8-757C8DCA7E37}" = CCC Help Russian
    "{886F91D5-4B45-45DC-938E-6B0276C6B015}" = Solid Edge V20
    "{88C596E4-6882-8E76-EBEF-AB739F5A3B69}" = Catalyst Control Center Localization Italian
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8BD60AEF-3F9D-47AE-B80A-FB7FFCE335A0}" = VAIO Movie Story
    "{8C467DE1-6E04-0888-B281-172909C96F37}" = Skins
    "{8C7FB08D-7A84-22E0-F553-F6B827023E17}" = CCC Help Chinese Traditional
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
    "{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
    "{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
    "{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
    "{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0401-0000-0000000FF1CE}_VISPRO_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0401-0000-0000000FF1CE}_VISPROR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0407-0000-0000000FF1CE}_VISPROR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
    "{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0413-0000-0000000FF1CE}_VISPRO_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0413-0000-0000000FF1CE}_VISPROR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
    "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
    "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
    "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
    "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0054-040C-0000-0000000FF1CE}" = Microsoft Office Visio MUI (French) 2007
    "{90120000-0054-040C-0000-0000000FF1CE}_VISPRO_{7EC87B94-B9A7-4C72-9C55-21C1C9DEE3C5}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
    "{90120000-0054-040C-0000-0000000FF1CE}_VISPROR_{7EC87B94-B9A7-4C72-9C55-21C1C9DEE3C5}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
    "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
    "{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-040C-0000-0000000FF1CE}_VISPRO_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-040C-0000-0000000FF1CE}_VISPROR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
    "{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
    "{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
    "{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{911B040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
    "{91973772-A002-446D-8A67-B410553AD8F9}" = Windows Live SOXE Definitions
    "{93F32124-BB54-C599-CF55-E1E57565BCE3}" = CCC Help Czech
    "{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
    "{96C951BB-47C8-8497-78F0-7D8D328B58E3}" = Catalyst Control Center Localization Portuguese
    "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
    "{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
    "{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
    "{99D8CD4E-A5D2-A9DF-A152-B28EB5A71F85}" = Catalyst Control Center Localization German
    "{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
    "{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
    "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A552C4EA-D41E-4C61-A0FB-C0E05440F7D7}" = VAIO Entertainment Platform
    "{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
    "{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}" = SweetIM Toolbar for Internet Explorer 3.9
    "{A7A2204E-5BA0-4F13-9D5C-AD68CFCE4F63}" = Windows Live Remote Service Resources
    "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A939F952-1C7E-CBF8-EE77-CFBD9C6A4ECC}" = ccc-core-static
    "{AA75988E-9EC1-EECE-CE00-D5D935974528}" = CCC Help Dutch
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat 8 Standard - English, Français, Deutsch
    "{AC76BA86-7AD7-1036-7B44-A91000000001}" = Adobe Reader 9.1 - Français
    "{ACB5FD4A-6C58-972C-180C-9677C037E71D}" = Catalyst Control Center Localization Chinese Standard
    "{ADBDB038-FF77-C672-04A1-7A0E67E8C73C}" = Catalyst Control Center Core Implementation
    "{ADECE95F-585D-8B33-BF50-53C2BDA1E241}" = Catalyst Control Center Localization Korean
    "{AE0FBCB5-3193-4583-C6CB-AA96F307EA70}" = ccc-utility
    "{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
    "{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
    "{AFF10119-F154-4888-77F3-B149DE987976}" = Catalyst Control Center Localization Polish
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
    "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
    "{B33CAFFE-01C2-4D10-9E74-74C1E13E0C04}" = Windows Live Messenger Companion Core
    "{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
    "{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
    "{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.4
    "{BACD22AE-5B6B-4F23-B506-3FCFF13AC137}" = VAIO Media plus
    "{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
    "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
    "{BEWINTERNET-FR-DMGP-V2}.UninstallSuite" = Désinstallation de La clé 3G+
    "{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
    "{C716522C-3731-4667-8579-40B098294500}" = Toolbox
    "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
    "{C767EE67-9AA4-1CBF-8FD4-87F52CBB041D}" = CCC Help Italian
    "{C8E57F8C-64FE-28D7-0F65-7BE87AF49745}" = Catalyst Control Center Graphics Full New
    "{C93F4E7C-1B31-449B-A304-EF277CF55E39}" = Catalyst Control Center - Branding
    "{CAE07D54-A400-DAF9-912B-306DD941B61C}" = Catalyst Control Center Localization Finnish
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB6CF566-E06F-2556-55EF-EE149FC6EE7F}" = CCC Help French
    "{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
    "{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CF092689-6ADF-4C86-A8DA-31B0B448A36C}" = Junk Mail filter update
    "{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
    "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
    "{D355ECA7-DBF5-F22E-4E1A-BF69CFC5CED8}" = CCC Help Japanese
    "{D44DF260-2D5A-3277-97D6-C97D1A806CF5}" = CCC Help Thai
    "{D4AC05BA-249E-410E-A62D-C7759C276BA4}" = Windows Live Sync Beta
    "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
    "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
    "{D7019E24-BF07-3690-18C7-3D0DE87D09AB}" = CCC Help Chinese Standard
    "{D7FFE7EB-1A15-864C-B335-E768BF623B84}" = Catalyst Control Center Localization Swedish
    "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
    "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
    "{DE1F799A-0A02-FF3B-8786-195E91D0DE94}" = CCC Help Spanish
    "{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
    "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
    "{E18C7F77-1E6E-4541-A987-1DF3612D21E8}" = Contrôle ActiveX Windows Live Devices pour connexions à distance
    "{E1D4A6AF-E335-44A7-B6AF-4BBF6492DDEF}" = Complément Messenger
    "{E31010F6-DE18-0E9F-E028-FC709306C6F1}" = Catalyst Control Center Localization Turkish
    "{E38D381A-ABCF-4D97-9D9C-B3A8529DCA15}" = OS Pack Works Suite
    "{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.4100
    "{E5BD6683-301D-B224-FB7C-320299CD51F9}" = CCC Help Hungarian
    "{E6A3770D-C87A-4505-B8C6-A4CF96AC395C}" = SonicStage Mastering Studio
    "{E9730C7A-E5DA-8222-45FE-2D71E810BE46}" = Catalyst Control Center Localization Spanish
    "{E9E37358-E3E1-47BA-9E21-375EF3616BC9}" = Lecteur CANALPLAY 2.3
    "{EA39F1F5-D4A1-C02A-0865-7F6A95A33A56}" = CCC Help English
    "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
    "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
    "{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Préréglage personnalisé de SonicStage Mastering Studio Audio Filter
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
    "{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
    "{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
    "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F196BCB8-1F5D-4F56-AD51-9E911D507BAB}" = Windows Live Bêta
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
    "{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
    "{F58A67D7-4056-4C0F-8874-1022E1157A88}" = Windows Live Remote Client
    "{F6B1CD0F-DB2D-4666-A168-C46390AD8C4A}" = Complément Microsoft Word pour Microsoft Works Suite
    "{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
    "{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1036}" = Nero 7 Essentials
    "{FB5AEB8B-D920-4F21-8336-16CFA828B145}" = Mesh Runtime
    "{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
    "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
    "{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
    "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Acrobat 8 Standard - English, Français, Deutsch" = Adobe Acrobat 8 Standard - English, Français, Deutsch
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 11
    "Ares" = Ares 2.1.1
    "AutoCAD 2008 - Français" = AutoCAD 2008 - Français
    "avast5" = avast! Free Antivirus
    "AviSynth" = AviSynth 2.5
    "Bandoo" = Fun4IM
    "BFG-Big Fish Games Suite de jeu" = Big Fish Games Suite de jeu
    "CardDetectorHUAWEI160" = Card Detector for Huawei E160
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
    "dt icon module" =
    "ffdshow_is1" = ffdshow [rev 2060] [2008-08-01]
    "FrostWire" = FrostWire 4.17.0
    "Google Chrome" = Google Chrome
    "Google Desktop" = Google Desktop
    "gtfirstboot Setting Request" =
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "hp deskjet 5550 series" = hp deskjet 5550 series (Supprimer uniquement)
    "hp deskjet 5550 series_Driver" = hp deskjet 5550 series
    "HP Imaging Device Functions" = HP Imaging Device Functions 8.0
    "hp print screen utility" = hp print screen utility
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
    "HPExtendedCapabilities" = HP Customer Participation Program 8.0
    "HPOCR" = HP OCR Software 8.0
    "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
    "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
    "InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
    "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
    "KLiteCodecPack_is1" = K-Lite Codec Pack 4.3.1 (Full)
    "LameACM" = Lame ACM MP3 Codec
    "Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
    "MarketingTools" = VAIO Marketing Tools
    "Messenger Plus! Live" = Messenger Plus! Live
    "MFU Module" =
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
    "mmswitch" = Morgan Stream Switcher
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "NeoDivX2008" = NeoDivx 2008
    "NirSoft BlueScreenView" = NirSoft BlueScreenView
    "OfferBox Browser" = OfferBox Browser
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 (Beta)
    "OPERATION7" = OPERATION7
    "PhotoFiltre" = PhotoFiltre
    "Picasa2" = Picasa 2
    "PremElem40" = Adobe Premiere Elements 4.0
    "PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
    "ProInst" = Intel PROSet Wireless
    "PunkBusterSvc" = PunkBuster Services
    "Ri4m v5.0.1d" = Ri4m v5.0.1d
    "Searchqu MediaBar" = Windows Searchqu Toolbar
    "ShockwaveFlash" = Macromedia Flash Player 8
    "Softonic_France Toolbar" = Softonic_France Toolbar
    "TomTom HOME" = TomTom HOME 2.7.6.2056
    "TVAnts 1.0" = TVAnts 1.0
    "VAIO Help and Support" =
    "VISPRO" = Microsoft Office Visio Professional 2007
    "VISPROR" = Microsoft Office Visio Professional 2007 Trial
    "VLC media player" = VLC media player 1.0.5
    "Wikikou Messenger Cleaner" = Wikikou Messenger Cleaner
    "WinLiveSuite" = Windows Live Bêta
    "WinLiveSuite_Wave3" = Installation Windows Live
    "Works2003Setup" = Sélecteur d'installation de Microsoft Works Suite 2003
    "x264 Revision 305 x264.nl" = x264 Revision 305 x264.nl (remove only)
    "Xvid_is1" = Xvid 1.1.3 final uninstall

    [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

    [HKEY_USERS\S-1-5-21-4153504202-3772131068-2209810794-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In

    [color=#E56717]========== Last 10 Event Log Errors ==========[/color]

    [ Antivirus Events ]
    Error - 20/02/2009 03:29:32 | Computer Name = PC-de-Anthony | Source = avast! | ID = 33554522
    Description =

    Error - 02/03/2009 15:40:00 | Computer Name = PC-de-Anthony | Source = avast! | ID = 33554522
    Description =

    Error - 19/12/2009 12:27:37 | Computer Name = PC-de-Anthony | Source = avast! | ID = 33554522
    Description =

    Error - 17/08/2010 18:12:02 | Computer Name = PC-de-Anthony | Source = avast! | ID = 33554522
    Description =

    Error - 31/08/2010 15:25:08 | Computer Name = PC-de-Anthony | Source = avast! | ID = 33554522
    Description =

    Error - 01/09/2010 15:46:55 | Computer Name = PC-de-Anthony | Source = avast! | ID = 33554522
    Description =

    Error - 30/11/2010 12:55:04 | Computer Name = PC-de-Anthony | Source = avast! | ID = 33554522
    Description =

    Error - 26/12/2010 13:24:26 | Computer Name = PC-de-Anthony | Source = avast! | ID = 33554522
    Description =

    [ Application Events ]
    Error - 12/01/2011 13:26:06 | Computer Name = PC-de-Anthony | Source = WinMgmt | ID = 10
    Description =

    Error - 12/01/2011 13:35:04 | Computer Name = PC-de-Anthony | Source = CVHSVC | ID = 100
    Description = Pour information uniquement. (Patch task for {20140062-0062-040C-0000-0000000FF1CE}):
    DownloadLatest Failed: État HTTP 404 : l’URL requise n’existe pas sur le serveur.


    Error - 12/01/2011 13:53:52 | Computer Name = PC-de-Anthony | Source = Microsoft-Windows-CAPI2 | ID = 131077
    Description =

    Error - 12/01/2011 13:53:52 | Computer Name = PC-de-Anthony | Source = Microsoft-Windows-CAPI2 | ID = 131077
    Description =

    Error - 12/01/2011 13:54:02 | Computer Name = PC-de-Anthony | Source = Microsoft-Windows-CAPI2 | ID = 131077
    Description =

    Error - 12/01/2011 13:54:02 | Computer Name = PC-de-Anthony | Source = Microsoft-Windows-CAPI2 | ID = 131077
    Description =

    Error - 12/01/2011 14:18:52 | Computer Name = PC-de-Anthony | Source = Application Error | ID = 1000
    Description = Application défaillante 0.8245532604793991.exe, version 9.13.0.31,
    horodatage 0x4ba897bb, module défaillant 0.8245532604793991.exe, version 9.13.0.31,
    horodatage 0x4ba897bb, code d’exception 0xc0000005, décalage d’erreur 0x00004327,
    ID
    du processus 0x220, heure de début de l’application 0x01cbb2852ab74740.

    Error - 12/01/2011 14:18:56 | Computer Name = PC-de-Anthony | Source = Application Error | ID = 1000
    Description = Application défaillante 8.791606613705714E8.exe, version 9.13.0.31,
    horodatage 0x4ba897bb, module défaillant 8.791606613705714E8.exe, version 9.13.0.31,
    horodatage 0x4ba897bb, code d’exception 0xc0000005, décalage d’erreur 0x00004327,
    ID
    du processus 0xa30, heure de début de l’application 0x01cbb2852bae7880.

    Error - 12/01/2011 14:18:56 | Computer Name = PC-de-Anthony | Source = Application Error | ID = 1000
    Description = Application défaillante 0.03609382571585429.exe, version 9.13.0.31,
    horodatage 0x4ba897bb, module défaillant 0.03609382571585429.exe, version 9.13.0.31,
    horodatage 0x4ba897bb, code d’exception 0xc0000005, décalage d’erreur 0x00004327,
    ID
    du processus 0xa7c, heure de début de l’application 0x01cbb2852b5b2860.

    Error - 12/01/2011 14:18:57 | Computer Name = PC-de-Anthony | Source = Application Error | ID = 1000
    Description = Application défaillante svchost.exe, version 9.13.0.31, horodatage
    0x4ba897bb, module défaillant svchost.exe, version 9.13.0.31, horodatage 0x4ba897bb,
    code d’exception 0xc0000005, décalage d’erreur 0x00004327, ID du processus 0xc38,
    heure de début de l’application 0x01cbb2852c6c9860.

    [ OSession Events ]
    Error - 21/02/2009 16:31:19 | Computer Name = PC-de-Anthony | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
    lasted 25 seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 12/01/2011 12:57:14 | Computer Name = PC-de-Anthony | Source = Service Control Manager | ID = 7001
    Description =

    Error - 12/01/2011 12:57:14 | Computer Name = PC-de-Anthony | Source = Service Control Manager | ID = 7001
    Description =

    Error - 12/01/2011 12:57:14 | Computer Name = PC-de-Anthony | Source = Service Control Manager | ID = 7001
    Description =

    Error - 12/01/2011 12:57:14 | Computer Name = PC-de-Anthony | Source = Service Control Manager | ID = 7026
    Description =

    Error - 12/01/2011 13:26:07 | Computer Name = PC-de-Anthony | Source = Service Control Manager | ID = 7000
    Description =

    Error - 12/01/2011 13:26:23 | Computer Name = PC-de-Anthony | Source = Service Control Manager | ID = 7022
    Description =

    Error - 12/01/2011 13:29:29 | Computer Name = PC-de-Anthony | Source = WMPNetworkSvc | ID = 866321
    Description =

    Error - 12/01/2011 13:29:29 | Computer Name = PC-de-Anthony | Source = WMPNetworkSvc | ID = 866317
    Description =

    Error - 12/01/2011 13:29:29 | Computer Name = PC-de-Anthony | Source = WMPNetworkSvc | ID = 866321
    Description =

    Error - 12/01/2011 13:29:29 | Computer Name = PC-de-Anthony | Source = WMPNetworkSvc | ID = 866317
    Description =


    < End of report >
    m
    0
    l
    a b 8 Sécurité
    a b C Ecran
    12 Janvier 2011 20:24:18

    Eh ben...

    PC surbourré d'infections...

    Je contacte un helper qui va t'aider à les enlever.
    m
    0
    l
    12 Janvier 2011 20:30:39

    Oui,j'm'en douté ! .... c'est pas mon pc !

    MERCI !!!
    m
    0
    l
    12 Janvier 2011 21:41:18

    Bonsoir
    bien infecté....
    on va déplacer ton sujet dans la section virus ;O)


  • Désactive l'UAC le temps de la désinfection.

  • Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

    /!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\

  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
    (Sous Vista/Seven, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
  • Choisis la langue F pour français.
  • Au menu principal, choisis l'option Scanner.

    /!\ Laisse travailler l'outil /!\

  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
    /!\ Pense à réactiver ton antivirus /!\
    m
    0
    l
    a b 8 Sécurité
    a b C Ecran
    12 Janvier 2011 21:43:36

    Drapal
    m
    0
    l
    12 Janvier 2011 22:10:07

    Voila le rapport de AD-R !!! :ange: 

    ======= RAPPORT D'AD-REMOVER 2.0.0.2,D | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 12/01/11 à 19:00
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 22:05:41 le 12/01/2011, Mode normal

    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86)
    Marie@PC-DE-ANTHONY (Sony Corporation VGN-FW21E)

    ============== RECHERCHE ==============


    Dossier trouvé: C:\Program Files\Windows Searchqu Toolbar
    Fichier trouvé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigateur OfferBox.lnk
    Dossier trouvé: C:\Users\Marie\AppData\Roaming\Mozilla\FireFox\Profiles\xyal9qxv.default\conduit
    Dossier trouvé: C:\Users\Marie\AppData\Roaming\Mozilla\FireFox\Profiles\xyal9qxv.default\ConduitEngine
    Dossier trouvé: C:\Users\Marie\AppData\Roaming\Mozilla\FireFox\Profiles\xyal9qxv.default\extensions\engine@conduit.com
    Fichier trouvé: C:\Users\Marie\AppData\Roaming\Mozilla\FireFox\Profiles\xyal9qxv.default\searchplugins\conduit.xml
    Dossier trouvé: C:\Users\Marie\AppData\LocalLow\Conduit
    Dossier trouvé: C:\Program Files\Conduit
    Dossier trouvé: C:\Users\Marie\AppData\LocalLow\ConduitEngine
    Dossier trouvé: C:\Program Files\ConduitEngine
    Dossier trouvé: C:\Users\Marie\AppData\LocalLow\PriceGong
    Dossier trouvé: C:\Users\Marie\AppData\LocalLow\SearchquTB
    Dossier trouvé: C:\Users\Marie\AppData\Roaming\OfferBox
    Dossier trouvé: C:\Users\Aurelien\AppData\Roaming\OfferBox
    Dossier trouvé: C:\Program Files\OfferBox

    -- Fichier ouvert: C:\Users\Marie\AppData\Roaming\Mozilla\FireFox\Profiles\xyal9qxv.default\Prefs.js --
    Ligne trouvée: user_pref("CT2719315.SearchEngine", "Recherche||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_...
    Ligne trouvée: user_pref("CT2719315.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT271...
    Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2719315/CT2719315...
    Ligne trouvée: user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/402");
    Ligne trouvée: user_pref("keyword.URL", "hxxp://www.searchqu.com/web?src=ffb&systemid=402&q=");
    Ligne trouvée: user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx...
    Ligne trouvée: user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT27...
    Ligne trouvée: user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT...
    -- Fichier Fermé --


    -- Fichier ouvert: C:\Users\Aurelien\AppData\Roaming\Mozilla\FireFox\Profiles\aikfg8ej.default\Prefs.js --
    Ligne trouvée: user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/402");
    Ligne trouvée: user_pref("keyword.URL", "hxxp://www.searchqu.com/web?src=ffb&systemid=402&q=");
    -- Fichier Fermé --


    Clé trouvée: HKLM\Software\Classes\CLSID\{1B224E5D-D053-4C44-A17E-B5971160DCA8}
    Clé trouvée: HKLM\Software\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}
    Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FF99715-3016-4381-84CE-E4E4C9673020}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FF99715-3016-4381-84CE-E4E4C9673020}
    Clé trouvée: HKLM\Software\Classes\CLSID\{A7E8C343-7860-4A95-9AA8-AAF30D0F6D1E}
    Clé trouvée: HKLM\Software\Classes\CLSID\{E35087EB-77A7-400E-86D3-8707619DF5A8}
    Clé trouvée: HKLM\Software\Classes\CLSID\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
    Clé trouvée: HKLM\Software\Classes\Interface\{6612AFDD-34AD-4B89-A236-7E6D07C3FDCD}
    Clé trouvée: HKLM\Software\Classes\TypeLib\{ED85AEBE-F834-4088-B5D3-97EB2478A6CD}
    Clé trouvée: HKLM\Software\Classes\OfferBox.OfferBoxServer
    Clé trouvée: HKLM\Software\Classes\OfferBox.OfferBoxServer.1
    Clé trouvée: HKLM\Software\Classes\Toolbar.CT2542115
    Clé trouvée: HKLM\Software\Classes\Toolbar.CT2719315
    Clé trouvée: HKLM\Software\OfferBox
    Clé trouvée: HKLM\Software\SearchquMediabarTb
    Clé trouvée: HKLM\Software\bandoo
    Clé trouvée: HKLM\Software\Conduit
    Clé trouvée: HKLM\Software\DataMngr
    Clé trouvée: HKCU\Software\OfferBox
    Clé trouvée: HKCU\Software\DataMngr
    Clé trouvée: HKCU\Software\AppDataLow\Toolbar
    Clé trouvée: HKCU\Software\AppDataLow\Software\Conduit
    Clé trouvée: HKCU\Software\AppDataLow\Software\PriceGong
    Clé trouvée: HKU\.DEFAULT\Software\OfferBox
    Clé trouvée: HKU\.DEFAULT\Software\DataMngr
    Clé trouvée: HKU\S-1-5-18\Software\OfferBox
    Clé trouvée: HKU\S-1-5-18\Software\DataMngr
    Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7402}
    Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37F4A335-D085-423e-A425-0370799166FB}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OfferBox Browser
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bandoo
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu MediaBar
    Clé trouvée: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom

    Valeur trouvée: HKLM\Software\Mozilla\Firefox\Extensions|offerboxffx@offerbox.com
    Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DataMngr
    Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{7FF99715-3016-4381-84CE-E4E4C9673020}


    ============== SCAN ADDITIONNEL ==============

    ** Mozilla Firefox Version [3.6.13 (fr)] **

    -- C:\Users\Marie\AppData\Roaming\Mozilla\FireFox\Profiles\xyal9qxv.default\Prefs.js --
    browser.download.dir, C:\\Users\\Marie\\Downloads
    browser.download.lastDir, C:\\Users\\Marie\\Desktop
    browser.search.defaultenginename, SweetIM Search
    browser.search.defaulturl, hxxp://search.sweetim.com/search.asp?src=2&q=
    browser.search.selectedEngine, Google
    browser.startup.homepage, hxxp://www.searchqu.com/402
    browser.startup.homepage_override.mstone, rv:1.9.2.13
    keyword.URL, hxxp://www.searchqu.com/web?src=ffb&systemid=402&q=
    sweetim.toolbar.previous.browser.search.defaultenginename, chrome://browser-region/locale/region.properties
    sweetim.toolbar.previous.browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2719315&SearchSourc...
    sweetim.toolbar.previous.browser.startup.homepage, hxxp://search.conduit.com/?ctid=CT2719315&SearchSource=13
    sweetim.toolbar.previous.keyword.URL, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2719315&q=

    -- C:\Users\Aurelien\AppData\Roaming\Mozilla\FireFox\Profiles\aikfg8ej.default\Prefs.js --
    browser.download.dir, C:\\Users\\Aurelien\\Downloads
    browser.download.lastDir, C:\\Users\\Aurelien\\Desktop
    browser.startup.homepage, hxxp://www.searchqu.com/402
    browser.startup.homepage_override.mstone, rv:1.9.2.13
    keyword.URL, hxxp://www.searchqu.com/web?src=ffb&systemid=402&q=

    ========================================

    ** Internet Explorer Version [8.0.6001.18975] **

    [HKCU\Software\Microsoft\Internet Explorer\Main]
    Default_Page_URL: hxxp://www.club-vaio.com
    Do404Search: 0x01000000
    Local Page: C:\Windows\system32\blank.htm
    Search bar: hxxp://www.google.com/ie
    Search Page: hxxp://www.google.com
    Show_ToolBar: yes
    Start Page: hxxp://search.wikikou.fr
    Use Search Asst: no

    [HKLM\Software\Microsoft\Internet Explorer\Main]
    AutoHide: yes
    Default_Page_URL: hxxp://www.club-vaio.com
    Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Delete_Temp_Files_On_Exit: yes
    Enable Browser Extensions: yes
    Local Page: C:\Windows\System32\blank.htm
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Start Page: hxxp://home.sweetim.com
    Use Search Asst: no

    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

    C:\Ad-Report-SCAN[1].txt - 12/01/2011 (8445 Octet(s))

    Fin à: 22:06:53, 12/01/2011

    ============== E.O.F ==============
    m
    0
    l
    14 Janvier 2011 16:47:16

    HELP ! :( 

    Écran bleu toujours présent et Infection toujours présente ! :cry: 
    m
    0
    l
    14 Janvier 2011 21:34:55

    Bonsoir
    désolé, les drapeaux n'ont pas marché sur ton sujet... :/ 
    (tu peux me mp si je ne réponds pas au bout de 24 h)


    1

    /!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\

  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
    (Sous Vista/Seven, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
  • Choisis la langue F pour français.
  • Au menu principal, choisis l'option Nettoyer.

    /!\ Laisse travailler l'outil /!\

  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
    /!\ Pense à réactiver ton antivirus /!\

    2

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs : Combofix
    Sauvegarde-le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    <@_@>

    m
    0
    l
    14 Janvier 2011 22:27:22

    Bonsoir, donc voila le rapport de AD-R après "Nettoyer".

    ======= RAPPORT D'AD-REMOVER 2.0.0.2,D | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 12/01/11 à 19:00
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 22:17:40 le 14/01/2011, Mode sans echec

    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86)
    Marie@PC-DE-ANTHONY (Sony Corporation VGN-FW21E)

    ============== ACTION(S) ==============


    Dossier supprimé: C:\Program Files\Windows Searchqu Toolbar
    Dossier supprimé: C:\Users\Marie\AppData\Roaming\Mozilla\FireFox\Profiles\xyal9qxv.default\conduit
    Dossier supprimé: C:\Users\Marie\AppData\Roaming\Mozilla\FireFox\Profiles\xyal9qxv.default\ConduitEngine
    Dossier supprimé: C:\Users\Marie\AppData\Roaming\Mozilla\FireFox\Profiles\xyal9qxv.default\extensions\engine@conduit.com
    Fichier supprimé: C:\Users\Marie\AppData\Roaming\Mozilla\FireFox\Profiles\xyal9qxv.default\searchplugins\conduit.xml
    Dossier supprimé: C:\Users\Marie\AppData\LocalLow\Conduit
    Dossier supprimé: C:\Program Files\Conduit
    Dossier supprimé: C:\Users\Marie\AppData\LocalLow\ConduitEngine
    Dossier supprimé: C:\Program Files\ConduitEngine
    Dossier supprimé: C:\Users\Marie\AppData\LocalLow\PriceGong
    Dossier supprimé: C:\Users\Marie\AppData\LocalLow\SearchquTB
    Dossier supprimé: C:\Users\Marie\AppData\Roaming\OfferBox
    Dossier supprimé: C:\Users\Aurelien\AppData\Roaming\OfferBox
    Dossier supprimé: C:\Program Files\OfferBox

    (!) -- Fichiers temporaires supprimés.


    -- Fichier ouvert: C:\Users\Marie\AppData\Roaming\Mozilla\FireFox\Profiles\xyal9qxv.default\Prefs.js --
    Ligne supprimée:
    Ligne supprimée:
    Ligne supprimée: user_pref("CT2719315.SearchEngine", "Recherche||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_...
    Ligne supprimée: user_pref("CT2719315.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT271...
    Ligne supprimée: user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx...
    Ligne supprimée: user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT27...
    Ligne supprimée: user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT...
    -- Fichier Fermé --


    Clé supprimée: HKLM\Software\Classes\CLSID\{1B224E5D-D053-4C44-A17E-B5971160DCA8}
    Clé supprimée: HKLM\Software\Classes\CLSID\{E35087EB-77A7-400E-86D3-8707619DF5A8}
    Clé supprimée: HKLM\Software\Classes\Toolbar.CT2542115
    Clé supprimée: HKLM\Software\Classes\Toolbar.CT2719315
    Clé supprimée: HKLM\Software\Conduit
    Clé supprimée: HKCU\Software\AppDataLow\Toolbar
    Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
    Clé supprimée: HKCU\Software\AppDataLow\Software\PriceGong
    Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}


    ============== SCAN ADDITIONNEL ==============

    ** Mozilla Firefox Version [3.6.12 (fr)] **

    -- C:\Users\Marie\AppData\Roaming\Mozilla\FireFox\Profiles\xyal9qxv.default\Prefs.js --
    browser.download.dir, C:\\Users\\Marie\\Downloads
    browser.download.lastDir, C:\\Users\\Marie\\Desktop
    browser.search.defaultenginename, SweetIM Search
    browser.search.defaulturl, hxxp://search.sweetim.com/search.asp?src=2&q=
    browser.search.selectedEngine, Google
    browser.startup.homepage, hxxp://home.sweetim.com
    browser.startup.homepage_override.mstone, rv:1.9.2.12
    keyword.URL, hxxp://search.sweetim.com/search.asp?src=2&q=
    sweetim.toolbar.previous.browser.search.defaultenginename, chrome://browser-region/locale/region.properties

    -- C:\Users\Aurelien\AppData\Roaming\Mozilla\FireFox\Profiles\aikfg8ej.default\Prefs.js --
    browser.download.dir, C:\\Users\\Aurelien\\Downloads
    browser.download.lastDir, C:\\Users\\Aurelien\\Desktop
    browser.startup.homepage_override.mstone, rv:1.9.2.8

    ========================================

    ** Internet Explorer Version [8.0.6001.18975] **

    [HKCU\Software\Microsoft\Internet Explorer\Main]
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Local Page: C:\Windows\system32\blank.htm
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    Use Search Asst: no

    [HKLM\Software\Microsoft\Internet Explorer\Main]
    AutoHide: yes
    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Enable Browser Extensions: yes
    Local Page: C:\Windows\System32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/
    Use Search Asst: no

    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 552 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 17 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 14/01/2011 (0 Octet(s))
    C:\Ad-Report-SCAN[1].txt - 12/01/2011 (8574 Octet(s))

    Fin à: 22:19:17, 14/01/2011

    ============== E.O.F ==============


    Je passe maintenant a ComboFix ! :ange: 
    m
    0
    l
    14 Janvier 2011 23:21:56

    Et voici maintenant le rapport de ComboFix :

    ComboFix 11-01-14.01 - Marie 14/01/2011 23:00:11.1.2 - x86 MINIMAL
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3038.2491 [GMT 1:00]
    Lancé depuis: c:\users\Marie\Desktop\ComboFix.exe
    AV: avast! antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
    c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
    c:\users\Marie\AppData\Roaming\A01DCC7912F6B72C4E1240D8EDF6942C
    c:\users\Marie\AppData\Roaming\A01DCC7912F6B72C4E1240D8EDF6942C\enemies-names.txt

    ----- BITS: Il y a peut-être des sites infectés -----

    hxxp://wlxindex
    .
    \\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_seneka


    ((((((((((((((((((((((((((((( Fichiers créés du 2010-12-14 au 2011-01-14 ))))))))))))))))))))))))))))))))))))
    .

    2011-01-14 22:09 . 2011-01-14 22:09 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-14 22:09 . 2011-01-14 22:09 -------- d-----w- c:\users\Aurelien\AppData\Local\temp
    2011-01-14 22:09 . 2011-01-14 22:13 -------- d-----w- c:\users\Marie\AppData\Local\temp
    2011-01-14 21:08 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B89625B3-99F8-4C6F-8C78-2415F962D5FD}\mpengine.dll
    2011-01-12 21:03 . 2011-01-14 21:17 -------- d-----w- c:\program files\Ad-Remover
    2011-01-11 20:59 . 2011-01-11 20:59 -------- d-----w- c:\program files\NirSoft
    2011-01-09 18:14 . 2011-01-09 18:14 -------- d-----w- c:\programdata\Fun4IM
    2011-01-09 18:14 . 2011-01-09 18:14 -------- d-----w- c:\program files\Fun4IM
    2010-12-28 15:44 . 2011-01-05 17:13 -------- d-----w- c:\users\Marie\AppData\Roaming\xssendawfmawik2hysxo2nuycuutisaopsqdt
    2010-12-28 15:42 . 2010-12-30 18:09 -------- d-----w- c:\users\Marie\AppData\Roaming\yiesigfectwxnnemknouodordjwrgr32
    2010-12-26 17:43 . 2010-12-26 17:43 -------- d-----w- c:\programdata\Alwil Software

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-19 09:41 . 2009-10-02 22:07 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-06-19 18:57 . 2009-11-15 21:39 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\tbSoft.dll" [2010-06-13 2734688]
    "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-06-13 138552]

    [HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
    2010-06-13 17:10 2734688 ----a-w- c:\program files\Softonic_France\tbSoft.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
    2010-06-13 15:25 1438520 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\tbSoft.dll" [2010-06-13 2734688]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]

    [HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}"= "c:\program files\Softonic_France\tbSoft.dll" [2010-06-13 2734688]

    [HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-18 39408]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-06-07 111928]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-1 768552]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2008-07-15 16:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
    backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Acrobat.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide d'Adobe Acrobat.lnk
    backup=c:\windows\pss\Lancement rapide d'Adobe Acrobat.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Aurelien^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
    path=c:\users\Aurelien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
    backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Marie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Audio Filter.lnk]
    path=c:\users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio Filter.lnk
    backup=c:\windows\pss\Audio Filter.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Marie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Touch Mouse Server.lnk]
    path=c:\users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk
    backup=c:\windows\pss\Logitech Touch Mouse Server.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Marie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
    path=c:\users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
    backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Marie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
    path=c:\users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
    backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2006-10-22 21:24 620152 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AML]
    2008-06-13 13:07 1097728 ----a-w- c:\program files\Sony\VAIO Launcher\AML.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    2008-02-23 00:38 122880 ----a-w- c:\program files\Apoint\Apoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2009-08-13 14:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
    2009-01-03 16:21 893952 ----a-w- c:\program files\Ares\Ares.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BEWINTERNET-FR-DMGP-V2SessionManager]
    2008-09-02 01:06 131824 ----a-w- c:\program files\M6Mobile\SessionManager\SessionManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2008-01-22 10:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CardDetectorHUAWEI160]
    2008-08-05 10:22 270336 ----a-r- c:\program files\CardDetector\HUAWEI160\CardDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2010-06-19 18:57 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2006-12-10 19:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    2002-07-11 12:48 188416 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\hpztsb06.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
    2008-04-03 18:03 317280 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-06-15 14:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools]
    2008-08-26 13:47 24576 ----a-w- c:\program files\Sony\Marketing Tools\MarketingTools.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
    2010-05-10 12:12 439568 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2008-05-28 07:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSUFloatingUI]
    2008-07-30 14:05 262144 ----a-w- c:\program files\Sony\Network Utility\LANUtil.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 20:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2008-07-18 11:14 6295552 ----a-w- c:\windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
    2008-07-18 11:14 1826816 ----a-w- c:\windows\SkyTel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2008-01-21 10:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-03-09 03:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-03-18 14:32 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMpTtray.exe]
    2008-05-24 17:01 86016 ----a-w- c:\program files\Sony\VAIO Media plus\VMpTtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4153504202-3772131068-2209810794-1000]
    "EnableNotificationsRef"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-23 29736]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
    R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2008-08-01 28224]
    R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-19 30192]
    R4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 135664]
    R4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-10 3458548]
    R4 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-18 104992]
    R4 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [2007-10-01 423584]
    R4 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-20 103712]
    R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-20 353568]
    R4 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-20 62752]
    R4 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-08-06 411488]
    R4 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
    R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-11 337184]
    R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-11 83232]
    R4 wlcrasvc;Windows Live Devices remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-07-31 49504]
    S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2009-09-26 819600]
    S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-07-30 299008]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
    S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2009-09-23 447832]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
    S3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]
    S3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\sftfslh.sys [2009-09-23 543064]
    S3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys [2009-09-23 190312]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-09-23 21848]
    S3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\sftvollh.sys [2009-09-23 14680]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2009-09-23 203608]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contenu du dossier 'Tâches planifiées'

    2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cac6b5ae385cb0.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 02:21]
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    Trusted Zone: canalplay.com
    Trusted Zone: canalplusactive.com
    Trusted Zone: canalplay.com
    Trusted Zone: canalplusactive.com
    FF - ProfilePath - c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\xyal9qxv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
    FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
    FF - user.js: yahoo.homepage.dontask - true
    .
    .
    ------- Associations de fichier -------
    .
    .scr=AutoCADScriptFile
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    URLSearchHooks-{b9e20919-fa55-471f-989b-b107bf8de785} - c:\program files\MessengerPlusLive_France_TB\tbMess.dll
    BHO-{b9e20919-fa55-471f-989b-b107bf8de785} - c:\program files\MessengerPlusLive_France_TB\tbMess.dll
    Toolbar-{b9e20919-fa55-471f-989b-b107bf8de785} - c:\program files\MessengerPlusLive_France_TB\tbMess.dll
    WebBrowser-{B9E20919-FA55-471F-989B-B107BF8DE785} - c:\program files\MessengerPlusLive_France_TB\tbMess.dll
    HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
    MSConfigStartUp-fssui - c:\program files\Windows Live\Family Safety\fsui.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-14 23:12
    Windows 6.0.6002 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:0000003d

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'Explorer.exe'(1352)
    c:\windows\system32\btncopy.dll
    c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\WLANExt.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\program files\Intel\WiFi\bin\EvtEng.exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\system32\UI0Detect.exe
    c:\windows\system32\conime.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Heure de fin: 2011-01-14 23:17:15 - La machine a redémarré
    ComboFix-quarantined-files.txt 2011-01-14 22:17

    Avant-CF: 151 861 379 072 octets libres
    Après-CF: 152 110 047 232 octets libres

    - - End Of File - - 3D6E5BC7D4807438F1935F912C44F76B
    m
    0
    l

    Meilleure solution

    16 Janvier 2011 17:03:13

    Bonjour
    désinstalle Fun4IM
    faut vraiment te calmer avec ces bouses:
    http://forum.malekal.com/whitesmoke-bandoo-fun4im-searc...

    Citation :
    \\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected

    On va déjà vérifier que ComboFix a complétement eu TDL4... tu as toujours des écrans bleus?

    1
    Télécharge TDSSKiller de Kaspersky sur ton bureau.

  • Décompresse-le en faisant clic-droit dessus -> extraire tout... (clique sur "suivant", "suivant" et "Terminer".)
  • Double clique sur "TDSSKiller.exe" pour lancer l'outil.
    (Utilisateur de Vista/Windows 7 : effectue un clic droit sur TDSSKiller.exe et sélectionne "Exécuter en tant qu'administrateur".)

  • Clique alors sur le bouton "Start Scan".
  • Laisse le scan s'effectuer.

  • Dans la fenêtre de résultat, assures-toi que "Malicious objects" ait le statut "Cure"
  • Pour la partie "Suspicious object" clique sur "Skip" et choisi "Quarantine"
  • Clique enfin sur "Continue"

  • Il te sera surement demandé de redémarrer ton pc, fait-le en cliquant sur "Reboot now"

  • Au redémarrage va chercher le rapport de suppression, il se trouve ici :
    C:\ TDSSKiller.x.x.x.x_date_heure_log.txt

    Poste son contenu dans ta prochaine réponse.


    2

    Copie (Ctrl+C) le texte ci-dessous :
    Folder::
    c:\programdata\Fun4IM
    c:\program files\Fun4IM
    c:\users\Marie\AppData\Roaming\xssendawfmawik2hysxo2nuycuutisaopsqdt
    c:\users\Marie\AppData\Roaming\yiesigfectwxnnemknouodordjwrgr32



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Combofix se lance, laisse toi guider..

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    partage
    16 Janvier 2011 18:23:25

    Bonjour, il y a bien plus d'ecran bleu qui s'affiche !

    1. TDSSKiller, n'a trouvé aucune infection (infection: not found) donc pas de rapport

    2.Et le rapport de ComboFix :
    ComboFix 11-01-14.01 - Marie 16/01/2011 18:06:58.1.2 - x86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3038.2031 [GMT 1:00]
    Lancé depuis: c:\users\Marie\Desktop\ComboFix.exe
    Commutateurs utilisés :: G:\CFScript.txt
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Fun4IM
    c:\program files\Fun4IM\INSTALL.LOG
    c:\program files\Fun4IM\license.rtf
    c:\program files\Fun4IM\Plugins\IE\Resources\HTML\blank.html
    c:\program files\Fun4IM\Plugins\IE\Resources\HTML\error.html
    c:\program files\Fun4IM\Plugins\MSN\Resources\HTML\blank.html
    c:\program files\Fun4IM\Plugins\MSN\Resources\HTML\error.html
    c:\program files\Fun4IM\Plugins\MSN\Resources\Toolbar\BandooToolbar.xml
    c:\program files\Fun4IM\Plugins\MSN\Resources\Toolbar\Images\1001.dat
    c:\program files\Fun4IM\Plugins\MSN\Resources\Toolbar\Images\1002.dat
    c:\program files\Fun4IM\Plugins\MSN\Resources\Toolbar\Images\1003.dat
    c:\program files\Fun4IM\Plugins\MSN\Resources\Toolbar\Images\1004.dat
    c:\program files\Fun4IM\Plugins\MSN\Resources\Toolbar\Images\1005.dat
    c:\program files\Fun4IM\Plugins\MSN\Resources\Toolbar\Images\1006.dat
    c:\program files\Fun4IM\Plugins\MSN\Resources\Toolbar\Images\1011.dat
    c:\program files\Fun4IM\Plugins\MSN\Resources\Toolbar\Images\1012.dat
    c:\program files\Fun4IM\Plugins\MSN\Resources\Toolbar\Images\1013.dat
    c:\program files\Fun4IM\Plugins\MSN\Resources\Toolbar\Images\1014.dat
    c:\program files\Fun4IM\Plugins\Yahoo\Resources\HTML\blank.html
    c:\program files\Fun4IM\Plugins\Yahoo\Resources\HTML\error.html
    c:\program files\Fun4IM\Plugins\Yahoo\Resources\Toolbar\BandooToolbar.xml
    c:\program files\Fun4IM\Plugins\Yahoo\Resources\Toolbar\BandooToolbarV9.xml
    c:\program files\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1001.dat
    c:\program files\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1002.dat
    c:\program files\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1003.dat
    c:\program files\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1004.dat
    c:\program files\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1005.dat
    c:\program files\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1006.dat
    c:\program files\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1051.dat
    c:\program files\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1052.dat
    c:\program files\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1053.dat
    c:\program files\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1054.dat
    c:\program files\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1055.dat
    c:\program files\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1056.dat
    c:\program files\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1057.dat
    c:\program files\Fun4IM\Resources\BandooMessages.xml
    c:\program files\Fun4IM\Resources\downloading.gif
    c:\program files\Fun4IM\Resources\nudge0.wav
    c:\program files\Fun4IM\Resources\nudge1.wav
    c:\program files\Fun4IM\Resources\nudge2.wav
    c:\program files\Fun4IM\Resources\nudge3.wav
    c:\program files\Fun4IM\Resources\nudge4.wav
    c:\program files\Fun4IM\Resources\nudge5.wav
    c:\programdata\Fun4IM
    c:\programdata\Fun4IM\WPSubsystems.xml
    c:\users\Marie\AppData\Roaming\xssendawfmawik2hysxo2nuycuutisaopsqdt
    c:\users\Marie\AppData\Roaming\yiesigfectwxnnemknouodordjwrgr32

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-12-16 au 2011-01-16 ))))))))))))))))))))))))))))))))))))
    .

    2011-01-16 17:15 . 2011-01-16 17:16 -------- d-----w- c:\users\Marie\AppData\Local\temp
    2011-01-16 17:15 . 2011-01-16 17:15 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-16 17:15 . 2011-01-16 17:15 -------- d-----w- c:\users\Aurelien\AppData\Local\temp
    2011-01-14 21:08 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B89625B3-99F8-4C6F-8C78-2415F962D5FD}\mpengine.dll
    2011-01-12 21:03 . 2011-01-14 21:17 -------- d-----w- c:\program files\Ad-Remover
    2011-01-11 20:59 . 2011-01-11 20:59 -------- d-----w- c:\program files\NirSoft
    2010-12-26 17:43 . 2010-12-26 17:43 -------- d-----w- c:\programdata\Alwil Software

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-19 09:41 . 2009-10-02 22:07 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-06-19 18:57 . 2009-11-15 21:39 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\tbSoft.dll" [2010-06-13 2734688]
    "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-06-13 138552]

    [HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
    2010-06-13 17:10 2734688 ----a-w- c:\program files\Softonic_France\tbSoft.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
    2010-06-13 15:25 1438520 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\tbSoft.dll" [2010-06-13 2734688]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]

    [HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}"= "c:\program files\Softonic_France\tbSoft.dll" [2010-06-13 2734688]

    [HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-18 39408]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-06-07 111928]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-1 768552]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2008-07-15 16:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
    backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Acrobat.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide d'Adobe Acrobat.lnk
    backup=c:\windows\pss\Lancement rapide d'Adobe Acrobat.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Aurelien^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
    path=c:\users\Aurelien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
    backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Marie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Audio Filter.lnk]
    path=c:\users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio Filter.lnk
    backup=c:\windows\pss\Audio Filter.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Marie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Touch Mouse Server.lnk]
    path=c:\users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk
    backup=c:\windows\pss\Logitech Touch Mouse Server.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Marie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
    path=c:\users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
    backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Marie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
    path=c:\users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
    backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2006-10-22 21:24 620152 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AML]
    2008-06-13 13:07 1097728 ----a-w- c:\program files\Sony\VAIO Launcher\AML.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    2008-02-23 00:38 122880 ----a-w- c:\program files\Apoint\Apoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2009-08-13 14:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
    2009-01-03 16:21 893952 ----a-w- c:\program files\Ares\Ares.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BEWINTERNET-FR-DMGP-V2SessionManager]
    2008-09-02 01:06 131824 ----a-w- c:\program files\M6Mobile\SessionManager\SessionManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2008-01-22 10:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CardDetectorHUAWEI160]
    2008-08-05 10:22 270336 ----a-r- c:\program files\CardDetector\HUAWEI160\CardDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2010-06-19 18:57 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2006-12-10 19:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    2002-07-11 12:48 188416 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\hpztsb06.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
    2008-04-03 18:03 317280 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-06-15 14:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools]
    2008-08-26 13:47 24576 ----a-w- c:\program files\Sony\Marketing Tools\MarketingTools.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
    2010-05-10 12:12 439568 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2008-05-28 07:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSUFloatingUI]
    2008-07-30 14:05 262144 ----a-w- c:\program files\Sony\Network Utility\LANUtil.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 20:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2008-07-18 11:14 6295552 ----a-w- c:\windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
    2008-07-18 11:14 1826816 ----a-w- c:\windows\SkyTel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2008-01-21 10:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-03-09 03:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-03-18 14:32 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMpTtray.exe]
    2008-05-24 17:01 86016 ----a-w- c:\program files\Sony\VAIO Media plus\VMpTtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4153504202-3772131068-2209810794-1000]
    "EnableNotificationsRef"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-23 29736]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
    R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2008-08-01 28224]
    R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-19 30192]
    R4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 135664]
    R4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-10 3458548]
    R4 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-18 104992]
    R4 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [2007-10-01 423584]
    R4 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-20 103712]
    R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-20 353568]
    R4 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-20 62752]
    R4 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-08-06 411488]
    R4 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
    R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-11 337184]
    R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-11 83232]
    R4 wlcrasvc;Windows Live Devices remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-07-31 49504]
    S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2009-09-26 819600]
    S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-07-30 299008]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
    S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2009-09-23 447832]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
    S3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]
    S3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\sftfslh.sys [2009-09-23 543064]
    S3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys [2009-09-23 190312]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-09-23 21848]
    S3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\sftvollh.sys [2009-09-23 14680]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2009-09-23 203608]


    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - KLMD25
    *Deregistered* - klmd25

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contenu du dossier 'Tâches planifiées'

    2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cac6b5ae385cb0.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 02:21]
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    Trusted Zone: canalplay.com
    Trusted Zone: canalplusactive.com
    Trusted Zone: canalplay.com
    Trusted Zone: canalplusactive.com
    FF - ProfilePath - c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\xyal9qxv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
    FF - user.js: yahoo.homepage.dontask - true
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-16 18:15
    Windows 6.0.6002 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:0000003d

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Heure de fin: 2011-01-16 18:17:35
    ComboFix-quarantined-files.txt 2011-01-16 17:17
    ComboFix2.txt 2011-01-14 22:17

    Avant-CF: 152 157 057 024 octets libres
    Après-CF: 152 112 320 512 octets libres

    - - End Of File - - A62D3A995F0CAC8BB984D71AE164CD63


    Sinon "mes soucis" on l'ère d'être tous résolu, je vous en Re-merci beaucoup ! :D 
    m
    0
    l
    16 Janvier 2011 20:28:28

    Meilleure réponse sélectionnée par aurelien50.
    m
    0
    l
    16 Janvier 2011 21:49:42

    Désinstalle combofix en suivant cette procédure:

  • Menu démarrer puis exécuter
  • Tape maintenant Combofix /u dans la fenêtre que apparaît puis valide par OK. Veille à bien laisser un espace entre le X et le /U, car cela est nécessaire ici.





    Supprime tous les programmes installés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    Lire aussi:
  • Antispyware gratuit : ça sert à rien!


    ~Edite ton premier message et marque [résolu] dans le titre.
    Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.

    :hello: 

    m
    0
    l
    17 Janvier 2011 17:17:40

    ok ! merci ! :D 

    :hello: 
    m
    0
    l
    a b 8 Sécurité
    a b C Ecran
    17 Janvier 2011 18:14:55

    Merci à sham_rock pour la désinfection ;) 

    ----------------------------------------------------------

    Voici quelques astuces pour Windows Vista et 7 :


    ================================ Optimisations ================================



    Si tu trouves que ton PC est moins rapide qu'avant, essaie ces astuces :

    Réduire les programmes de démarrage :


  • Va dans Démarrer, puis dans la barre de recherche, tape msconfig. Clique sur le résultat, puis confime l'opération si nécessaire.

  • Dans la fenêtre qui s'affiche alors, va dans l'onglet Démarrage et décoche les programmes superflux que tu ne veux pas démarrer lors du démarrage de Windows.

    /!\ Ne pas désactiver les programmes système ! --> Si tu hésites pour un programme, demande-moi avant.

    Un peu d'aide sur msconfig ici > http://declicomatik.forumgratuit.fr/les-tutos-windows-f...

  • Clique sur Ok. Mets redémarrer lorsque le système te dira qu'il doit redémarrer pour enregistrer les modifications.

  • Quand l'ordinateur va redémarrer, normalement il démarrera plus rapidement et sera plus vite disponible. ;) 

    Remarque : Au redémarrage il te dira que tu as modifié la façon de démarrer Windows. Coche Ne plus afficher ce message et clique sur Ok. Le tour est joué !

    Optimisations :


  • En augmentant la mémoire virtuelle. Ton PC, lorsqu'il manque de mémoire vive, utilise une partie du disque dur pour stocker les données temporaires (à l'intérieur du fichier pagefile.sys), ce qui imite la RAM. Tu peux donc gonfler ce fichier d'échange pour augmenter la vitesse de ton ordinateur.

    --> Pour ça, va dans Démarrer > Panneau de configuration > Système > Paramètres système avancés > Clique sur le bouton Paramètres qui se situe dans le cadre intitulé "Performances" > Onglet avancé > Modifier...

    Dans la petite fenêtre qui s'ouvre alors, coche taille personnalisée puis mets dansTaille initiale1,5 fois ta RAM (par exemple, si tu as 2 Go de RAM, mets 3072 Mo), et dans taille maximale 4095 Mo. Clique alors sur Ok puis redémarre ton ordinateur.

    Remarque : ce fichier d'échange ne remplace pas totalement la RAM. Si tu veux augmenter les performances de ton système d'une manière plus forte, achète des barettes de RAM !


  • Ajuste les paramètres visuels de la GUI (interface graphique d'utilisateur) : Retourne dans Dans "performances", mais cette fois-ci va dans l'onglet effets visuels. Désactive les effets graphique que tu ne souhaites pas : le système sera en conséquence moins lent.


  • Enfin, il existe diverses astuces pour accélerer Windows, mais c'est un peu plus technique (il faut aller dans le registre, etc.). Voici un lien qui t'intéressera sûrement : http://www.pcastuces.com/pratique/windows/vista/default.htm.

    Outils :


  • Utilise CCleaner pour nettoyer ton registre.

  • Défragmente tes disques dur : Démarrer > Ordinateur > Clic droit sur le disque > Propriétés > Outils > Défragmenter.

  • Vérification des erreurs sur le disque : Démarrer > Ordinateur > Clic droit sur le disque > Propriétés > Outils > Vérification des erreurs.

    BIOS :

    Le BIOS (qui est indépendant de l'OS), boote par défaut sur un CD : le fait de régler le BIOS en le faisant démarrer directement sur le disque dur permet de faire gagner quelques secondes ! ( ! ne pas oublier de le régler à nouveau si tu as besoin de booter sur un CD)



    ================================ Prévention ================================



    Les dangers du P2P (comme emule ...) : http://forum.zebulon.fr/index.php?showtopic=85544

    Pour télécharger gratuitement et légalement, je te conseille Beezik , qui a pour avantages :

  • Une meilleure qualité de son

  • Pas de virus !

    Les dangers des cracks, des keygens : http://forum.malekal.com/danger-des-cracks-t893.html

    Si toutefois tu décides de continuer à télécharger des fichiers illégalement sur Internet (ce que je ne conseille pas), je te conseille de faire analyser tes fichiers téléchargés par le site Virustotal qui permet d'analyser ton fichier avec tous les anti-virus présents sur le marché.

    Rappels sur les OS piratés : http://redirectingat.com/?id=1402X522807&xs=1&url=http%...

    ********************************

    Logiciels de sécurité conseillés :

    Anti-virus : Avast 5.0

    Pour scanner tes fichiers : MBAM

    ********************************

    Attention, contrairement aux idées reçues :

  • Ne jamais avoir deux anti-virus avec la protection en temps réelle activée, c'est la meilleure façon de créer des conflits. Plusieurs anti-virus actifs peuvent s'entraver, et, au final, le PC que l'on croyait plus sécurisé devient une vraie passoire...

  • Les anti-spywares ne servent à rien !!

  • Je te conseille fortement de ne pas installer des packs de "transformation', qui donnent par exemple l'allure de Windows Vista à un Windows XP. Ce genre de programmes posent beaucoup de problèmes !!!


    ================================ Tutoriels ================================


    Voici quelques tutos utiles (by guigui0001 :bounce: ) :

    --> Tuto sur les écrans bleus

    --> Tuto sur les options de démarrage

    --> Tuto sur la vérification du disque dur

    --> Tuto sur la réparation de Windows sans CD

    --> Tuto sur Aero Snap

    --------------------------------------------

    A+
    m
    0
    l
    17 Janvier 2011 18:50:21

    Merci a vous deux ! :D 

    Sinon autre question Tant qu'on y est ! :sarcastic:  (un autre sujet sur le forum est préférable ou pas ? :??:  )

    Je trouve que le démarrage de Windows est long (entre le chargement, et l'icône Windows Vista qui s'illumine avant le choix de session, il y a un écran noir plus ou moins long) comment palier a ce problème ?



    m
    0
    l
    17 Janvier 2011 20:49:07

    Merci beaucoup ! :ange:  Tout marche maintenant comme sur des roulette ! C'est nickel :D 

    :hello:  , a+
    m
    0
    l
    a b 8 Sécurité
    a b C Ecran
    17 Janvier 2011 21:17:01

    Hello

    Citation :
    Pour scanner tes fichiers : MBAM


    Sous-entendu pour faire un examen de tous les fichiers ou du moins les plus fréquemment infectés. ;) 

    Et pour les fichiers téléchargés, virustotal ouaip, d'ailleurs je vais l'ajouter à mon canned ;) 

    Par "scanner tes fichiers" je sous-entendais faire une analyse complète. :) 
    m
    0
    l
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS