Votre question

Mon rapport hijackthis

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Septembre 2010 14:38:23

j'ai certainement un virus sur mon ordi mais je ne comprends pas le rapport hijackthis. pourriez vous m'aider svp. merci

Autres pages sur : rapport hijackthis

24 Septembre 2010 14:43:33

francky free a dit :
j'ai certainement un virus sur mon ordi mais je ne comprends pas le rapport hijackthis. pourriez vous m'aider svp. merci


désolé j'ai oublié le rapport en question .
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:41:51, on 24/09/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Users\A.M.A.R.E\Downloads\yodm3D\Yodm3D.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\A.M.A.R.E\Downloads\HiJackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Yodm3D] C:\Users\A.M.A.R.E\Downloads\yodm3D\Yodm3D.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\Windows\system32\acs.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9c262280972cb) (gupdate1c9c262280972cb) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\Npm\Bin\Zanda.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 8619 bytes
a c 614 8 Sécurité
24 Septembre 2010 15:57:20

Bonjour ? Hello ? salut ?


C'est quoi les symptômes ?
Détection d'un fichier ?
Des pubs ?
Des ralentissements ?

Désinstalle le programme :
- Pando Media Booster/Pando Network
Contenus similaires
27 Septembre 2010 06:43:24

bonjour,j'ai en fait un virus viuoqu.exe qui est détecté et ce virus en question crée des raccourcis sur les supports usb que je connecte à mon pc. il est vrai que contrairement à auparavant j'ai quelques pubs qui s'affiche et coté ralentissement je ne note rien de flagrants.
a c 614 8 Sécurité
27 Septembre 2010 16:15:08

Re,

Ok, voyons çà :

Préambule à toute désinfection :

La désinfection demande l'utilisation d'outils et de procédures plus ou moins complexes, sensibles et potentiellement dangereux.
Nous nous efforçons donc de traduire cela le plus clairement possible, néanmoins, il convient de respecter quelques conseils pour son bon déroulement :

  • Le PC infecté doit être utilisé le moins possible, mis à part pour les procédures et communiquer sur le forum.
  • Lis toujours l'intégralité des procédures avant de les entamer, ou sauvegarde-les (impression/ fichier texte).
    (En effet certaines circonstances pourraient t'empêcher de poursuivre la lecture, redémarrage de pc par exemple)
  • Réalise entièrement, précisément et dans l'ordre donné, les procédures demandées, sans cela tu risques de créer plus de problèmes que tu n'en résoudrais. Ne tente rien par toi-même sans nous en faire part avant !
  • N'hésite pas à poser toute question avant d'entamer les procédures, et rapporte immédiatement les problèmes rencontrés lors de celles-ci.


    Enfin, sache que la désinfection n'est terminée que lorsque la personne qui t'a pris en main te le dit.
    La disparition des symptômes ne signifie pas obligatoirement la disparition de l'infection !

    De plus, malgré nos précautions, un plantage du PC est toujours possible, pense à sauvegarder le maximum possible tes documents auparavant !


    1) Télécharge OTL (de Old Timer) sur ton bureau.
  • Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")
  • Sous Personnalisation, copie-colle l'ensemble du texte ci-dessous, laisse les autres options par défaut.
    netsvcs
    msconfig
    drivers32
    /md5start
    explorer.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    i8042prt.sys
    cdrom.sys
    disk.sys
    ndis.sys
    tcpip.sys
    mountmgr.sys
    aec.sys
    rasacd.sys
    redbook.sys
    ipsec.sys
    mrxsmb10.sys
    mrxsmb20.sys
    termdd.sys
    mrxsmb.sys
    win32k.sys
    storport.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT

  • Clique sur le bouton Analyse en haut à gauche puis patiente quelques instants.
  • A la fin du scan, deux rapports s'ouvriront OTL.Txt et Extras.Txt. Copie/colle ici l'ensemble des rapports.
    PS : Les rapports sont aussi enregistrés sur le bureau



    2) Télécharge UsbFix (de El Desaparecido et C_XX) sur ton Bureau.

    /!\ Déconnecte-toi et ferme toutes les applications en cours /!\
    /!\ Branche tous tes périphériques ayant pu être infectés (clés usb, disque dur externe, etc ...) /!\


  • Double-clique sur "UsbFix" pour lancer le programme
    (Utilisateur de Vista/Windows 7, clique-droit sur UsbFix > Exécuter en tant qu'administrateur)
  • Clique sur "Recherche" pour lancer le scan. Branche tes périphériques si ce n'est pas fait, puis valide l'avertissement.
  • Laisse travailler l'outil.
  • A la fin, un rapport apparaitra (sinon, il est situé ici C:\Usbfix.txt). Poste-le dans ta prochaine réponse

    Une aide à l'utilisation ici


    Pour les rapports, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.

    28 Septembre 2010 10:49:07

    bonjour,
    je fais la sauvegarde et j'essaie. merci et a bientot.
    29 Septembre 2010 09:44:15

    salut, voici deja les rapports pour otl et extra
    OTL logfile created on: 28/09/2010 16:19:13 - Run 1
    OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\A.M.A.R.E\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18943)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 30,00% Memory free
    7,00 Gb Paging File | 5,00 Gb Available in Paging File | 70,00% Paging File free
    Paging file location(s): c:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 153,63 Gb Total Space | 50,92 Gb Free Space | 33,15% Space Free | Partition Type: NTFS
    Drive D: | 303,34 Gb Total Space | 143,96 Gb Free Space | 47,46% Space Free | Partition Type: NTFS
    Drive E: | 564,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: IMACHE
    Current User Name: A.M.A.R.E
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Processes (SafeList) ==========

    PRC - [2010/09/28 12:50:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\A.M.A.R.E\Downloads\OTL.exe
    PRC - [2010/09/24 17:12:59 | 000,045,056 | RHS- | M] () -- C:\Users\A.M.A.R.E\laqeg.exe
    PRC - [2010/09/20 08:44:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/09/20 08:44:53 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
    PRC - [2010/06/11 14:42:00 | 012,979,056 | ---- | M] (Microsoft Corporation) -- C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
    PRC - [2010/02/22 16:17:50 | 001,226,024 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
    PRC - [2010/02/18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
    PRC - [2009/11/17 15:33:41 | 000,442,368 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
    PRC - [2009/11/17 15:33:38 | 000,782,336 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
    PRC - [2009/11/17 15:33:36 | 001,638,240 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    PRC - [2009/10/08 05:49:13 | 000,413,696 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    PRC - [2009/08/16 20:36:06 | 000,955,392 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
    PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/01/26 12:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/05/28 15:06:02 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2008/02/29 13:13:12 | 000,307,200 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
    PRC - [2008/01/21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2007/03/25 10:08:48 | 001,822,720 | ---- | M] (Christian SALMON) -- C:\Users\A.M.A.R.E\Downloads\yodm3D\Yodm3D.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/09/28 12:50:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\A.M.A.R.E\Downloads\OTL.exe
    MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
    MOD - [2008/01/21 03:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\Program Files\RelevantKnowledge\rlservice.exe -- (RelevantKnowledge)
    SRV - File not found [Disabled | Stopped] -- C:\Program Files\Norman\Npm\Bin\Zanda.exe -- (Norman ZANDA)
    SRV - [2010/03/29 05:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2010/02/18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2009/11/17 15:33:36 | 001,638,240 | ---- | M] (BitDefender S. R. L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV)
    SRV - [2009/10/08 05:49:13 | 000,413,696 | ---- | M] (BitDefender SRL) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
    SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/09/09 13:44:35 | 000,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
    SRV - [2009/01/26 12:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2008/08/29 18:50:53 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-022208-143751)
    SRV - [2008/07/17 10:06:56 | 000,118,784 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3)
    SRV - [2008/02/29 13:13:12 | 000,307,200 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
    SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV - [2005/02/24 04:45:20 | 000,036,864 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\acs.exe -- (ACS)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - [2009/09/09 14:00:32 | 000,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
    DRV - [2009/09/09 14:00:29 | 000,104,456 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bdfndisf.sys -- (Bdfndisf)
    DRV - [2009/09/09 14:00:26 | 000,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (bdfm)
    DRV - [2009/09/09 13:55:13 | 000,008,832 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr)
    DRV - [2009/09/09 13:46:47 | 000,082,696 | ---- | M] (BitDefender S.R.L.) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK)
    DRV - [2009/09/09 13:46:26 | 000,137,224 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
    DRV - [2009/09/09 13:46:20 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
    DRV - [2009/09/09 13:44:26 | 000,013,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
    DRV - [2009/04/11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
    DRV - [2009/02/16 11:30:09 | 000,024,616 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
    DRV - [2009/02/16 11:30:09 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
    DRV - [2008/10/21 06:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
    DRV - [2008/10/21 06:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
    DRV - [2008/10/21 06:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
    DRV - [2008/10/21 06:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
    DRV - [2008/10/21 06:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
    DRV - [2008/10/21 06:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
    DRV - [2008/10/21 06:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
    DRV - [2008/06/02 17:11:40 | 002,147,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/05/16 13:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
    DRV - [2008/05/16 13:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
    DRV - [2008/05/16 13:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
    DRV - [2008/05/16 13:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
    DRV - [2008/05/16 13:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
    DRV - [2008/05/16 13:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
    DRV - [2008/05/16 13:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
    DRV - [2008/05/02 12:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2008/04/03 13:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
    DRV - [2008/03/19 18:30:00 | 007,438,432 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008/01/21 03:23:26 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
    DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008/01/21 03:23:23 | 000,045,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
    DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008/01/21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008/01/21 03:23:20 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
    DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2008/01/15 17:58:54 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
    DRV - [2008/01/15 17:58:54 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)
    DRV - [2008/01/15 17:58:54 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
    DRV - [2007/12/19 18:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
    DRV - [2007/11/05 19:57:46 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
    DRV - [2007/09/29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
    DRV - [2006/11/28 21:46:22 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50)
    DRV - [2006/11/28 21:46:20 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
    DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/08/18 10:10:24 | 000,061,504 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\K320bus.sys -- (K320bus) Sony Ericsson K320 driver (WDM)
    DRV - [2006/08/18 10:10:22 | 000,097,056 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\K320mdm.sys -- (K320mdm)
    DRV - [2006/08/18 10:10:22 | 000,009,328 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\K320mdfl.sys -- (K320mdfl)
    DRV - [2006/08/18 10:10:20 | 000,088,560 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\K320mgmt.sys -- (K320mgmt) Sony Ericsson K320 USB WMC Device Management Drivers (WDM)
    DRV - [2006/08/18 10:10:18 | 000,086,368 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\K320obex.sys -- (K320obex)
    DRV - [2005/07/20 07:26:00 | 001,390,656 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmudaxu.sys -- (cmudau)
    DRV - [2005/04/21 12:40:36 | 000,010,624 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV - [2005/04/12 09:41:20 | 000,004,608 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay)
    DRV - [2005/02/24 19:42:26 | 000,043,392 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Athfmwdl.sys -- (ATHFMWDL)
    DRV - [2005/02/24 19:38:30 | 000,285,568 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ar5523.sys -- (AR5523)
    DRV - [2004/11/14 06:01:02 | 000,006,852 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Vcs.sys -- (Vcs)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=FUJD&bmod...

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://www.google.com/accounts/EditPasswd|http://pro.orange.fr/"
    FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.38
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
    FF - prefs.js..extensions.enabledItems: support@pdfcreator-toolbar.org:1.0
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
    FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?mkt=fr-FR&FORM=MOAW..."

    FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ [2009/11/18 04:48:43 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/20 08:44:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/20 08:44:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2009/09/09 12:43:31 | 000,000,000 | ---D | M]

    [2008/10/31 16:40:16 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\mozilla\Extensions
    [2010/09/28 12:47:57 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\mozilla\Firefox\Profiles\kvda66hw.default\extensions
    [2010/06/28 07:02:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\A.M.A.R.E\AppData\Roaming\mozilla\Firefox\Profiles\kvda66hw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/09/24 11:06:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\A.M.A.R.E\AppData\Roaming\mozilla\Firefox\Profiles\kvda66hw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2010/09/24 11:06:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A.M.A.R.E\AppData\Roaming\mozilla\Firefox\Profiles\kvda66hw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
    [2010/06/23 09:33:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\A.M.A.R.E\AppData\Roaming\mozilla\Firefox\Profiles\kvda66hw.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2009/03/23 16:51:01 | 000,001,775 | ---- | M] () -- C:\Users\A.M.A.R.E\AppData\Roaming\Mozilla\FireFox\Profiles\kvda66hw.default\searchplugins\live-search.xml
    [2010/08/17 10:44:47 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
    [2009/11/17 15:33:40 | 000,065,536 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
    [2010/03/24 19:52:38 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
    [2010/03/24 19:52:38 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2010/03/24 19:52:38 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
    [2009/06/12 12:34:42 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
    [2010/03/24 19:52:38 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
    [2010/04/01 19:00:28 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2009/09/23 09:22:11 | 000,331,192 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 11345 more lines...
    O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
    O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
    O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
    O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
    O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
    O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
    O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
    O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
    O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
    O4 - HKCU..\Run: [laqeg] C:\Users\A.M.A.R.E\laqeg.exe ()
    O4 - HKCU..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
    O4 - HKCU..\Run: [Yodm3D] C:\Users\A.M.A.R.E\Downloads\yodm3D\Yodm3D.exe (Christian SALMON)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
    O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
    O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
    O15 - HKCU\..Trusted Domains: localhost ([]http in Trusted sites)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-wind... (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-wind... (Java Plug-in 1.6.0_17)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL (Google)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\A.M.A.R.E\Downloads\yodm3D\desktopwallpaper0.bmp
    O24 - Desktop BackupWallPaper: C:\Users\A.M.A.R.E\Downloads\yodm3D\desktopwallpaper0.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2009/03/18 06:10:41 | 000,203,248 | R--- | M] (Hewlett Packard) - E:\Autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2009/08/04 00:33:41 | 000,614,390 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{33a3030c-75e0-11dd-b9b7-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{33a3030c-75e0-11dd-b9b7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009/03/18 06:10:41 | 000,203,248 | R--- | M] (Hewlett Packard)
    O33 - MountPoints2\{f8f19bd6-7763-11dd-8929-001d92881548}\Shell - "" = AutoRun
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^802.11g Wireless Client Utility.lnk - C:\PROGRA~1\TRENDW~1\TEW444UB\WLACU.exe - ()
    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk - C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE - (Google)
    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe - (Hewlett-Packard Co.)
    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageMixer HDD Camera Monitor.lnk - C:\PROGRA~1\PIXELA\IMAGEM~1\HDDCAM~1.EXE - (PIXELA CORPORATION)
    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logiciel de Synchronisation Orange.lnk - C:\PROGRA~1\Orange\LOGICI~1\Voxsync.exe - (Voxmobili)
    MsConfig - StartUpFolder: C:^Users^A.M.A.R.E^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk - C:\Programmes\Microsoft Office\Office12\ONENOTEM.EXE - File not found
    MsConfig - StartUpFolder: C:^Users^A.M.A.R.E^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk - C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE - ()
    MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: AdobeBridge - hkey= - key= - C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe (Adobe Systems, Inc.)
    MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: AnyDVD - hkey= - key= - C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe File not found
    MsConfig - StartUpReg: BDRegion - hkey= - key= - C:\Program Files\Cyberlink\Shared Files\brs.exe (cyberlink)
    MsConfig - StartUpReg: CmUsbSound - hkey= - key= - File not found
    MsConfig - StartUpReg: Flashget - hkey= - key= - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
    MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    MsConfig - StartUpReg: Google EULA Launcher - hkey= - key= - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
    MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - c:\Programmes\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found
    MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
    MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: Norman ZANDA - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
    MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
    MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
    MsConfig - StartUpReg: Speech Recognition - hkey= - key= - C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
    MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: Tonic - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - State: "startup" - 2

    Drivers32: MIDI4 - C:\Windows\System32\WGDRVR32.DLL (AZARASHI Corp.)
    Drivers32: msacm.divxa32 - C:\Windows\System32\divxa32.acm (Kristal StudioDFileDescription)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.DVSD - C:\Windows\System32\pdvcodec.dll (Matsushita Electric Industrial Co., Ltd.)
    Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: WAVE4 - C:\Windows\System32\WGDRVR32.DLL (AZARASHI Corp.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/09/20 16:23:11 | 000,000,000 | ---D | C] -- C:\Users\A.M.A.R.E\AppData\Roaming\Autodesk
    [2010/09/20 16:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
    [2010/09/20 16:22:25 | 000,000,000 | ---D | C] -- C:\Users\A.M.A.R.E\AppData\Local\Autodesk
    [2010/09/20 16:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
    [2010/09/20 16:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
    [2010/09/17 08:17:25 | 000,000,000 | ---D | C] -- C:\Users\A.M.A.R.E\Desktop\sécurité
    [2010/09/16 08:45:16 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
    [2010/09/14 09:31:15 | 000,000,000 | ---D | C] -- C:\Users\A.M.A.R.E\Documents\Vegas Movie Studio PE 9.0 Projets
    [2010/09/14 09:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Vstplugins
    [2010/09/14 09:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
    [2010/09/09 08:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\Auralog
    [2010/09/08 17:05:27 | 000,000,000 | ---D | C] -- C:\Users\A.M.A.R.E\AppData\Roaming\Publish Providers
    [2010/09/08 17:05:27 | 000,000,000 | ---D | C] -- C:\Users\A.M.A.R.E\AppData\Roaming\NetMedia Providers
    [2010/09/08 17:05:26 | 000,000,000 | ---D | C] -- C:\Users\A.M.A.R.E\AppData\Roaming\Sony
    [2010/09/08 17:05:26 | 000,000,000 | ---D | C] -- C:\Users\A.M.A.R.E\Documents\ACID Pro 7.0 Projects
    [2010/09/08 17:02:54 | 000,000,000 | ---D | C] -- C:\Users\A.M.A.R.E\Documents\Sony
    [2010/09/08 16:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
    [2010/09/08 09:09:57 | 000,000,000 | ---D | C] -- C:\Users\A.M.A.R.E\AppData\Local\Sony
    [2010/09/08 08:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Setup
    [2010/09/06 16:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\QS
    [2010/09/06 16:36:33 | 000,000,000 | ---D | C] -- C:\Users\A.M.A.R.E\AppData\Roaming\TeamViewer
    [2010/09/06 16:36:26 | 000,000,000 | ---D | C] -- C:\Users\A.M.A.R.E\temp
    [2010/03/19 11:06:12 | 000,043,520 | ---- | C] (Willow Software) -- C:\Program Files\asUpgr.exe
    [2010/03/19 11:06:11 | 000,114,688 | ---- | C] (Willow Software) -- C:\Program Files\AnvilFlt.OCX
    [2010/03/19 11:06:09 | 002,697,216 | ---- | C] (Willow Software) -- C:\Program Files\astudio.exe
    [2010/03/19 11:06:09 | 000,552,960 | ---- | C] (Willow Software) -- C:\Program Files\MidiCtl.ocx
    [2010/03/19 11:06:09 | 000,098,816 | ---- | C] (Willow Software) -- C:\Program Files\anvctrls.ocx
    [2009/02/13 14:13:39 | 000,099,840 | ---- | C] ( ) -- C:\Windows\System32\ZIPDLL.DLL
    [2009/02/13 14:13:39 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\UNZDLL.DLL
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/09/28 16:20:57 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{36C8D85E-0DC9-453E-A2B7-930E9CC7DAC4}.job
    [2010/09/28 16:19:28 | 014,680,064 | -HS- | M] () -- C:\Users\A.M.A.R.E\ntuser.dat
    [2010/09/28 16:17:59 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2CC7A87D-34E3-447F-9139-0A2D1877C785}.job
    [2010/09/28 16:09:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/09/28 14:34:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/09/28 14:34:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/09/28 12:40:44 | 001,491,684 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010/09/28 12:40:44 | 000,676,456 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
    [2010/09/28 12:40:44 | 000,594,026 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/09/28 12:40:44 | 000,126,308 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
    [2010/09/28 12:40:44 | 000,103,840 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/09/28 12:36:41 | 000,000,432 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
    [2010/09/28 12:35:07 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/09/28 12:34:47 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\sauvegarde journalière.job
    [2010/09/28 12:34:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/09/28 12:34:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/09/27 17:38:50 | 000,524,288 | -HS- | M] () -- C:\Users\A.M.A.R.E\ntuser.dat{b41b9b21-ce76-11de-8e16-001d92881548}.TMContainer00000000000000000001.regtrans-ms
    [2010/09/27 17:38:50 | 000,065,536 | -HS- | M] () -- C:\Users\A.M.A.R.E\ntuser.dat{b41b9b21-ce76-11de-8e16-001d92881548}.TM.blf
    [2010/09/27 17:38:45 | 000,081,984 | ---- | M] () -- C:\Windows\System32\bdod.bin
    [2010/09/27 17:38:38 | 004,305,416 | -H-- | M] () -- C:\Users\A.M.A.R.E\AppData\Local\IconCache.db
    [2010/09/24 17:12:59 | 000,045,056 | RHS- | M] () -- C:\Users\A.M.A.R.E\laqeg.exe
    [2010/09/24 16:05:06 | 000,527,860 | ---- | M] () -- C:\Users\A.M.A.R.E\Desktop\virus.docx
    [2010/09/24 15:07:49 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
    [2010/09/24 11:04:08 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
    [2010/09/24 09:05:32 | 000,051,684 | ---- | M] () -- C:\Users\A.M.A.R.E\Desktop\virus.jpg
    [2010/09/24 08:18:21 | 000,135,680 | ---- | M] () -- C:\Users\A.M.A.R.E\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/09/22 16:43:47 | 000,007,592 | ---- | M] () -- C:\Users\A.M.A.R.E\AppData\Local\d3d9caps.dat
    [2010/09/22 15:25:54 | 000,137,342 | ---- | M] () -- C:\Users\Public\Documents\syl 005.jpg
    [2010/09/22 15:25:45 | 000,135,725 | ---- | M] () -- C:\Users\Public\Documents\syl 004.jpg
    [2010/09/22 15:25:36 | 000,128,515 | ---- | M] () -- C:\Users\Public\Documents\syl 003.jpg
    [2010/09/22 15:25:27 | 000,137,690 | ---- | M] () -- C:\Users\Public\Documents\syl 002.jpg
    [2010/09/22 15:25:18 | 000,187,115 | ---- | M] () -- C:\Users\Public\Documents\syl 001.jpg
    [2010/09/21 09:25:54 | 000,159,880 | ---- | M] () -- C:\Users\A.M.A.R.E\AppData\Local\GDIPFONTCACHEV1.DAT
    [2010/09/21 09:24:32 | 003,866,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/09/20 17:14:01 | 000,033,937 | ---- | M] () -- C:\Users\Public\Documents\SEPTEMBRE.ods
    [2010/09/20 16:20:31 | 000,068,608 | ---- | M] () -- C:\Users\A.M.A.R.E\Desktop\repas .pub
    [2010/09/20 13:50:01 | 000,029,184 | ---- | M] () -- C:\Users\A.M.A.R.E\Documents\PROGRAMME 10 oct.doc
    [2010/09/17 14:16:07 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2010/09/15 12:25:44 | 000,002,686 | ---- | M] () -- C:\Users\A.M.A.R.E\Documents\Enregistrer Sound Forge Audio Studio.htm
    [2010/09/14 10:46:39 | 000,002,654 | ---- | M] () -- C:\Users\A.M.A.R.E\Documents\Enregistrer DVD Architect Pro.htm
    [2010/09/14 10:10:45 | 000,028,160 | ---- | M] () -- C:\Users\A.M.A.R.E\Documents\invitation.doc
    [2010/09/14 09:31:04 | 000,002,650 | ---- | M] () -- C:\Users\A.M.A.R.E\Documents\Enregistrer Vegas Movie Studio Platinum.htm
    [2010/09/09 08:05:49 | 000,000,011 | ---- | M] () -- C:\trace.ini
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/09/24 17:12:59 | 000,045,056 | RHS- | C] () -- C:\Users\A.M.A.R.E\laqeg.exe
    [2010/09/24 09:05:29 | 000,051,684 | ---- | C] () -- C:\Users\A.M.A.R.E\Desktop\virus.jpg
    [2010/09/24 09:00:14 | 000,527,860 | ---- | C] () -- C:\Users\A.M.A.R.E\Desktop\virus.docx
    [2010/09/22 15:25:45 | 000,137,342 | ---- | C] () -- C:\Users\Public\Documents\syl 005.jpg
    [2010/09/22 15:25:36 | 000,135,725 | ---- | C] () -- C:\Users\Public\Documents\syl 004.jpg
    [2010/09/22 15:25:27 | 000,128,515 | ---- | C] () -- C:\Users\Public\Documents\syl 003.jpg
    [2010/09/22 15:25:19 | 000,137,690 | ---- | C] () -- C:\Users\Public\Documents\syl 002.jpg
    [2010/09/22 15:25:05 | 000,187,115 | ---- | C] () -- C:\Users\Public\Documents\syl 001.jpg
    [2010/09/20 16:53:11 | 000,033,937 | ---- | C] () -- C:\Users\Public\Documents\SEPTEMBRE.ods
    [2010/09/20 15:52:54 | 000,068,608 | ---- | C] () -- C:\Users\A.M.A.R.E\Desktop\repas .pub
    [2010/09/20 13:50:01 | 000,029,184 | ---- | C] () -- C:\Users\A.M.A.R.E\Documents\PROGRAMME 10 oct.doc
    [2010/09/17 14:16:07 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2010/09/15 12:25:43 | 000,002,686 | ---- | C] () -- C:\Users\A.M.A.R.E\Documents\Enregistrer Sound Forge Audio Studio.htm
    [2010/09/14 10:46:39 | 000,002,654 | ---- | C] () -- C:\Users\A.M.A.R.E\Documents\Enregistrer DVD Architect Pro.htm
    [2010/09/14 10:10:44 | 000,028,160 | ---- | C] () -- C:\Users\A.M.A.R.E\Documents\invitation.doc
    [2010/09/14 09:21:19 | 000,002,650 | ---- | C] () -- C:\Users\A.M.A.R.E\Documents\Enregistrer Vegas Movie Studio Platinum.htm
    [2010/09/09 08:05:49 | 000,000,011 | ---- | C] () -- C:\trace.ini
    [2010/07/27 14:57:39 | 000,006,852 | ---- | C] () -- C:\Windows\System32\drivers\Vcs.sys
    [2010/05/11 15:55:52 | 000,000,032 | ---- | C] () -- C:\Windows\WGPLAYER.INI
    [2010/05/11 15:55:26 | 000,001,699 | ---- | C] () -- C:\Windows\WINGROOV.INI
    [2010/04/05 13:26:00 | 000,000,000 | ---- | C] () -- C:\Windows\SETUP32.INI
    [2010/03/19 11:06:13 | 000,046,402 | ---- | C] () -- C:\Program Files\FugueGM2.mid
    [2010/03/19 11:06:12 | 000,037,456 | ---- | C] () -- C:\Program Files\Loopo_b.wav
    [2010/03/19 11:06:12 | 000,020,672 | ---- | C] () -- C:\Program Files\Loopo_a.wav
    [2010/03/19 11:06:12 | 000,003,400 | ---- | C] () -- C:\Program Files\LoopDemo.mid
    [2010/03/19 11:06:12 | 000,000,112 | ---- | C] () -- C:\Program Files\Autoplay.ply
    [2010/03/19 11:06:11 | 000,010,281 | ---- | C] () -- C:\Program Files\Air.mid
    [2010/03/19 11:06:10 | 000,029,133 | ---- | C] () -- C:\Program Files\FugueGM.mid
    [2010/03/19 11:06:10 | 000,012,369 | ---- | C] () -- C:\Program Files\Sonata-c.mid
    [2010/03/19 11:06:09 | 000,029,696 | ---- | C] () -- C:\Windows\System32\asutl8.dll
    [2010/03/19 11:05:09 | 000,015,878 | ---- | C] () -- C:\Program Files\ST5UNST.LOG
    [2010/03/18 10:49:48 | 001,520,672 | ---- | C] () -- C:\Users\A.M.A.R.E\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2
    [2009/09/24 05:50:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/05/20 06:28:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\ArmAccess.dll
    [2009/04/24 12:11:12 | 000,026,944 | ---- | C] () -- C:\Users\A.M.A.R.E\AppData\Roaming\UserTile.png
    [2009/03/27 12:43:54 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
    [2009/02/16 22:36:58 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009/01/16 17:51:42 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2009/01/07 17:33:30 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
    [2008/12/31 21:44:53 | 000,045,056 | ---- | C] () -- C:\Windows\System32\cmdrvrmu.dll
    [2008/12/31 21:44:53 | 000,005,690 | ---- | C] () -- C:\Windows\Cmudau.ini
    [2008/12/12 10:50:55 | 000,007,592 | ---- | C] () -- C:\Users\A.M.A.R.E\AppData\Local\d3d9caps.dat
    [2008/12/07 10:08:06 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2008/12/07 10:08:04 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2008/11/14 17:23:38 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
    [2008/10/31 17:13:34 | 000,003,814 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2008/09/12 12:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
    [2008/08/30 10:27:54 | 000,000,580 | ---- | C] () -- C:\Users\A.M.A.R.E\AppData\Roaming\wklnhst.dat
    [2008/08/29 19:12:51 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2008/08/29 19:12:48 | 000,135,680 | ---- | C] () -- C:\Users\A.M.A.R.E\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/04/23 15:34:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\txmlutil.dll
    [2008/02/29 13:13:14 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
    [2007/09/04 08:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2007/02/05 17:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
    [2007/01/31 11:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
    [2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2002/09/05 13:12:26 | 000,122,880 | ---- | C] () -- C:\Windows\System32\X3Dview.dll
    [2001/07/17 07:02:00 | 000,446,464 | ---- | C] () -- C:\Windows\System32\Tx32.dll
    [2000/10/06 02:24:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ic32.ini

    ========== Custom Scans ==========



    < MD5 for: AGP440.SYS >
    [2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
    [2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
    [2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
    [2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
    [2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
    [2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

    < MD5 for: AHCIX86S.SYS >
    [2007/12/19 18:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) MD5=0DEE2B628D4C6E23285BB91EFFDABFDE -- C:\Windows\System32\drivers\ahcix86s.sys
    [2007/12/19 18:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) MD5=0DEE2B628D4C6E23285BB91EFFDABFDE -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_71554ba4\ahcix86s.sys

    < MD5 for: ATAPI.SYS >
    [2008/03/12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
    [2008/03/12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
    [2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
    [2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
    [2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
    [2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
    [2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
    [2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
    [2008/03/12 07:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

    < MD5 for: CDROM.SYS >
    [2008/01/21 03:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
    [2008/01/21 03:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
    [2009/04/11 05:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
    [2009/04/11 05:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
    [2009/04/11 05:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
    [2006/11/02 09:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

    < MD5 for: CNGAUDIT.DLL >
    [2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
    [2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

    < MD5 for: DISK.SYS >
    [2009/04/11 07:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
    [2009/04/11 07:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
    [2009/04/11 07:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
    [2008/01/21 03:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
    [2008/01/21 03:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
    [2006/11/02 10:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/07/17 10:06:54 | 000,001,536 | ---- | M] () MD5=CAA9BBBE220DDB97B81FAC66321B513B -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll

    < MD5 for: EXPLORER.EXE >
    [2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
    [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
    [2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
    [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
    [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
    [2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
    [2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

    < MD5 for: I8042PRT.SYS >
    [2006/11/02 09:51:13 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1060F1377F395A242E27719440ECE602 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_93b1c41f\i8042prt.sys
    [2006/11/02 09:51:13 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1060F1377F395A242E27719440ECE602 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_3dfa3917\i8042prt.sys
    [2008/01/21 03:09:47 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_a81145df\i8042prt.sys
    [2008/01/21 03:09:47 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_f4514c17\i8042prt.sys
    [2008/01/21 03:09:47 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\i8042prt.sys
    [2008/01/21 03:09:47 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.16609_none_4c56cf70d52c8670\i8042prt.sys
    [2008/01/21 03:23:20 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\drivers\i8042prt.sys
    [2008/01/21 03:23:23 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\i8042prt.sys
    [2008/01/21 03:23:23 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_f55d5e51\i8042prt.sys
    [2008/01/21 03:23:20 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_8b7c4328\i8042prt.sys
    [2008/01/21 03:23:23 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6001.18000_none_974e6dd8d8f8ec7e\i8042prt.sys
    [2008/01/21 03:23:23 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6002.18005_none_9939e6e4d61ab7ca\i8042prt.sys
    [2008/01/21 03:23:20 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6001.18000_none_4e340b7cd25b3352\i8042prt.sys
    [2008/01/21 03:09:47 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=BEA9838CD25D36BEBA3F94386A761D60 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\i8042prt.sys
    [2008/01/21 03:09:47 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=BEA9838CD25D36BEBA3F94386A761D60 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.20734_none_4cbafb05ee66fb5a\i8042prt.sys

    < MD5 for: IASTOR.SYS >
    [2007/09/29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
    [2007/09/29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
    [2007/09/29 23:03:12 | 000,308,248 | ---- | M]
    29 Septembre 2010 09:57:27

    voici la suite d'otl
    (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_41af7b1f\iaStor.sys

    < MD5 for: IASTORV.SYS >
    [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
    [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
    [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
    [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

    < MD5 for: MOUNTMGR.SYS >
    [2008/01/21 03:23:43 | 000,057,400 | ---- | M] (Microsoft Corporation) MD5=BDAFC88AA6B92F7842416EA6A48E1600 -- C:\Windows\System32\drivers\mountmgr.sys
    [2008/01/21 03:23:43 | 000,057,400 | ---- | M] (Microsoft Corporation) MD5=BDAFC88AA6B92F7842416EA6A48E1600 -- C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.0.6001.18000_none_f29824c60705c394\mountmgr.sys

    < MD5 for: MRXSMB.SYS >
    [2010/02/23 12:16:50 | 000,106,496 | ---- | M] (Microsoft Corporation) MD5=1F0DAA8676E0B3D00C2EC1F82B140A1C -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6002.22346_none_81dc4772677c5da2\mrxsmb.sys
    [2009/04/11 05:14:28 | 000,105,984 | ---- | M] (Microsoft Corporation) MD5=317EB668973951BAD512EE8BEBF9ED25 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6002.18005_none_817ce6414e3f3a6f\mrxsmb.sys
    [2010/02/23 12:10:13 | 000,106,496 | ---- | M] (Microsoft Corporation) MD5=454341E652BDF5E01B0F2140232B073E -- C:\Windows\System32\drivers\mrxsmb.sys
    [2010/02/23 12:10:13 | 000,106,496 | ---- | M] (Microsoft Corporation) MD5=454341E652BDF5E01B0F2140232B073E -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6002.18213_none_8170198d4e491e00\mrxsmb.sys
    [2009/12/04 17:14:15 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=64B76496CCEA0A56CC0B1F9B32605F8F -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.21173_none_7debfa986d4ab84f\mrxsmb.sys
    [2009/12/04 17:12:51 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=66592E91051728C3571B0D77175686AB -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6001.18375_none_7f4ac4e55151a8e2\mrxsmb.sys
    [2009/12/04 16:56:09 | 000,105,984 | ---- | M] (Microsoft Corporation) MD5=66DE1A2B389A1969CA1751B276108E45 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6002.18158_none_8149d9694e650f50\mrxsmb.sys
    [2009/12/04 17:08:29 | 000,105,984 | ---- | M] (Microsoft Corporation) MD5=7295B41FBCA3231841A7EDFF34A7BD14 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6002.22281_none_81ac046a67a1518c\mrxsmb.sys
    [2010/02/23 12:32:31 | 000,105,984 | ---- | M] (Microsoft Corporation) MD5=7AFC42E60432FD1014F5342F2B1B1F74 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6001.18431_none_7f7205535134d0e9\mrxsmb.sys
    [2010/02/23 14:14:41 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=8AF705CE1BB907932157FAB821170F27 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.17025_none_7d9a6dfd5402bf7e\mrxsmb.sys
    [2009/12/04 17:16:23 | 000,105,984 | ---- | M] (Microsoft Corporation) MD5=B81A462840C1C9FE6B4EAB893402F3D2 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6001.22575_none_7fd463966a6f45d3\mrxsmb.sys
    [2010/02/23 12:30:49 | 000,102,912 | ---- | M] (Microsoft Corporation) MD5=BBB0D31B477CFF3B4F737ED0367F635F -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.21230_none_7e143b506d2cf9ad\mrxsmb.sys
    [2008/01/21 03:24:11 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=C4AD205530888404E2B5FC8D9319B119 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6001.18000_none_7f916d35511d6f23\mrxsmb.sys
    [2010/02/23 12:30:23 | 000,106,496 | ---- | M] (Microsoft Corporation) MD5=D92DB980E8F791286750127C8E371A7D -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6001.22641_none_7ff0d4186a5a89cb\mrxsmb.sys
    [2009/12/04 17:27:45 | 000,101,888 | ---- | M] (Microsoft Corporation) MD5=F6805DC6823B90393D561BDB163468F6 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.16971_none_7d608517542eb295\mrxsmb.sys

    < MD5 for: MRXSMB10.SYS >
    [2009/04/11 05:14:36 | 000,212,992 | ---- | M] (Microsoft Corporation) MD5=05716F0203B5C774A87384A1FF7B968F -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6002.18005_none_8a900495489078d1\mrxsmb10.sys
    [2008/08/27 01:52:38 | 000,212,480 | ---- | M] (Microsoft Corporation) MD5=0883E1ADA541F4201ECAF63C29F2DCAC -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22252_none_88fa1b3264b308d9\mrxsmb10.sys
    [2008/08/27 02:05:41 | 000,212,480 | ---- | M] (Microsoft Corporation) MD5=0A986B34F1678A2697574D7B1664E2DD -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18130_none_88841dab4b86fe7f\mrxsmb10.sys
    [2010/02/23 12:10:19 | 000,212,992 | ---- | M] (Microsoft Corporation) MD5=2A4901AFF069944FA945ED5BBF4DCDE3 -- C:\Windows\System32\drivers\mrxsmb10.sys
    [2010/02/23 12:10:19 | 000,212,992 | ---- | M] (Microsoft Corporation) MD5=2A4901AFF069944FA945ED5BBF4DCDE3 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6002.18213_none_8a8337e1489a5c62\mrxsmb10.sys
    [2008/08/26 02:11:59 | 000,211,456 | ---- | M] (Microsoft Corporation) MD5=2BBD3970018270D2C6A0B069F568154E -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.16738_none_86a5e1554e593846\mrxsmb10.sys
    [2010/02/23 12:16:58 | 000,212,992 | ---- | M] (Microsoft Corporation) MD5=32E743994055D8D4729E2F2E0EF4758D -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6002.22346_none_8aef65c661cd9c04\mrxsmb10.sys
    [2009/12/04 16:56:16 | 000,212,992 | ---- | M] (Microsoft Corporation) MD5=346611D7523B520FAA86B76753CC9874 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6002.18158_none_8a5cf7bd48b64db2\mrxsmb10.sys
    [2009/12/04 17:27:52 | 000,211,968 | ---- | M] (Microsoft Corporation) MD5=3B6200FE9DEEF1F9BBF576A80082A741 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.16971_none_8673a36b4e7ff0f7\mrxsmb10.sys
    [2008/05/08 03:47:34 | 000,211,968 | ---- | M] (Microsoft Corporation) MD5=3C9B1B7D11B08B465598C6B87A8B1735 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22175_none_88e77a5264c08f99\mrxsmb10.sys
    [2010/02/23 14:14:51 | 000,211,968 | ---- | M] (Microsoft Corporation) MD5=47E13AB23371BE3279EEF22BBFA2C1BE -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.17025_none_86ad8c514e53fde0\mrxsmb10.sys
    [2010/02/23 12:30:28 | 000,212,992 | ---- | M] (Microsoft Corporation) MD5=581305791239FAC6B5B4225AB0C7A7E4 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22641_none_8903f26c64abc82d\mrxsmb10.sys
    [2008/01/21 03:24:10 | 000,211,968 | ---- | M] (Microsoft Corporation) MD5=67E55CED3FC143C82A8197988BFC1F9A -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18000_none_88a48b894b6ead85\mrxsmb10.sys
    [2008/05/08 20:21:56 | 000,211,968 | ---- | M] (Microsoft Corporation) MD5=7F14576D4F7B1930F951FE585201BBA4 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18068_none_886bae514b981fe3\mrxsmb10.sys
    [2010/02/23 12:32:36 | 000,212,992 | ---- | M] (Microsoft Corporation) MD5=8A75752AE17924F65452746674B14B78 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18431_none_888523a74b860f4b\mrxsmb10.sys
    [2009/12/04 17:14:25 | 000,211,968 | ---- | M] (Microsoft Corporation) MD5=95764A2DFB3746407BBD6223BF1CE145 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.21173_none_86ff18ec679bf6b1\mrxsmb10.sys
    [2010/02/23 12:30:59 | 000,211,968 | ---- | M] (Microsoft Corporation) MD5=A6130566AC4178473B5DAC8F8F74407D -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.21230_none_872759a4677e380f\mrxsmb10.sys
    [2009/12/04 17:12:58 | 000,212,992 | ---- | M] (Microsoft Corporation) MD5=AA9496B3B8F1D3CB2D2A731BA05464E0 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18375_none_885de3394ba2e744\mrxsmb10.sys
    [2009/12/04 17:16:35 | 000,212,992 | ---- | M] (Microsoft Corporation) MD5=B04E30592FD96F3D543A1329CE0FD562 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22575_none_88e781ea64c08435\mrxsmb10.sys
    [2009/12/04 17:08:40 | 000,212,992 | ---- | M] (Microsoft Corporation) MD5=BB74E8E0DE15AF95703AAAD907BEDF5E -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6002.22281_none_8abf22be61f28fee\mrxsmb10.sys
    [2008/08/27 01:48:36 | 000,211,968 | ---- | M] (Microsoft Corporation) MD5=F813456C00B904DC3B6558CAD7B13BBA -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.20904_none_874beea267621c08\mrxsmb10.sys

    < MD5 for: MRXSMB20.SYS >
    [2010/02/23 12:10:13 | 000,079,360 | ---- | M] (Microsoft Corporation) MD5=28B3F1AB44BDD4432C041581412F17D9 -- C:\Windows\System32\drivers\mrxsmb20.sys
    [2010/02/23 12:10:13 | 000,079,360 | ---- | M] (Microsoft Corporation) MD5=28B3F1AB44BDD4432C041581412F17D9 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6002.18213_none_8cb9a1f386f18fd3\mrxsmb20.sys
    [2007/10/26 02:40:16 | 000,058,368 | ---- | M] (Microsoft Corporation) MD5=30A67C7D8B80281028916DED6A64AEC9 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.16586_none_88a4376b8cdaca70\mrxsmb20.sys
    [2008/01/21 03:24:28 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=3268B8C3FA92BFC086355C39B45E9CC9 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6001.18000_none_8adaf59b89c5e0f6\mrxsmb20.sys
    [2010/02/23 12:30:53 | 000,058,368 | ---- | M] (Microsoft Corporation) MD5=3D475E770D3AB2D0C5E3E1386871F9DA -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.21230_none_895dc3b6a5d56b80\mrxsmb20.sys
    [2009/12/04 17:14:17 | 000,058,368 | ---- | M] (Microsoft Corporation) MD5=7E1B134C0EDD4AF6564A50559A4C9268 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.21173_none_893582fea5f32a22\mrxsmb20.sys
    [2010/02/23 14:14:42 | 000,058,368 | ---- | M] (Microsoft Corporation) MD5=90B3FC7BD6B3D7EE7635DEBBA2187F66 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.17025_none_88e3f6638cab3151\mrxsmb20.sys
    [2010/02/23 12:16:50 | 000,079,360 | ---- | M] (Microsoft Corporation) MD5=98A085E296A9BA865CAE56C1BCB1A0F6 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6002.22346_none_8d25cfd8a024cf75\mrxsmb20.sys
    [2010/02/23 12:30:23 | 000,079,360 | ---- | M] (Microsoft Corporation) MD5=A4BD317F6D6AD2B3A1FF81DC063748D4 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6001.22641_none_8b3a5c7ea302fb9e\mrxsmb20.sys
    [2009/04/11 05:14:29 | 000,079,360 | ---- | M] (Microsoft Corporation) MD5=C70C50D101B92B45C42BA11EA9FE6CD1 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6002.18005_none_8cc66ea786e7ac42\mrxsmb20.sys
    [2010/02/23 12:32:33 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=F4D0F3252E651F02BE64984FFA738394 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6001.18431_none_8abb8db989dd42bc\mrxsmb20.sys

    < MD5 for: NDIS.SYS >
    [2009/04/11 07:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
    [2009/04/11 07:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
    [2008/01/21 03:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

    < MD5 for: NETLOGON.DLL >
    [2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
    [2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
    [2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
    [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
    [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
    [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

    < MD5 for: RASACD.SYS >
    [2008/01/21 03:24:19 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=147D7F9C556D259924351FEB0DE606C3 -- C:\Windows\System32\drivers\rasacd.sys
    [2008/01/21 03:24:19 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=147D7F9C556D259924351FEB0DE606C3 -- C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasacd.sys

    < MD5 for: SCECLI.DLL >
    [2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
    [2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
    [2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

    < MD5 for: STORPORT.SYS >
    [2008/01/21 03:24:03 | 000,123,960 | ---- | M] (Microsoft Corporation) MD5=39AD2C7B9C05C1CCD12480890DBA4EB5 -- C:\Windows\winsxs\x86_microsoft-windows-storport_31bf3856ad364e35_6.0.6001.18000_none_277c4ea9302ee5d3\Storport.sys
    [2009/04/11 07:32:54 | 000,122,344 | ---- | M] (Microsoft Corporation) MD5=47E55AFE1ED1D5AFF09690DB226F4A7A -- C:\Windows\System32\drivers\Storport.sys
    [2009/04/11 07:32:54 | 000,122,344 | ---- | M] (Microsoft Corporation) MD5=47E55AFE1ED1D5AFF09690DB226F4A7A -- C:\Windows\winsxs\x86_microsoft-windows-storport_31bf3856ad364e35_6.0.6002.18005_none_2967c7b52d50b11f\Storport.sys

    < MD5 for: TCPIP.SYS >
    [2008/04/26 09:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
    [2009/04/11 07:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
    [2009/12/08 21:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
    [2009/08/15 22:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
    [2009/08/14 18:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
    [2010/02/18 12:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
    [2010/02/18 15:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
    [2009/08/14 15:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
    [2009/12/08 21:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
    [2010/02/18 15:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
    [2010/02/18 13:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
    [2009/12/08 21:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
    [2010/06/16 16:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
    [2009/08/14 17:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
    [2010/06/16 17:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
    [2010/06/16 16:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
    [2008/04/26 09:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
    [2009/12/08 18:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
    [2009/08/14 18:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
    [2010/02/18 18:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
    [2010/06/16 17:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\System32\drivers\tcpip.sys
    [2010/06/16 17:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
    [2009/12/08 18:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
    [2010/02/18 15:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
    [2009/12/08 21:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
    [2008/01/21 03:25:03 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
    [2009/08/14 17:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

    < MD5 for: TERMDD.SYS >
    [2006/11/02 10:50:28 | 000,050,792 | ---- | M] (Microsoft Corporation) MD5=2C549BD9DD091FBFAA0A2A48E82EC2FB -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\termdd.sys
    [2009/04/11 07:32:52 | 000,053,224 | ---- | M] (Microsoft Corporation) MD5=3CAD38910468EAB9A6479E2F01DB43C7 -- C:\Windows\System32\drivers\termdd.sys
    [2009/04/11 07:32:52 | 000,053,224 | ---- | M] (Microsoft Corporation) MD5=3CAD38910468EAB9A6479E2F01DB43C7 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\termdd.sys
    [2009/04/11 07:32:52 | 000,053,224 | ---- | M] (Microsoft Corporation) MD5=3CAD38910468EAB9A6479E2F01DB43C7 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\termdd.sys
    [2008/01/21 03:23:01 | 000,054,328 | ---- | M] (Microsoft Corporation) MD5=A048056F5E1A96A9BF3071B91741A5AA -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\termdd.sys
    [2008/01/21 03:23:01 | 000,054,328 | ---- | M] (Microsoft Corporation) MD5=A048056F5E1A96A9BF3071B91741A5AA -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\termdd.sys

    < MD5 for: USERINIT.EXE >
    [2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
    [2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

    < MD5 for: WIN32K.SYS >
    [2008/02/29 05:14:24 | 002,028,544 | ---- | M] (Microsoft Corporation) MD5=0FB1E39EE209B26B70A8C1E1A56D38DF -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20782_none_b7425913b6bceacf\win32k.sys
    [2009/04/21 12:55:06 | 002,033,152 | ---- | M] (Microsoft Corporation) MD5=13D686DF9652E7A397B2C3DA89881C34 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18246_none_b8ce3f929aa1cbdc\win32k.sys
    [2009/08/14 14:53:16 | 002,035,712 | ---- | M] (Microsoft Corporation) MD5=18406CE410C1A4394FE1A8246D10567F -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18311_none_b8e9afca9a8df67d\win32k.sys
    [2009/08/14 14:29:56 | 002,045,440 | ---- | M] (Microsoft Corporation) MD5=26AC4A647E67C7A7064309CBF1AAE3AC -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22200_none_bb639005b0cab34a\win32k.sys
    [2010/06/21 14:47:04 | 002,045,952 | ---- | M] (Microsoft Corporation) MD5=2AB7745E006D3692A6B758F9A97386A8 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22428_none_bb55f649b0d3b032\win32k.sys
    [2009/02/09 03:54:45 | 002,033,664 | ---- | M] (Microsoft Corporation) MD5=33180D19BCCBF9CB6B96CE03BB613FD4 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22372_none_b9336b71b3db5a1d\win32k.sys
    [2008/09/20 02:13:20 | 002,029,568 | ---- | M] (Microsoft Corporation) MD5=541DF3F03A378BDD96A917A4CB8C71A2 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20922_none_b7833c67b68c3d77\win32k.sys
    [2008/02/29 05:15:56 | 002,032,128 | ---- | M] (Microsoft Corporation) MD5=5B1E0409A9A6C415543732F21B2B7CC6 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22125_none_b96c781fb3b0201f\win32k.sys
    [2009/02/09 04:10:34 | 002,033,152 | ---- | M] (Microsoft Corporation) MD5=5CAE6E4513342909C7FDA4F83D85E958 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18211_none_b8e9ade49a8df956\win32k.sys
    [2009/04/21 12:55:42 | 002,030,080 | ---- | M] (Microsoft Corporation) MD5=633B5887DC689EB3ECF2F0994F506F40 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.21044_none_b76f7545b69adb49\win32k.sys
    [2008/01/21 03:24:35 | 002,031,616 | ---- | M] (Microsoft Corporation) MD5=664FCB81B53ECC5A1ACB325D50EB11C0 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18000_none_b8f379ba9a86c9c0\win32k.sys
    [2009/02/09 02:54:23 | 002,030,080 | ---- | M] (Microsoft Corporation) MD5=6730B1581BBE610596C322465229D8A2 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.21006_none_b79cb589b6789e33\win32k.sys
    [2009/02/09 02:59:26 | 002,028,032 | ---- | M] (Microsoft Corporation) MD5=68D3921F210FC146876B7815DF5BCC41 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16816_none_b70870b09d62e718\win32k.sys
    [2010/05/01 14:53:49 | 002,036,224 | ---- | M] (Microsoft Corporation) MD5=6E78D8BB909579F9CBA6C8410C5C1697 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18468_none_b8baa41a9ab030ba\win32k.sys
    [2008/02/29 05:16:38 | 002,027,008 | ---- | M] (Microsoft Corporation) MD5=6FF39E07708091C05FC748DB2DE833EA -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16646_none_b6e7fd209d7b409d\win32k.sys
    [2009/04/11 05:24:16 | 002,034,688 | ---- | M] (Microsoft Corporation) MD5=71C61AFCD453F3153B0EB4F988EE669D -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18005_none_badef2c697a8950c\win32k.sys
    [2009/08/14 14:27:17 | 002,036,736 | ---- | M] (Microsoft Corporation) MD5=8705038245789561EE714D12CC3368CE -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18091_none_ba79a25297f52b29\win32k.sys
    [2008/09/20 02:21:50 | 002,033,152 | ---- | M] (Microsoft Corporation) MD5=8BE357305D4BBEC35DBBE7D5536EE8C9 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22271_none_b9326941b3dc439f\win32k.sys
    [2008/02/29 05:21:49 | 002,032,128 | ---- | M] (Microsoft Corporation) MD5=8F2DA4DDC21250ABA9206352A1080299 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18027_none_b8e4dbe89a90b303\win32k.sys
    [2010/05/01 21:27:32 | 002,036,736 | ---- | M] (Microsoft Corporation) MD5=92D62DCB0C488707CCDBC4044C62920C -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22682_none_b928a137b3e36d83\win32k.sys
    [2008/09/18 03:16:28 | 002,032,640 | ---- | M] (Microsoft Corporation) MD5=9304DD0014438C06261994960E24418A -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18145_none_b8cd3d629aa2b55e\win32k.sys
    [2009/08/14 15:01:34 | 002,031,104 | ---- | M] (Microsoft Corporation) MD5=9352E049F234BFA756C840CD8BDF4FFE -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16908_none_b71543169d58fafc\win32k.sys
    [2010/06/21 14:18:15 | 002,036,736 | ---- | M] (Microsoft Corporation) MD5=A0F8D73E65CD93F90FE9410FB17CD154 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18496_none_b89833c29aca51df\win32k.sys
    [2009/04/21 12:39:47 | 002,034,688 | ---- | M] (Microsoft Corporation) MD5=A1696D4E327DB3FC815DAE837DC3D8B8 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18023_none_bac7525a97ba9a40\win32k.sys
    [2008/09/18 03:03:07 | 002,027,520 | ---- | M] (Microsoft Corporation) MD5=A90760D6F915CBB28E7F240668881BDE -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16754_none_b6db2e869d852707\win32k.sys
    [2009/04/21 12:42:33 | 002,034,688 | ---- | M] (Microsoft Corporation) MD5=AB4D93D30AA6B51598ADAFB6AAAB5962 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22119_none_bb61c0cdb0cab623\win32k.sys
    [2010/05/01 15:26:07 | 002,045,440 | ---- | M] (Microsoft Corporation) MD5=ABC44865039F3D6B055F7418A83802CC -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22396_none_bb08445bb10e43f4\win32k.sys
    [2010/06/21 14:25:11 | 002,036,736 | ---- | M] (Microsoft Corporation) MD5=B39C0D9A2B67487FCCF50345E44F8125 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22716_none_b97853b9b3a70c6f\win32k.sys
    [2010/06/21 14:37:03 | 002,037,760 | ---- | M] (Microsoft Corporation) MD5=C803AEA1F4ED11CBBFFBEFF2FE78D463 -- C:\Windows\System32\win32k.sys
    [2010/06/21 14:37:03 | 002,037,760 | ---- | M] (Microsoft Corporation) MD5=C803AEA1F4ED11CBBFFBEFF2FE78D463 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18275_none_ba93471e97e152f1\win32k.sys
    [2009/08/14 14:46:38 | 002,036,224 | ---- | M] (Microsoft Corporation) MD5=D4F9530BB031E0BAEDBE08B21BE52ADD -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22497_none_b922cef1b3e70dd9\win32k.sys
    [2009/04/21 14:26:36 | 002,034,176 | ---- | M] (Microsoft Corporation) MD5=D8882CAF965DCBDE4278C88842D0ACFE -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22416_none_b9784e07b3a714fa\win32k.sys
    [2010/05/01 15:13:48 | 002,037,248 | ---- | M] (Microsoft Corporation) MD5=DE14B77E9A30588F944163BD0911EDEA -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18253_none_baa6e66297d2e861\win32k.sys
    [2009/04/21 13:04:30 | 002,028,032 | ---- | M] (Microsoft Corporation) MD5=F0F292B8E028D69ACF49A9A78FBE4B78 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16849_none_b6eb01ca9d7886f0\win32k.sys
    [2009/08/15 22:08:32 | 002,032,128 | ---- | M] (Microsoft Corporation) MD5=F140B984628DA0171AC67548A0515572 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.21108_none_b79eb803b676ce08\win32k.sys

    < MD5 for: WININIT.EXE >
    [2008/01/21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
    [2008/01/21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

    < MD5 for: WINLOGON.EXE >
    [2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
    [2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
    [2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

    < %SYSTEMDRIVE%\*.exe >

    < %ALLUSERSPROFILE%\Application Data\*. >

    < %ALLUSERSPROFILE%\Application Data\*.exe /s >

    < %APPDATA%\*. >
    [2010/09/20 15:30:52 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\Adobe
    [2010/08/04 16:36:24 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\Adobe Mini Bridge CS5
    [2010/07/29 15:16:06 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\Ahead
    [2010/03/05 19:13:59 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\AIMP
    [2010/03/19 11:09:26 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\Anvil Studio
    [2010/09/20 16:23:11 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\Autodesk
    [2010/02/26 17:32:40 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\avidemux
    [2010/04/22 18:43:23 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\Babylon
    [2009/09/09 12:43:50 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\BitDefender
    [2009/09/17 15:04:38 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\Canneverbe_Limited
    [2010/07/23 16:09:09 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2008/08/30 18:42:30 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\CyberLink
    [2010/09/20 12:20:46 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\dvdcss
    [2010/07/26 15:28:37 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\FlashGet
    [2008/08/29 21:27:34 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\Google
    [2010/04/06 18:13:44 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\gtk-2.0
    [2008/10/31 17:54:51 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\HP
    [2008/08/29 18:54:48 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\Identities
    [2010/04/06 15:45:50 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\Inkscape
    [2008/11/12 15:38:21 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\InstallShield
    [2008/08/31 11:09:39 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\Macromedia
    [2010/06/30 08:55:46 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\Malwarebytes
    [2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\Media Center Programs
    [2009/05/06 07:48:40 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\Micro Application
    [2010/08/25 09:15:03 | 000,000,000 | --SD | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\Microsoft
    [2010/07/27 15:23:46 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\mojosoft
    [2008/10/31 16:40:16 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\Mozilla
    [2010/07/29 12:18:04 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\Nero
    [2010/09/08 17:05:27 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\NetMedia Providers
    [2010/04/16 16:36:41 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\Nvu
    [2010/09/22 12:09:57 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\OpenOffice.org2
    [2009/09/23 12:19:09 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\PanoramaStudio
    [2009/06/22 06:01:33 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\PeerNetworking
    [2010/02/18 21:06:13 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\PhotoFiltre
    [2010/09/10 15:09:25 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\Publish Providers
    [2010/09/24 09:11:15 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\QuickScan
    [2009/10/07 11:33:16 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\Serif
    [2010/08/26 16:05:58 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\SodeaSoft
    [2010/09/15 12:24:28 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\Sony
    [2010/08/04 16:36:24 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2010/09/06 16:36:33 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\TeamViewer
    [2009/07/28 12:23:42 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\Template
    [2010/08/25 10:34:46 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\Tracker Software
    [2010/09/20 15:52:23 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\vlc
    [2009/05/22 06:20:52 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\Voxmobili
    [2010/06/07 14:04:26 | 000,000,000 | ---D | M] -- C:\Users\A.M.A.R.E\AppData\Roaming\XnView

    < %APPDATA%\*.exe /s >
    [2010/07/23 09:42:22 | 000,038,784 | ---- | M] () -- C:\Users\A.M.A.R.E\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    [2009/01/06 12:39:56 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\A.M.A.R.E\AppData\Roaming\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
    [2009/10/07 11:47:19 | 000,057,344 | R--- | M] (Macrovision Corporation) -- C:\Users\A.M.A.R.E\AppData\Roaming\Microsoft\Installer\{C1FD1685-D578-4F60-8AAF-AA02C9BB8690}\ARPPRODUCTICON.exe
    [2009/10/07 11:47:19 | 000,057,344 | R--- | M] (Macrovision Corporation) -- C:\Users\A.M.A.R.E\AppData\Roaming\Microsoft\Installer\{C1FD1685-D578-4F60-8AAF-AA02C9BB8690}\NewShortcut11_C1FD1685D5784F608AAFAA02C9BB8690.exe
    [2009/10/07 11:47:19 | 000,057,344 | R--- | M] (Macrovision Corporation) -- C:\Users\A.M.A.R.E\AppData\Roaming\Microsoft\Installer\{C1FD1685-D578-4F60-8AAF-AA02C9BB8690}\NewShortcut1_C1FD1685D5784F608AAFAA02C9BB8690.exe
    [2009/10/07 11:47:19 | 000,008,854 | R--- | M] () -- C:\Users\A.M.A.R.E\AppData\Roaming\Microsoft\Installer\{C1FD1685-D578-4F60-8AAF-AA02C9BB8690}\UNINST_Uninstall_P_1DB41499FBC640D5BA369BED1968CB35.exe
    [2009/03/23 16:51:01 | 000,086,576 | ---- | M] (Microsoft Corporation) -- C:\Users\A.M.A.R.E\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
    [2009/03/23 16:51:01 | 000,132,672 | ---- | M] (Microsoft Corporation) -- C:\Users\A.M.A.R.E\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
    [2010/03/29 05:53:22 | 000,029,984 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\A.M.A.R.E\AppData\Roaming\Mozilla\Firefox\Profiles\kvda66hw.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
    [2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
    [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >
    [2009/09/09 14:00:26 | 000,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) Unable to obtain MD5 -- C:\Windows\System32\drivers\bdfm.sys
    [2009/09/09 14:00:29 | 000,104,456 | ---- | M] (BitDefender LLC) Unable to obtain MD5 -- C:\Windows\System32\drivers\bdfndisf.sys
    [2009/09/09 14:00:32 | 000,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) Unable to obtain MD5 -- C:\Windows\System32\drivers\bdfsfltr.sys
    < End of report >
    29 Septembre 2010 10:15:45

    et voici le début pour extra
    OTL Extras logfile created on: 28/09/2010 16:19:13 - Run 1
    OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\A.M.A.R.E\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18943)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 30,00% Memory free
    7,00 Gb Paging File | 5,00 Gb Available in Paging File | 70,00% Paging File free
    Paging file location(s): c:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 153,63 Gb Total Space | 50,92 Gb Free Space | 33,15% Space Free | Partition Type: NTFS
    Drive D: | 303,34 Gb Total Space | 143,96 Gb Free Space | 47,46% Space Free | Partition Type: NTFS
    Drive E: | 564,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: IMACHE
    Current User Name: A.M.A.R.E
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .scr [@ = DWGTrueViewScriptFile] -- "" "%1"

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 1
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00ED6F15-BAEF-402A-AB44-12BE5001D880}" = rport=138 | protocol=17 | dir=out | app=system |
    "{0294073B-EE4D-4A69-B046-22B2CE207BAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{055BF74C-64A9-41DF-9AAE-A58C30E00F09}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
    "{0915E1DF-F330-48DA-A8A9-345766762CE0}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
    "{09ADA0C6-6DBB-4EAB-A30D-CBAB742BFE15}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
    "{0CC6AB26-7E8F-4B61-BF5D-41C21D860948}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{11864076-8783-4B4A-8A0B-72015EEDFD5C}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
    "{12CD59D0-8C4E-48A5-837F-5467056BEAD4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{16E5D52E-F607-47DA-AEE6-AE0F27406CCD}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{1DA21D1B-66EA-49E0-8D33-532228B02114}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{1EAB9FFB-47F2-4C2C-A145-7852A2C495A7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{23140715-839C-454B-B98C-B719AF0C5BC4}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
    "{27B5842C-D1B4-42D7-BE77-B9DD14DE71C0}" = rport=5358 | protocol=6 | dir=out | app=system |
    "{358A5466-3E5D-41D9-9B31-12DE84267E24}" = lport=5357 | protocol=6 | dir=in | app=system |
    "{3EBC226F-DCFC-44BE-B474-AF94548AA75B}" = lport=137 | protocol=17 | dir=in | app=system |
    "{40D7A060-08FA-4D39-8D96-4E5DBB0A7FC8}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{488BEFCB-43F5-4CF8-95B2-17042DF0F873}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{4FDB052D-9C51-411F-A27E-276AEA141FC9}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
    "{517B3BC5-00D3-4AAE-A8CD-4EF88623AAED}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
    "{556F9F96-51ED-466D-9004-0D4DF1A59D44}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{5A172BAD-1D59-47F2-8F31-373C7C6AB30F}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
    "{5E24D737-0124-46D5-B56B-4A26DAD46545}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{5E3B55DA-B23E-4152-961B-E2F8A4ABE018}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{5E56A421-AB00-4583-A57D-0377775F8C4F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{65758A69-D05A-49DD-A96E-87E3A33C7827}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
    "{773F872A-5586-4427-A225-DC396BE2BD88}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
    "{79FCFD4C-1252-4376-B11A-EC075767EDC4}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
    "{7B749FB9-F273-497F-9FB0-A9E536E4ABC3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{822F51B6-1F5A-4250-B73C-D024F7672D82}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{83E2D9F8-9F2C-4A66-89A1-936B8778CA3D}" = rport=139 | protocol=6 | dir=out | app=system |
    "{88DE02B6-D3A8-49BE-9333-E0CD2293B40A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{8AD48AC9-8035-40B8-BCA2-A9A9D748B5DF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{953EFA48-1D80-4B32-BF8B-94D7BA742C66}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{9C181BF2-66B1-4AC4-B06D-B1B956D5D46C}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{9C18FCCA-4DB0-461C-838C-93E289A13068}" = lport=445 | protocol=6 | dir=in | app=system |
    "{A125B956-6810-4C47-9F87-52BC92777DB6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A15AAC65-AE6B-4BC3-BD0F-922E26FF261A}" = rport=5357 | protocol=6 | dir=out | app=system |
    "{A38FA648-969F-4FD1-AE03-07EC9C3CC63C}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
    "{AC9BC157-431B-49CB-AC71-F7FF110F0E2B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
    "{AD933905-3CAC-4C04-858E-C8D01040F98C}" = rport=137 | protocol=17 | dir=out | app=system |
    "{B0560CF9-DC41-4254-A755-DDA524DE50D3}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{B1C090E2-E710-4E86-B2CE-AC4DFC45A063}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
    "{B1DFF872-9197-43C8-9055-939F60DFA03D}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{B9D5A9C3-9DFC-4BF7-A3A7-C4B5CEA6F692}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BD1336C0-A83B-4725-BDA7-EEDFEAE3D52C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{C01AB0FF-BFF6-4F00-AC57-9164F169245F}" = lport=5358 | protocol=6 | dir=in | app=system |
    "{C0CA7754-23CD-426B-9703-9304B80EA438}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C7295003-0D2B-47E2-AB61-CF0F6718BEAE}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{CADC7CE7-5285-4C50-981F-CB6A9B45A584}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{D66A0945-B831-452A-B7CF-CB8EBBB0D8EB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{DB29CA10-DDB7-46B9-850C-44E4E436A271}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{DCAADBA7-BDCA-45B6-B38E-34BDAD55D140}" = lport=138 | protocol=17 | dir=in | app=system |
    "{DF5264E7-FD3C-4A3B-9CCD-82E581E0F53E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
    "{E0521CBD-8943-4EE8-A92D-C3DA6696A5A9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E1756B7F-9263-4E36-91E3-105A8B10A799}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
    "{E21D9F66-EC1C-436C-81AF-D60D017C4D9E}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
    "{E2255CFA-D514-4F3D-A3B2-19BA0E8FE5DF}" = rport=445 | protocol=6 | dir=out | app=system |
    "{E2C6DE76-1D7D-4376-A802-62F0BB49FACF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E5FCF0F2-8724-412B-B8A0-3A27C7747419}" = lport=139 | protocol=6 | dir=in | app=system |
    "{E8022F8B-7077-4D44-A45E-B6B70C0ADA22}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{EC4473F0-64BE-4F07-87F6-A4B98589229A}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
    "{EE51A7D1-4B72-42E3-ADFE-5999CDE37C6C}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
    "{F4676A04-B37F-47A5-88E1-7911096F2E88}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F56E034B-F5D7-4A2E-96BD-409BADE35C77}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
    "{F8191F47-BAD8-4B5F-A6C1-3C16CBDD0CA5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{F8BE641C-C761-4AD5-887E-4506087A5398}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00113AB4-3881-4BF9-A0E4-B660C209EA8D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{1297AA85-01F2-416E-9012-EF61C5E0ABA8}" = protocol=6 | dir=in | app=c:\windows\temp\~os4b27.tmp\rlvknlg.exe |
    "{1775D03B-DFCE-4234-A3DA-DD635AB71EFC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{1F6C310B-C2BE-4A82-82DD-2B77F3E15AE5}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
    "{20FCBDB0-B771-4F09-865E-8492ECA0B94B}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
    "{2243B54F-B8AD-4DF2-B117-0634D5810356}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{2898B96A-2FFC-4004-B9A0-B026BF3866AD}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
    "{2CDE1D93-D5C8-4FEB-9073-2E412E48B136}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3009421E-7D13-439F-B35A-29466B418227}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{4096A10C-C150-4266-915B-3EC2042B17C0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{44E1424E-5E0D-46AF-A5A4-98FF6717073B}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
    "{478FFF23-BEB7-4761-A739-891774D7A4D8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{4D932B14-2241-4B36-A064-B71C8D10824D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{4FA7D0D8-60D5-4B4D-841F-5DAC367389AF}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
    "{5594E86F-0976-4E19-909A-1CA129D3E058}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{56A98BB2-EFDD-4458-970F-559173962484}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{6D2621B7-EA26-4F72-9139-78C2EA00B563}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
    "{724BCB0B-9139-43DC-97DC-0EC4EF4D9BBB}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
    "{774EF716-B081-4019-BE85-D1F7023B73F7}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
    "{8AE2FE7D-2A0A-4D8D-8BD0-557A0384D83E}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
    "{8DB40EE5-345B-420D-BEFF-59669648F4C0}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{8FA56207-D775-443D-ABB5-E7DE0EA88543}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{91E73E74-22E2-4753-B06C-4C699A2E27DA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{9B178D10-51FE-4EAE-ACD1-10BF1C45B080}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
    "{9F87A592-9516-4643-85C2-C698D687372E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A321398F-6948-4EB4-9F06-3458B1C05372}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{A6852B58-85A3-4ECA-A496-36C8C51FA252}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{AD0D012F-2669-4149-AE7D-2C131113263B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{AF9F5B9B-E16C-47C3-9A2D-F5EC579AB127}" = protocol=17 | dir=in | app=c:\program files\gamigo ag\levelr\levelr.bin |
    "{B0270D18-450E-46A0-BCF3-150289CB469F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{B0AF6286-5BD9-4DB4-B9E9-2DB638D6861A}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
    "{B51B05CE-9B27-48EF-B50E-F457E2BA9DCC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{B7E547C2-11D5-44BC-ACC8-C334801EABB0}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
    "{BECC3491-D827-42CB-9387-F6D8B87EDA2C}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
    "{CCD6624F-6EBE-4A48-B1A5-B97238B664CB}" = protocol=17 | dir=in | app=c:\windows\temp\~os4b27.tmp\rlvknlg.exe |
    "{D0752E7B-7F02-4597-893A-F749AA0D1641}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{D6BD171B-B2FC-4389-9C51-01C45560F7D5}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
    "{D8A510F7-4B28-48CC-991F-1E141673CF57}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
    "{DE241875-E6C6-4F87-A5CB-21269DD8A2EE}" = protocol=6 | dir=out | app=system |
    "{DE57FC56-C9F3-44BF-A0E6-816878A73ACB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{DE85F715-2EE5-4E8D-8403-B34F6C89EA28}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{DF26FA0D-E7D3-4332-9D34-B61A11352A20}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
    "{E50E1AD0-F405-477D-8F4B-A8251B4F9C6F}" = protocol=6 | dir=in | app=c:\program files\gamigo ag\levelr\levelr.bin |
    "{E84F1915-D364-4DC5-9A65-B6CF53E3A48B}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
    "{EF028615-6FCE-4544-9D39-758181ED7249}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{F2D1047F-2995-41DB-8385-FE02A001EB22}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
    "{F506EE47-A8CF-4613-B29B-86696C910C03}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
    "{F67E64D5-C344-4423-8B42-40A6B2BE9679}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F70B6BE3-E18F-46EF-85AA-82509C2F9CCC}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{F7297C43-8144-4185-988A-1C0FCB54DC12}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
    "{FBA0264A-6717-4B17-89A5-9B264122A8C6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "TCP Query User{0499E8DC-F5E4-410D-8DC4-205D7ED508CD}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
    "TCP Query User{2D703286-F2AB-4DA6-AE27-609CC1CEC84C}C:\program files\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmunitedforever\tmforever.exe |
    "TCP Query User{5832A289-CC36-4B47-ADB6-57E52B829EC4}C:\program files\r2 studios\tonic\tonic.exe" = protocol=6 | dir=in | app=c:\program files\r2 studios\tonic\tonic.exe |
    "TCP Query User{5F17F811-4189-41F7-A081-FB91DE376199}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
    "TCP Query User{EC52C9BC-CCD4-4233-A384-C616EFFE4C82}C:\program files\r2 studios\tonic\tonic.exe" = protocol=6 | dir=in | app=c:\program files\r2 studios\tonic\tonic.exe |
    "UDP Query User{07979E09-1A0E-4EE3-A9D5-16DA8FEF46BA}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
    "UDP Query User{37D1D6CB-4C41-481B-A457-C24AE544DF4A}C:\program files\r2 studios\tonic\tonic.exe" = protocol=17 | dir=in | app=c:\program files\r2 studios\tonic\tonic.exe |
    "UDP Query User{546863E4-7321-4E45-BEA6-BF26A957916F}C:\program files\r2 studios\tonic\tonic.exe" = protocol=17 | dir=in | app=c:\program files\r2 studios\tonic\tonic.exe |
    "UDP Query User{942AF3A5-885B-419B-9259-C0B29F96F642}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
    "UDP Query User{FE2BB8B9-FB5A-4C0F-907B-26E0C04349B6}C:\program files\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmunitedforever\tmforever.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{0214A441-A4AB-43A8-8DEF-2F73C5364673}" = Microsoft Works
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0BAD2227-9DD0-4A01-B814-53EE6B28178D}" = SodeaSoft Calendrier Mensuel
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
    "{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
    "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
    "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
    "{1FCC7185-DCF3-4478-86AD-C2F2D1116BE3}" = 7300
    "{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}" = Sony Sound Forge Audio Studio 9.0
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
    "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
    "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1
    "{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}" = DWG TrueView 2007
    "{2D991B91-55E2-4D32-AA6F-5A822CFC6E15}" = Micro Application - Cartes animées
    "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
    "{30EB024E-9FD0-45E6-849D-30CC6F1AF2F1}" = Retouchez vos Photos
    "{32257980-61DF-4685-A72B-08683838233B}" = 7300_Help
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
    "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
    "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
    "{377739AE-00D9-4E80-8ECB-4C8A7EFFE526}" = 7300Trb
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
    "{405ABBEB-8DF1-4174-86C0-DCB5E1C78F14}" = NetDeviceManager
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
    "{43F8F1E5-C740-4293-A309-EA9DD6474DB1}" = MotionDV STUDIO 5.3E LE for DV
    "{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
    "{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
    "{521F829A-CBDD-4525-A94C-05D4650E9F71}" = DVD Architect Pro 5.0
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
    "{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
    "{67302631-380D-4E15-8275-013214EEA343}" = Micro Application - 7 Dictionnaires Utiles
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
    "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
    "{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{751910E3-ECF1-44D0-BF3F-2936A4424514}" = ImageMixer3
    "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
    "{786547F9-59BB-4FA3-B2D8-327FF1F14870}" = Adobe Flash Player 9 ActiveX
    "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
    "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
    "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
    "{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8ACF317C-CA66-4363-AEBF-A073B124AA1A}" = BitDefender Total Security 2009
    "{8BAC9DAB-9118-4D13-8CF4-78812CC4755C}" = ACID Pro 7.0
    "{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
    "{8EC3DC60-AD23-4DB6-866A-9D59FC75C3A2}" = 802.11g Driver and Client Applications
    "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
    "{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
    "{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
    "{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
    "{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
    "{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
    "{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
    "{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
    "{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
    "{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
    "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
    "{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
    "{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
    "{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
    "{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
    "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
    "{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95120000-0122-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
    "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
    "{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
    "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
    "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
    "{9BC9D542-3EAE-4310-8BDC-68A325596446}" = IziSpot 4
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.4 - Français
    "{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
    "{AEB93E16-7F04-452F-9559-FD5E21778C8E}" = Plus de 600 Applications pour Excel
    "{B087B0C3-F595-485A-B86B-73326BA8693A}" = OpenOffice.org 2.3
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
    "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
    "{C1FD1685-D578-4F60-8AAF-AA02C9BB8690}" = Diaporama Créateur Photo HD
    "{C2EBC2F1-B766-4AE3-A10C-6EBBC1EE3B02}" = Logiciel de Synchronisation Orange
    "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
    "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
    "{C716522C-3731-4667-8579-40B098294500}" = Toolbox
    "{C87BC0B7-2BB8-49D1-8CE0-EB0410EF0938}" = SystemDiagnostics
    "{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE8C1474-6029-4A6F-BE34-836640015CAF}" = Ruban des 7 Dictionnaires Utiles
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
    "{D45860C4-ED91-4D66-9C54-437F24CC3B78}" = Micro Application - Cartes de Voeux Edition Classic
    "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
    "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
    "{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
    "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
    "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
    "{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
    "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
    "{EE75E959-F3BE-43CC-B78A-B48AD196CC89}" = Recettes et Conseils culinaires
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
    "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
    "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
    "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
    "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
    "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
    "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AIMP2" = AIMP2
    "Audacity_is1" = Audacity 1.2.6
    "AV Voice Changer Software DIAMOND 4.0" = AV Voice Changer Software DIAMOND 4.0
    "Avidemux 2.5" = Avidemux 2.5
    "AviSynth" = AviSynth 2.5
    "BusinessCardsMX3_is1" = BusinessCardsMX 3.93
    "Cartoonist_is1" = Cartoonist 1.3
    "CCleaner" = CCleaner (remove only)
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "CloneDVD2" = CloneDVD2
    "Cool AVI To WMV Converter_is1" = Cool AVI To WMV Converter 1.0
    "FlashGet" = FlashGet 1.9.6.1073
    "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0
    "Google Calendar Sync" = Google Calendar Sync
    "Google Desktop" = Google Desktop
    "HaaliMkx" = Haali Media Splitter
    "HijackThis" = HijackThis 2.0.2
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Imaging Device Functions" = HP Imaging Device Functions 8.0
    "Inkscape" = Inkscape 0.46
    "InstallShield_{EE75E959-F3BE-43CC-B78A-B48AD196CC89}" = Recettes et Conseils culinaires
    "KaraWin" = KaraWin
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MediaCoder" = MediaCoder 0.6.0
    "Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
    "NVIDIA Drivers" = NVIDIA Drivers
    "Nvu_is1" = Nvu 1.0
    "PanoramaStudio" = PanoramaStudio 1.6 (désinstaller)
    "Patchwork Maker" = Patchwork Maker
    "PDFCreator Toolbar" = PDFCreator Toolbar
    "Planning Free" = SodeaSoft Planning Family
    "PROHYBRIDR" = 2007 Microsoft Office system
    "QuickTime" = QuickTime
    "Recuva" = Recuva (remove only)
    "Ri4m v5.0.1d" = Ri4m v5.0.1d
    "Sqirlz Morph" = Sqirlz Morph
    "ST5UNST #1" = Anvil Studio
    "SuperCopier2" = SuperCopier2
    "TMMCOMMUNICATION" = TELL ME MORE Communication
    "TmUnitedForever_is1" = TmUnitedForever Update 2010-03-15
    "TOWeb-SetupID-0003_is1" = Lauyan TOWeb V3
    "Update Service" = Update Service
    "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
    "Vit Registry Fix" = Vit Registry Fix 9.5 (remove only)
    "VLC media player" = VLC media player 1.0.0
    "VMidi" = vanBasco's Karaoke Player
    "WinGroove" = WinGroove (Software WaveTable Synthesizer)
    "WinLiveSuite_Wave3" = Installation Windows Live
    "WinRAR archiver" = Archiveur WinRAR
    "Xara3D5" = Xara3D 5
    "XnView_is1" = XnView 1.96.5

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "PhotoFiltre" = PhotoFiltre
    "Piratrax" = Piratrax désinstallation
    "Sweet Home 3D" = Sweet Home 3D

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 22/09/2010 12:04:17 | Computer Name = IMACHE | Source = Application Error | ID = 1000
    Description = Application défaillante OUTLOOK.EXE, version 12.0.6539.5000, horodatage
    0x4c12486d, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000,
    code d’exception 0xc0000005, décalage d’erreur 0x000003e3, ID du processus 0x8a8,
    heure de début de l’application 0x01cb5a6d471e60fe.

    Error - 22/09/2010 12:04:21 | Computer Name = IMACHE | Source = Application Error | ID = 1000
    Description = Application défaillante dwwin.exe, version 6.0.6001.18000, horodatage
    0x47918ca2, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000,
    code d’exception 0xc0000005, décalage d’erreur 0x000bf4d8, ID du processus 0xe1c,
    heure de début de l’application 0x01cb5a6fcf33507e.

    Error - 23/09/2010 03:50:14 | Computer Name = IMACHE | Source = SideBySide | ID = 16842785
    Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\wksdb.exe ».
    Assembly
    dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

    Error - 23/09/2010 03:50:14 | Computer Name = IMACHE | Source = SideBySide | ID = 16842785
    Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\wksdb.exe ».
    Assembly
    dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

    Error - 23/09/2010 03:50:14 | Computer Name = IMACHE | Source = SideBySide | ID = 16842785
    Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\WksCal.exe ».
    Assembly
    dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

    Error - 23/09/2010 03:50:14 | Computer Name = IMACHE | Source = SideBySide | ID = 16842785
    Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\wksss.exe ».
    Assembly
    dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

    Error - 23/09/2010 03:50:14 | Computer Name = IMACHE | Source = SideBySide | ID = 16842785
    Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\wksss.exe ».
    Assembly
    dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

    Error - 23/09/2010 03:50:14 | Computer Name = IMACHE | Source = SideBySide | ID = 16842785
    Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\WksWP.exe ».
    Assembly
    dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

    Error - 23/09/2010 03:50:14 | Computer Name = IMACHE | Source = SideBySide | ID = 16842785
    Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\WksWP.exe ».
    Assembly
    dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

    Error - 23/09/2010 03:50:15 | Computer Name = IMACHE | Source = WinMgmt | ID = 10
    Description =

    [ Media Center Events ]
    Error - 31/08/2008 11:34:12 | Computer Name = LOGISTIQUE | Source = Media Center Guide | ID = 0
    Description = Info sur l’événement : ERROR: SqmApiWrapper.TimerRecord failed; Win32
    GetLastError returned 10000105 Processus : DefaultDomain Nom de l’objet : Media
    Center Guide

    Error - 07/05/2009 06:50:55 | Computer Name = IMACHE | Source = Media Center Guide | ID = 0
    Description = Info sur l’événement : Error: Failure setting the itu code for country
    en Processus : DefaultDomain Nom de l’objet : Media Center Guide

    Error - 26/08/2009 09:04:42 | Computer Name = IMACHE | Source = Media Center Guide | ID = 0
    Description = Info sur l’événement : ERROR: SqmApiWrapper.TimerRecord failed; Win32
    GetLastError returned 10000105 Processus : DefaultDomain Nom de l’objet : Media
    Center Guide

    Error - 04/01/2010 11:48:27 | Computer Name = IMACHE | Source = Media Center Guide | ID = 0
    Description = Info sur l’événement : ERROR: SqmApiWrapper.TimerRecord failed; Win32
    GetLastError returned 10000105 Processus : DefaultDomain Nom de l’objet : Media
    Center Guide

    Error - 04/01/2010 12:34:44 | Computer Name = IMACHE | Source = Media Center Guide | ID = 0
    Description = Info sur l’événement : ERROR: SqmApiWrapper.TimerRecord failed; Win32
    GetLastError returned 10000105 Processus : DefaultDomain Nom de l’objet : Media
    Center Guide

    Error - 18/01/2010 12:01:15 | Computer Name = IMACHE | Source = Media Center Guide | ID = 0
    Description = Info sur l’événement : ERROR: SqmApiWrapper.WaitForUploadComplete
    failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
    returned 10000109 Processus : DefaultDomain Nom de l’objet : Media Center Guide

    Error - 18/01/2010 16:10:23 | Computer Name = IMACHE | Source = Media Center Guide | ID = 0
    Description = Info sur l’événement : ERROR: SqmApiWrapper.WaitForUploadComplete
    failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
    returned 10000109 Processus : DefaultDomain Nom de l’objet : Media Center Guide

    Error - 18/01/2010 23:29:51 | Computer Name = IMACHE | Source = Media Center Guide | ID = 0
    Description = Info sur l’événement : ERROR: SqmApiWrapper.WaitForUploadComplete
    failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
    returned 10000109 Processus : DefaultDomain Nom de l’objet : Media Center Guide

    Error - 19/01/2010 02:28:56 | Computer Name = IMACHE | Source = Media Center Guide | ID = 0
    Description = Info sur l’événement : ERROR: SqmApiWrapper.TimerRecord failed; Win32
    GetLastError returned 10000105 Processus : DefaultDomain Nom de l’objet : Media
    Center Guide

    Error - 28/02/2010 08:02:30 | Computer Name = IMACHE | Source = Media Center Guide | ID = 0
    Description = Info sur l’événement : ERROR: SqmApiWrapper.TimerRecord failed; Win32
    GetLastError returned 10000105 Processus : DefaultDomain Nom de l’objet : Media
    Center Guide

    [ OSession Events ]
    Error - 17/07/2009 07:01:35 | Computer Name = IMACHE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 18273
    seconds with 1560 seconds of active time. This session ended with a crash.

    Error - 07/11/2009 07:07:39 | Computer Name = IMACHE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
    12.0.6501.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3762
    seconds with 960 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 24/09/2010 03:43:56 | Computer Name = IMACHE | Source = Service Control Manager | ID = 7000
    Description =

    Error - 24/09/2010 03:47:06 | Computer Name = IMACHE | Source = Ntfs | ID = 262281
    Description = Le gestionnaire des ressources de la transaction par défaut sur le
    volume \Device\BdVeVolume1 a rencontré une erreur non renouvelable et n’a pas pu
    démarrer. Les données contiennent le code de l’erreur.

    Error - 24/09/2010 12:12:53 | Computer Name = IMACHE | Source = Ntfs | ID = 262281
    Description = Le gestionnaire des ressources de la transaction par défaut sur le
    volume \Device\BdVeVolume2 a rencontré une erreur non renouvelable et n’a pas pu
    démarrer. Les données contiennent le code de l’erreur.

    Error - 27/09/2010 03:12:25 | Computer Name = IMACHE | Source = DCOM | ID = 10016
    Description =

    Error - 27/09/2010 03:29:31 | Computer Name = IMACHE | Source = ipnathlp | ID = 31004
    Description = L'agent proxy DNS n'a pas pu allouer 0 octets de mémoire. Ceci peut
    indiquer que le système n'a plus beaucoup de mémoire virtuelle, ou que le gestionnaire
    de mémoire a rencontré une erreur interne.

    Error - 27/09/2010 03:29:34 | Computer Name = IMACHE | Source = ipnathlp | ID = 31004
    Description = L'agent proxy DNS n'a pas pu allouer 0 octets de mémoire. Ceci peut
    indiquer que le système n'a plus beaucoup de mémoire virtuelle, ou que le gestionnaire
    de mémoire a rencontré une erreur interne.

    Error - 27/09/2010 08:04:00 | Computer Name = IMACHE | Source = Dhcp | ID = 1002
    Description = Le bail de l'adresse IP 192.168.1.4 pour la carte réseau dont l'adresse
    réseau est 001D92881548 a été refusé par le serveur DHCP 192.168.1.1 (celui-ci
    a envoyé un message DHCPNACK).

    Error - 27/09/2010 08:05:20 | Computer Name = IMACHE | Source = DCOM | ID = 10016
    Description =

    Error - 28/09/2010 07:34:47 | Computer Name = IMACHE | Source = Dhcp | ID = 1002
    Description = Le bail de l'adresse IP 192.168.1.8 pour la carte réseau dont l'adresse
    réseau est 001D92881548 a été refusé par le serveur DHCP 192.168.1.1 (celui-ci
    a envoyé un message DHCPNACK).

    Error - 28/09/2010 07:36:08 | Computer Name = IMACHE | Source = DCOM | ID = 10016
    Description =


    < End of report >
    a c 614 8 Sécurité
    29 Septembre 2010 17:48:13

    [:arslan:13] Bonsoir,

    :D  c'était pour t'éviter d'avoir à poster 3 fois que je t'indiquais d'utiliser le site ci-joint ;) 

    Citation :
    Pour les rapports, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.


    Allons-y :


    1) Désactive le Tea-Timer de Spybot-search and destroy

    Pour désactiver le Tea-timer de Spybot :
  • Ouvre Spybot , clique sur l'onglet "Mode" et choisis "Mode Avancé"
  • Ne tiens pas compte de l'avertissement
  • En bas à gauche , clique sur "Outils"
  • Toujours dans la colonne de gauche , clique sur "Résident" ( pas dans la fenêtre centrale )
  • Et décoche l'option Resident "TeaTimer" (Tu pourras la recocher lorsque nous aurons terminé)


    2) Relance OTL.exe
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

  • Copie/colle ce qui suit dans le cadre Personnalisation en bas à gauche.
    :OTL
    PRC - [2010/09/24 17:12:59 | 000,045,056 | RHS- | M] () -- C:\Users\A.M.A.R.E\laqeg.exe
    SRV - File not found [Disabled | Stopped] -- C:\Program Files\RelevantKnowledge\rlservice.exe -- (RelevantKnowledge)
    SRV - File not found [Disabled | Stopped] -- C:\Program Files\Norman\Npm\Bin\Zanda.exe -- (Norman ZANDA)
    O4 - HKCU..\Run: [laqeg] C:\Users\A.M.A.R.E\laqeg.exe ()
    MsConfig - StartUpReg: AnyDVD - hkey= - key= - C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe File not found
    MsConfig - StartUpReg: CmUsbSound - hkey= - key= - File not found
    MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: Norman ZANDA - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: Tonic - hkey= - key= - Reg Error: Value error. File not found
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]
    [2010/09/24 17:12:59 | 000,045,056 | RHS- | M] () -- C:\Users\A.M.A.R.E\laqeg.exe

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00113AB4-3881-4BF9-A0E4-B660C209EA8D}"=-
    "{1297AA85-01F2-416E-9012-EF61C5E0ABA8}"=-
    "{2898B96A-2FFC-4004-B9A0-B026BF3866AD}"=-
    "{724BCB0B-9139-43DC-97DC-0EC4EF4D9BBB}"=-
    "{774EF716-B081-4019-BE85-D1F7023B73F7}"=-
    "{8AE2FE7D-2A0A-4D8D-8BD0-557A0384D83E}"=-
    "{8DB40EE5-345B-420D-BEFF-59669648F4C0}"=-
    "{A321398F-6948-4EB4-9F06-3458B1C05372}"=-
    "{CCD6624F-6EBE-4A48-B1A5-B97238B664CB}"=-

    :Files
    c:\program files\pando networks
    c:\program files\relevantknowledge

    :Commands
    [emptytemp]


  • Puis clique sur le bouton Correction en haut à gauche
  • Si le pc demande à redémarrer accepte.
  • Poste le rapport de suppression.


    3) Désinstalle ces programmes (si présent) :
    - Pando Media Booster
    - Java(TM) 6 Update 3


    Question :

    c'est quoi çà ?

    Citation :
    C:\Users\A.M.A.R.E\Desktop\virus.docx
    C:\Users\A.M.A.R.E\Desktop\virus.jpg


    [:_tom_:7]
    30 Septembre 2010 08:38:08

    bonjour,
    je vais lancer la manipulation demandée et désolé concernant le lien mon hésitation a eu raison de moi. concernant la citation, j'ai fait une impression écran quand le message est apparu pour ne pas me tromper dans l'orthographe de ce qui a été détecté. voila la raison de la dite "citation"
    a c 614 8 Sécurité
    30 Septembre 2010 16:55:31

    Bonjour ;) 

    Ok

    Pour continuer :

    Relance UsbFix :

    /!\ Déconnecte-toi et ferme toutes les applications en cours /!\
    /!\ Branche tous tes périphériques ayant pu être infectés (clés usb, disque dur externe, etc ...) /!\


  • Double-clique sur "UsbFix" pour lancer le programme
    (Utilisateur de Vista/Windows 7, clique-droit sur UsbFix > Exécuter en tant qu'administrateur)
  • Clique sur "Suppression" pour lancer le nettoyage. Branche tes périphériques si ce n'est pas fait, puis valide l'avertissement.
  • Laisse travailler l'outil, ton bureau va disparaitre, c'est normal.
  • S'il te demande d'envoyer un fichier .zip, accepte.
  • A la fin, un rapport apparaitra (sinon, il est situé ici C:\Usbfix.txt). Poste-le dans ta prochaine réponse

    Une aide à l'utilisation ici


    Pour les rapports, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
    1 Octobre 2010 07:20:05

    salut,
    je continue la procédure
    a +
    a c 614 8 Sécurité
    1 Octobre 2010 15:54:22

    Re,

    Vérification finale :

    Télécharge MalwareByte's Anti-Malware :

  • Installe le programme (aide ici)
  • Lance-le et met à jour la base de définition.

  • Choisi ensuite "Exécuter un examen complet" puis "Rechercher"
  • Sélectionne les disques dur et clique sur "Lancer l'examen"
  • Laisse l'analyse se faire (cela peut durer longtemps).
  • A la fin, vérifie que les éléments trouvés soient coché (dans "Résultat de l'examen).
  • Puis clique sur "Supprimer la sélection" en bas.
  • Un redémarrage peut être nécessaire.

  • Un rapport va s'afficher, enregistre-le sur ton bureau.
  • ou sinon, après le démarrage, il se trouvera dans "Rapports/logs"
    4 Octobre 2010 14:58:48

    bonjour je le lance demain matin dés mon arrivée, parce que je n'ai pas les clefs usb de la dernière fois.
    merci.
    a c 614 8 Sécurité
    8 Octobre 2010 17:16:04

    Salut ;) 

    Citation :
    D:\Sony ACID Pro 7.0a Build 536\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
    P:\Sony ACID Pro 7.0a Build 536\Keygen.exe (RiskWare.Tool.CK) -> Not selected for removal.


    :non:  pas bien çà ...


    Pour terminer :

    1) Relance OTL.exe
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

  • Clique sur "Purge d'outils"
  • Valide l'avertissement par "ok" et laisse le pc redémarrer.


    2) Met à jour :

    -> Java vers la version 6 update 21 (supprime ensuite la version 6 update 3 et Java(TM) 6 Update 17 via les programmes installés)

    -> Flash Player vers la version 10 (n'installe pas les sponsor McAffee ou Googletoolbar)
    Supprime ensuite si encore présente les anciennes version :
    Adobe Flash Player 9 ActiveX
    Macromedia Flash Player 8
    (Pour Internet Explorer)

    -> Adobe reader vers la version 9.4 (supprime si présent : Adobe Reader 9.3.4)

    -> OpenOffice vers la version 3.2.1

    -> VLC vers la version 1.1.4


    Je te conseille la désinstallation de Spybot, peu efficace ...

    3) Purge ta restauration système :

    C'est très important, car des restes de l'infections y sont présent, suis ce tuto :
    http://www.inforumatique.fr/post82670.html#p82670


    4) Télécharge CCleaner Slim (sans toolbar) de Piriform :

  • Lance l'installation en double cliquant sur le fichier Ccleaner***_slim.exe. (aide ici)
  • Ceci terminé, lance le programme.
  • Choisis Options -> Avancé -> et décoche "Effacer uniquement les fichiers du dossier temp plus vieux que 48h"
  • Choisis "Nettoyeur" puis clique sur "Analyse"
  • Laisse faire puis clique sur "Lancer le nettoyage" et accepte l'avertissement avec "Oui"

  • Choisis ensuite "Registre" puis clique sur "Chercher les erreurs"
  • Laisse faire le scan puis clique sur "Réparer les erreurs sélectionnées"
  • Enregistre la sauvegarde en cliquant sur "Oui"
  • puis clique sur "Corriger toutes les erreurs sélectionnées"
  • Valide l'avertissement en cliquant sur "Oui"

  • Ferme le programme



    Pour aller plus loin dans ta protection et éviter de te faire réinfecter voici quelques conseils supplémentaires :


  • Maintenir ses logiciels et son système à jour :
    De nombreuses infections sont dû à des failles de windows, mais aussi de logiciel tiers, comme Sun Java, Adobe Acrobat Reader, etc
    Tu peux faire un scan de vulnérabilité pour connaitre tes logiciels présentant des failles non corrigées ou à mettre à jour.

    Enfin, le plus important reste ton comportement sur ton PC, tu restes la plus importante protection : Évites les comportement à risque : P2P, cracks, téléchargements et installations douteux via des pubs, les messageries instantanées, ou des sites inconnu, sites pornographiques.
    A lire !

    [:_tom_:7]
    2 Novembre 2010 14:14:16

    bonjour hyunkel30

    j'ai eu un plantage de mon navigateur, je n'avais plus possibilité de surfer ni avec mozilla ni avec explorer, j'ai donc relancé usbfix, et j'ai a nouveau découvert les virus cité plus haut, j'ai fait le nettoyage, j'espere que ca ira.
    j'ai fait les mises a jour recommandé ci dessus sauf la desinstallation de spybot.
    je vais y remédier mais j'espere surtout etre vacciné.
    j'ai également purger mes restaurations systemes.
    je croise les doigts.
    encore merci pour tes conseils.
    a c 614 8 Sécurité
    2 Novembre 2010 16:09:17

    Re,


    Citation :
    j'ai eu un plantage de mon navigateur, je n'avais plus possibilité de surfer ni avec mozilla ni avec explorer, j'ai donc relancé usbfix, et j'ai a nouveau découvert les virus cité plus haut, j'ai fait le nettoyage, j'espere que ca ira.


    POste-moi le nouveau rapport d'usbfix s'il te plait.

    Refait aussi ceci pour vérifier que l'infection ne soit pas revenu (il suffirait qu'un périphérique amovible n'ai pas été nettoyé par exemple, et c'est reparti ... )

    Télécharge OTL (de Old Timer) sur ton bureau.
  • Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")
  • Sous Personnalisation, copie-colle l'ensemble du texte ci-dessous, laisse les autres options par défaut.
    netsvcs
    msconfig
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT

  • Clique sur le bouton Analyse en haut à gauche puis patiente quelques instants.
  • A la fin du scan, le rapport OTL.Txt s'ouvrira. Copie/colle ici son contenu.
    PS : Les rapports sont aussi enregistrés sur le bureau

    Pour les rapports, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
    10 Novembre 2010 13:55:25

    bonjour
    je viens de te lire mais je dois quitter le boulot. je lancerai la procédure vendredi.
    merci a plus.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS