Se connecter / S'enregistrer
Votre question

Possible virus

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
23 Avril 2009 15:50:52

Bonjour a tous,
Depuis hier l'application explorer.exe ne fonctione pu très bien: toute les 10 secondes ma barre des taches et mes icones disparaissent puis réaparaissent.

Voici le rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50:13, on 23/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Thomas\Downloads\HiJackThis.exe
C:\Windows\Explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\rqRIbyAs.dll,#1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Thomas\AppData\Local\Temp\iifcCtSK.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Thomas\AppData\Local\Temp\jkkIbcdA.dll,#1
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpld...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2F13CEB-4EE3-4BF5-968C-01D8D097166A}: NameServer = 193.70.152.15,193.70.152.25
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4970 bytes

Merci de votre aide

Autres pages sur : possible virus

a c 267 8 Sécurité
a b 9 Windows
23 Avril 2009 15:58:39

Bonjour,

Tu as une infection Vundo/Virtumonde.

  • Désactive l'UAC le temps de la désinfection.

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    23 Avril 2009 16:29:50

    Apparament problème résolu.
    Merci De ton aide
    Voici le rapport:
    ComboFix 09-04-23.A3 - Thomas 23/04/2009 16:05:17.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.33.1036.18.2047.876 [GMT 2:00]
    Lancé depuis: C:\Users\Thomas\Downloads\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\ProgramData\ZangoSA
    C:\ProgramData\ZangoSA\ZangoSA.dat
    C:\ProgramData\ZangoSA\ZangoSA_kyf.dat
    C:\ProgramData\ZangoSA\ZangoSAAbout.mht
    C:\ProgramData\ZangoSA\ZangoSAau.dat
    C:\ProgramData\ZangoSA\ZangoSAEula.mht
    C:\Users\Thomas\AppData\Local\akouwme.dat
    C:\Users\Thomas\AppData\Local\akouwme_nav.dat
    C:\Users\Thomas\AppData\Local\akouwme_navps.dat
    C:\Users\Thomas\AppData\Local\Temp\iifcCtSK.dll
    C:\Users\Thomas\AppData\Roaming\.#
    C:\Users\Thomas\AppData\Roaming\.#\MBX@1178@3E28C8.###
    C:\Users\Thomas\AppData\Roaming\.#\MBX@1178@3E28F8.###
    C:\Users\Thomas\AppData\Roaming\.#\MBX@1178@3E2928.###
    C:\Users\Thomas\AppData\Roaming\.#\MBX@14D4@3828C8.###
    C:\Users\Thomas\AppData\Roaming\.#\MBX@14D4@3828F8.###
    C:\Users\Thomas\AppData\Roaming\.#\MBX@14D4@382928.###
    C:\Users\Thomas\AppData\Roaming\.#\MBX@A60@1A328C8.###
    C:\Users\Thomas\AppData\Roaming\.#\MBX@A60@1A328F8.###
    C:\Users\Thomas\AppData\Roaming\.#\MBX@A60@1A32928.###
    C:\Users\Thomas\AppData\Roaming\inst.exe
    C:\Users\Thomas\AppData\Roaming\Zango
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\dynamic\3430625.sdf
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\dynamic\domains.txt
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\dynamic\TooltipXML\6002
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\dynamic\TooltipXML\60421
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\dynamic\TooltipXML\82387
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\dynamic\TooltipXML\87587
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\dynamic\ustat\3713.dat
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\avatar.res
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\btntrans.idx
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\btntrans1.dat
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\buttondir.txt
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\components.cdf
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\cursors.res
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\d_icons_weather.res
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\default.cdf
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_categorize.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_comparison.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_favorites.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_Games.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_Hide.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_jemster.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_Mails.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_new.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_premium.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_reun.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_weather.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\editblbuttons.res
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\email-t1-bg.res
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\icons2.res
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\ie_games_icon.res
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\ie_video.res
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\keywords.idx
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\keywords1.dat
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\layout.cdf
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\linkpathlegal.txt
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\progress.res
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\s_icons_buttons.res
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\sales_buttons.res
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\sdfmodifier.xml
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\t2_bg.res
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\theweb.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\top7.cdf
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\tsd_bg.res
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\zango_btn.res
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\zango_ie_menu.res
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\avatar.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\cursors.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\default.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\icons2.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\keywords.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\layout.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\progress.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\top7.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
    C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-05-23 au 2009-4-23 ))))))))))))))))))))))))))))))))))))
    .

    2040-03-01 13:17:39 . 2040-03-01 13:17:39 6136 ----a-w C:\Users\Thomas\AppData\Local\TimerStop64.sys
    2040-03-01 13:17:39 . 2040-03-01 13:17:39 4096 ----a-w C:\Users\Thomas\AppData\Local\TimerStop.sys
    2009-04-23 13:52:20 . 2009-04-23 13:52:20 0 d-----w C:\Users\Thomas\AppData\Roaming\Malwarebytes
    2009-04-23 13:52:18 . 2009-04-06 13:32:46 15504 ----a-w C:\Windows\system32\drivers\mbam.sys
    2009-04-23 13:52:16 . 2009-04-06 13:32:54 38496 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
    2009-04-23 13:52:15 . 2009-04-23 13:52:15 0 d-----w C:\Users\All Users\Malwarebytes
    2009-04-23 13:52:15 . 2009-04-23 13:52:15 0 d-----w C:\ProgramData\Malwarebytes
    2009-04-23 13:52:14 . 2009-04-23 13:52:19 0 d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2009-04-22 16:50:41 . 2009-04-22 16:50:42 0 d--h--w C:\Users\Thomas\Zero G Registry
    2009-04-22 16:50:41 . 2009-04-22 16:50:41 0 d-----w C:\Users\Thomas\Simulatlas Pkgs
    2009-04-21 17:22:29 . 2009-04-21 17:22:29 0 d-----w C:\Users\All Users\NexonUS
    2009-04-21 17:22:29 . 2009-04-21 17:22:29 0 d-----w C:\ProgramData\NexonUS
    2009-04-21 16:38:33 . 2009-04-21 17:33:53 0 d-----w C:\Users\Thomas\AppData\Local\PMB Files
    2009-04-21 16:38:31 . 2009-04-21 16:38:44 0 d-----w C:\Users\All Users\PMB Files
    2009-04-21 16:38:31 . 2009-04-21 16:38:44 0 d-----w C:\ProgramData\PMB Files
    2009-04-13 19:08:11 . 2009-03-19 14:32:48 23400 ----a-w C:\Windows\system32\drivers\GEARAspiWDM.sys
    2009-04-13 19:08:11 . 2008-04-17 10:12:54 107368 ----a-w C:\Windows\system32\GEARAspi.dll
    2009-04-13 19:08:00 . 2009-04-13 19:08:00 0 d-----w C:\Program Files\iPod
    2009-04-13 19:07:47 . 2009-04-13 19:08:11 0 d-----w C:\Users\All Users\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-13 19:07:47 . 2009-04-13 19:08:11 0 d-----w C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-13 19:07:46 . 2009-04-13 19:08:11 0 d-----w C:\Program Files\iTunes
    2009-04-08 15:07:50 . 1999-06-21 03:10:00 185344 ------w C:\Windows\system32\bdeadmin.cpl
    2009-04-08 15:07:48 . 2009-04-08 15:07:48 0 d-----w C:\Program Files\Common Files\Borland Shared
    2009-04-07 20:37:28 . 2009-04-08 15:07:48 0 d-----w C:\Program Files\Micro Application
    2009-03-31 21:40:23 . 2009-03-31 21:40:23 284 ----a-w C:\sqmnoopt00.sqm
    2009-03-31 18:25:59 . 2009-03-31 18:25:59 0 d-----w C:\Program Files\GTA4MODS.com
    2009-03-31 12:53:16 . 2009-03-31 12:53:16 107888 ----a-w C:\Windows\system32\CmdLineExt.dll
    2009-03-30 20:40:49 . 2009-03-30 20:40:49 0 d-----w C:\Users\Thomas\AppData\Local\savegames
    2009-03-30 11:54:38 . 2009-03-30 11:54:38 0 d-----w C:\Users\Thomas\AppData\Roaming\New Technology Studio
    2009-03-26 13:23:46 . 2009-03-26 13:23:46 36864 ----a-w C:\Windows\system32\drivers\usbaapl.sys
    2009-03-26 13:23:46 . 2009-03-26 13:23:46 1900544 ----a-w C:\Windows\system32\usbaaplrc.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-22 17:36:25 . 2008-12-14 21:39:59 0 d-----w C:\Program Files\a-squared Free
    2009-04-17 11:37:37 . 2008-06-09 07:56:22 0 d-----w C:\ProgramData\Microsoft Help
    2009-04-14 18:45:51 . 2006-11-02 16:03:54 36898 ----a-w C:\Windows\System32\perfc00C.dat
    2009-04-14 18:45:51 . 2006-11-02 16:03:54 107272 ----a-w C:\Windows\System32\perfh00C.dat
    2009-04-13 20:45:21 . 2006-11-02 10:25:05 51200 ----a-w C:\Windows\Inf\infpub.dat
    2009-04-13 20:45:20 . 2006-11-02 10:25:05 143360 ----a-w C:\Windows\Inf\infstrng.dat
    2009-04-13 19:07:59 . 2008-08-26 10:37:25 0 d-----w C:\Program Files\Common Files\Apple
    2009-04-13 19:06:58 . 2008-05-18 12:17:45 0 d-----w C:\Program Files\Bonjour
    2009-04-13 19:06:40 . 2006-11-02 10:25:05 86016 ----a-w C:\Windows\Inf\infstor.dat
    2009-04-08 15:08:47 . 2009-04-08 15:13:24 69849 ----a-w C:\Uninst.isu
    2009-04-08 15:07:51 . 2009-04-08 15:13:24 28610 ----a-w C:\spiele.ini
    2009-04-07 20:37:28 . 2008-05-18 09:49:39 0 d--h--w C:\Program Files\InstallShield Installation Information
    2009-04-03 12:33:29 . 2008-05-15 20:27:19 7728 ----a-w C:\Users\Thomas\AppData\Local\d3d9caps.dat
    2009-04-01 16:29:59 . 2008-05-15 20:27:42 117320 ----a-w C:\Users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-03-31 21:19:48 . 2008-06-10 08:43:24 0 d-----w C:\Program Files\Ubisoft
    2009-03-22 18:45:40 . 2009-03-19 18:17:45 2714 ----a-w C:\Users\Thomas\AppData\Roaming\SAS7_000.DAT
    2009-03-19 17:51:32 . 2009-03-19 17:51:32 0 d-----w C:\ProgramData\InstallShield
    2009-03-19 17:51:20 . 2009-03-19 17:51:20 0 d-----w C:\Users\Thomas\AppData\Roaming\Nuance
    2009-03-19 17:48:04 . 2009-03-19 17:48:04 0 d-----w C:\ProgramData\ScanSoft
    2009-03-19 17:48:04 . 2009-03-19 17:48:04 0 d-----w C:\Program Files\Common Files\ScanSoft Shared
    2009-03-19 17:48:02 . 2009-03-19 17:48:02 0 d-----w C:\Program Files\Common Files\Nuance
    2009-03-19 17:48:02 . 2008-05-18 09:49:05 0 d-----w C:\Program Files\Common Files\InstallShield
    2009-03-19 17:47:16 . 2009-03-19 17:47:16 0 d-----w C:\ProgramData\Nuance
    2009-03-19 17:47:16 . 2009-03-19 17:47:16 0 d-----w C:\Program Files\Nuance
    2009-03-17 03:38:46 . 2009-04-16 20:53:10 40960 ----a-w C:\Windows\AppPatch\apihex86.dll
    2009-03-17 03:38:46 . 2009-04-16 20:53:10 13824 ----a-w C:\Windows\System32\apilogen.dll
    2009-03-17 03:38:44 . 2009-04-16 20:53:10 24064 ----a-w C:\Windows\System32\amxread.dll
    2009-03-12 16:49:36 . 2006-11-02 11:18:33 0 d-----w C:\Program Files\Windows Mail
    2009-03-11 17:00:49 . 2009-03-11 17:00:47 0 d-----w C:\Program Files\GraphSight Junior v.1.0
    2009-03-11 16:55:21 . 2009-03-11 16:55:19 0 d-----w C:\Program Files\FindGraph
    2009-03-11 16:55:21 . 2009-03-11 16:53:48 0 d-----w C:\Users\Thomas\AppData\Roaming\GetRightToGo
    2009-03-11 16:12:42 . 2009-03-11 16:12:42 0 d-----w C:\Users\Thomas\AppData\Roaming\OpenOffice.org
    2009-03-11 16:10:15 . 2009-03-11 16:10:15 0 d-----w C:\Program Files\JRE
    2009-03-11 16:10:15 . 2009-03-11 16:10:12 0 d-----w C:\Program Files\OpenOffice.org 3
    2009-03-11 16:09:46 . 2008-05-22 20:40:10 0 d-----w C:\Program Files\OpenOffice.org 2.3
    2009-03-11 16:07:36 . 2008-05-17 12:16:09 0 d-----w C:\Program Files\Java
    2009-03-10 12:40:44 . 2009-03-10 12:40:44 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2009-03-08 21:17:20 . 2009-03-08 21:17:20 0 d-----w C:\Program Files\Free iPod Video Converter
    2009-03-08 19:26:01 . 2008-08-26 10:40:44 0 d-----w C:\Users\Thomas\AppData\Roaming\Apple Computer
    2009-03-08 18:38:07 . 2009-03-08 18:37:44 0 d-----w C:\Program Files\QuickTime
    2009-03-08 18:36:31 . 2009-03-08 18:36:30 0 d-----w C:\Program Files\Apple Software Update
    2009-03-08 18:19:29 . 2006-11-02 12:35:50 0 d-----w C:\Program Files\Microsoft Games
    2009-03-08 12:57:40 . 2009-03-07 17:43:16 0 d-----w C:\Program Files\Paja
    2009-03-07 17:44:26 . 2009-03-07 17:44:26 0 d-----w C:\Program Files\ScanSoft
    2009-03-07 17:18:18 . 2009-03-07 17:18:18 0 d-----w C:\Program Files\Common Files\xing shared
    2009-03-07 17:18:10 . 2009-03-07 17:17:42 0 d-----w C:\Program Files\Common Files\Real
    2009-03-07 17:17:48 . 2009-03-07 17:17:48 0 d-----w C:\Program Files\Real
    2009-03-03 04:46:01 . 2009-04-16 20:53:15 3599328 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2009-03-03 04:46:01 . 2009-04-16 20:53:15 3547632 ----a-w C:\Windows\System32\ntoskrnl.exe
    2009-03-03 04:40:12 . 2009-04-16 20:53:03 827392 ----a-w C:\Windows\System32\wininet.dll
    2009-03-03 04:39:36 . 2009-04-16 20:53:14 183296 ----a-w C:\Windows\System32\sdohlp.dll
    2009-03-03 04:39:32 . 2009-04-16 20:53:16 551424 ----a-w C:\Windows\System32\rpcss.dll
    2009-03-03 04:39:22 . 2009-04-16 20:53:14 26112 ----a-w C:\Windows\System32\printfilterpipelineprxy.dll
    2009-03-03 04:37:14 . 2009-04-16 20:53:02 78336 ----a-w C:\Windows\System32\ieencode.dll
    2009-03-03 04:37:11 . 2009-04-16 20:53:14 98304 ----a-w C:\Windows\System32\iasrecst.dll
    2009-03-03 04:37:11 . 2009-04-16 20:53:14 54784 ----a-w C:\Windows\System32\iasads.dll
    2009-03-03 04:37:11 . 2009-04-16 20:53:14 44032 ----a-w C:\Windows\System32\iasdatastore.dll
    2009-03-03 03:04:59 . 2009-04-16 20:53:14 666624 ----a-w C:\Windows\System32\printfilterpipelinesvc.exe
    2009-03-03 02:38:13 . 2009-04-16 20:53:14 17408 ----a-w C:\Windows\System32\iashost.exe
    2009-03-03 02:28:19 . 2009-04-16 20:53:02 26624 ----a-w C:\Windows\System32\ieUnatt.exe
    2009-03-01 13:15:05 . 2009-03-01 13:15:05 4096 ----a-w C:\Windows\System32\28536.sys
    2009-03-01 13:15:02 . 2009-03-01 13:15:02 142094 ----a-w C:\Users\Thomas\AppData\Local\TimerLockSetup.exe
    2009-02-26 13:33:21 . 2008-05-28 08:56:56 0 d-----w C:\Program Files\Microsoft Silverlight
    2009-02-25 22:59:51 . 2009-02-25 22:59:51 4385792 ----a-w C:\Windows\system32\drivers\atikmdag.sys
    2009-02-25 22:47:33 . 2008-12-15 11:46:30 0 d-----w C:\ProgramData\NortonInstaller
    2009-02-25 21:36:33 . 2009-02-25 21:36:33 442368 ----a-w C:\Windows\System32\ATIDEMGX.dll
    2009-02-25 21:34:55 . 2008-03-29 04:19:10 159744 ----a-w C:\Windows\System32\atitmmxx.dll
    2009-02-25 21:34:41 . 2008-03-29 04:18:59 348160 ----a-w C:\Windows\System32\atipdlxx.dll
    2009-02-25 21:34:31 . 2009-02-25 21:34:31 274432 ----a-w C:\Windows\System32\Oemdspif.dll
    2009-02-25 21:34:25 . 2009-02-25 21:34:25 12288 ----a-w C:\Windows\System32\atimuixx.dll
    2009-02-25 21:34:19 . 2009-02-25 21:34:19 43520 ----a-w C:\Windows\System32\ati2edxx.dll
    2009-02-25 21:34:08 . 2009-02-25 21:34:08 278528 ----a-w C:\Windows\System32\Ati2evxx.dll
    2009-02-25 21:32:54 . 2009-02-25 21:32:54 733184 ----a-w C:\Windows\System32\Ati2evxx.exe
    2009-02-25 21:24:13 . 2009-02-25 21:24:13 2396160 ----a-w C:\Windows\System32\atidxx32.dll
    2009-02-25 21:18:08 . 2008-03-29 04:05:15 3839488 ----a-w C:\Windows\System32\atiumdag.dll
    2009-02-25 21:04:46 . 2009-02-25 21:04:46 11513856 ----a-w C:\Windows\System32\atioglxx.dll
    2009-02-25 20:56:42 . 2009-02-25 20:56:42 4944896 ----a-w C:\Windows\System32\atiumdva.dll
    2009-02-25 20:42:42 . 2009-02-25 20:42:42 51712 ----a-w C:\Windows\System32\amdpcom32.dll
    2009-02-25 20:42:17 . 2009-02-25 20:42:17 135168 ----a-w C:\Windows\System32\atiadlxx.dll
    2009-02-25 20:38:12 . 2009-02-25 20:38:12 53248 ----a-w C:\Windows\System32\aticalrt.dll
    2009-02-25 20:37:59 . 2009-02-25 20:37:59 53248 ----a-w C:\Windows\System32\aticalcl.dll
    2009-02-25 20:36:20 . 2009-02-25 20:36:20 3235840 ----a-w C:\Windows\System32\aticaldd.dll
    2009-02-25 20:29:22 . 2009-02-25 20:29:22 53248 ----a-w C:\Windows\system32\drivers\ati2erec.dll
    2009-02-24 13:13:38 . 2009-01-01 21:56:52 0 d-----w C:\Program Files\PokerStars.IT
    2009-02-13 08:49:10 . 2009-04-16 20:53:10 72704 ----a-w C:\Windows\System32\secur32.dll
    2009-02-13 08:49:09 . 2009-04-16 20:53:12 1255936 ----a-w C:\Windows\System32\lsasrv.dll
    2009-02-09 03:10:34 . 2009-03-11 13:14:48 2033152 ----a-w C:\Windows\System32\win32k.sys
    2009-02-06 18:39:24 . 2009-02-06 18:39:24 308600 ----a-w C:\Windows\WLXPGSS.SCR
    2009-02-06 17:52:40 . 2009-02-06 17:52:40 49504 ----a-w C:\Windows\System32\sirenacm.dll
    2008-12-04 16:31:51 . 2008-05-31 11:20:53 22328 ----a-w C:\Users\Thomas\AppData\Roaming\PnkBstrK.sys
    2008-12-01 12:09:06 . 2008-10-09 13:09:39 93 ----a-w C:\Users\Thomas\AppData\Local\daxncbp.bat
    2008-05-31 18:20:26 . 2008-05-31 18:20:26 94 ----a-w C:\Users\Thomas\AppData\Local\fusioncache.dat
    2008-05-22 13:20:50 . 2008-05-22 13:20:50 95781 ----a-w C:\Users\All Users\vlc.exe
    2008-05-22 13:20:50 . 2008-05-22 13:20:50 95781 ----a-w C:\ProgramData\vlc.exe
    2008-05-22 13:20:50 . 2008-05-22 13:20:11 1189108 ----a-w C:\Users\All Users\CCleaner.exe
    2008-05-22 13:20:50 . 2008-05-22 13:20:11 1189108 ----a-w C:\ProgramData\CCleaner.exe
    2008-05-22 13:20:12 . 2008-05-22 13:20:12 1577005 ----a-w C:\Users\All Users\DivX Player.exe
    2008-05-22 13:20:12 . 2008-05-22 13:20:12 1577005 ----a-w C:\ProgramData\DivX Player.exe
    2008-05-18 11:18:44 . 2008-05-18 11:18:44 47360 ----a-w C:\Users\Thomas\AppData\Roaming\pcouffin.sys
    2008-05-16 14:37:02 . 2008-05-16 14:37:02 552 ----a-w C:\Users\Thomas\AppData\Local\d3d8caps.dat
    2008-05-21 17:27:53 . 2008-05-21 17:28:00 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052120080522\index.dat
    2008-12-07 01:55:50 . 2008-12-05 21:24:40 122912 --sha-w C:\Windows\System32\drivers\fidbox2.dat
    2008-04-11 21:05:22 . 2008-04-11 19:35:16 8192 --sha-w C:\Windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2008-06-10 03:27:02 509328 ----a-w C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    2009-01-22 14:41:30 408448 ----a-w C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 17:51:28 3885408]
    "eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2009-02-22 19:15:14 5668864]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-01-05 15:18:48 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-04-02 14:11:02 342312]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableStatusMessages"= 1 (0x1)
    "EnableLUA"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoSecCpl"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoStartMenuSubFolders"= 0 (0x0)
    "NoCommonGroups"= 0 (0x0)
    "NoPrinters"= 0 (0x0)
    "NoRecentDocsNetHood"= 0 (0x0)
    "NoChangeAnimation"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2008-04-11 20:36:57 233984]

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
    backup=C:\Windows\pss\BTTray.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
    backup=C:\Windows\pss\DataViz Inc Messenger.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak software updater.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak software updater.lnk
    backup=C:\Windows\pss\Kodak software updater.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logiciel Kodak EasyShare.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logiciel Kodak EasyShare.lnk
    backup=C:\Windows\pss\Logiciel Kodak EasyShare.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Matrix Screen Locker.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Matrix Screen Locker.lnk
    backup=C:\Windows\pss\Matrix Screen Locker.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ONSPEED.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ONSPEED.lnk
    backup=C:\Windows\pss\ONSPEED.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Connection Manager.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
    backup=C:\Windows\pss\Wireless Connection Manager.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK]
    path=C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK
    backup=C:\Windows\pss\DesktopVideoPlayer.LNK.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
    path=C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
    backup=C:\Windows\pss\HotSync Manager.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
    backup=C:\Windows\pss\OpenOffice.org 2.3.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
    path=C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
    backup=C:\Windows\pss\OpenOffice.org 3.0.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerStrip.lnk]
    path=C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerStrip.lnk
    backup=C:\Windows\pss\PowerStrip.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^VirtuaGirl2.lnk]
    path=C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtuaGirl2.lnk
    backup=C:\Windows\pss\VirtuaGirl2.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
    "C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
    "C:\\Nexon\\Combat Arms\\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
    "C:\\Nexon\\Combat Arms\\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{C2EE2CFD-A036-4AA6-97E9-088AA392AD04}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{629568D2-481C-45E5-8631-C72E572869EA}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
    "{F7BDE86A-6959-4E27-8FE5-5F029621BFB3}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
    "{D125F4B8-90A7-42E5-9320-06F82A8F30BA}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
    "{2DAFB7D3-23F1-4A5F-818E-163395035629}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
    "{9251BB5E-4F92-4289-B3C5-6FF07135990E}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
    "{B93C056E-EC89-4DBF-B6FB-7B2174139916}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
    "C:\\Nexon\\Combat Arms\\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
    "C:\\Nexon\\Combat Arms\\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

    R1 epfwtdir;epfwtdir; [x]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; [x]
    R1 vdrv9000;vdrv9000; [x]
    R2 28536;28536;C:\Windows\System32\28536.sys [2009-03-01 13:15:05 4096]
    R2 ekrn;Eset Service; [x]
    R3 P1171VID;Creative WebCam Notebook 2;C:\Windows\system32\DRIVERS\P1171Vid.sys [2004-03-19 01:00:00 91392]
    R3 WSIMD;wsimd Service;C:\Windows\system32\DRIVERS\wsimd.sys [2006-07-20 06:00:10 54432]
    R4 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 10:31:16 566120]
    R4 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 10:31:16 566120]
    R4 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2009-01-24 13:46:50 216232]
    S1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 12:12:34 12800]
    S1 PStrip;PStrip;C:\Windows\system32\drivers\pstrip.sys [2007-07-15 01:37:04 27992]
    S2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 16:01:52 55264]
    S2 fsssvc;Windows Live Contrôle parental;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 17:08:58 533360]
    S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2007-10-19 11:17:08 87952]
    S3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 18:08:40 33792]
    S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\mbamswissarmy.sys [2009-04-06 13:32:54 38496]


    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - MBAMSWISSARMY

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{931ff3eb-2e40-11dd-a4a4-001c2530884d}]
    \shell\AutoRun\command - J:\autorun.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
    %SystemRoot%\system32\soundschemes.exe /AddRegistration
    .
    Contenu du dossier 'Tâches planifiées'

    2009-04-22 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2549099593-1315904904-3128934940-1000.job
    - C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-10 18:13:06 . 2008-09-10 18:13:05]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    SharedTaskScheduler-{8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll


    .
    ------- Examen supplémentaire -------
    .
    mStart Page = hxxp://fr.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe
    IE: {{92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    TCP: {E2F13CEB-4EE3-4BF5-968C-01D8D097166A} = 193.70.152.15,193.70.152.25
    Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll
    Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll
    Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
    Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
    Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
    Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
    Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
    Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} -
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
    Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
    Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} -
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll
    Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} -
    DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_0_32.cab
    FF - ProfilePath - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\5jylc3sw.default\
    FF - plugin: C:\Program Files\ma-config.com\nphardwaredetection.dll
    FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
    FF - plugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
    FF - plugin: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
    FF - plugin: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Users\Thomas\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll

    ---- PARAMETRES FIREFOX ----
    C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("network.protocol-handler.warn-external.veoh2", false);
    .
    .
    ------- Associations de fichier -------
    .
    JSEFile=NOTEPAD.EXE %1
    VBEFile=NOTEPAD.EXE %1
    VBSFile=NOTEPAD.EXE %1
    vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
    vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
    jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
    .
    Contenus similaires
    a c 267 8 Sécurité
    a b 9 Windows
    23 Avril 2009 16:50:32

    Tu as utilisé un programme du nom de TimerLockSetup ?
    23 Avril 2009 16:54:14

    non je pense pas.
    Merci de ton aide
    a c 267 8 Sécurité
    a b 9 Windows
    23 Avril 2009 16:56:42

    Je crois que ça sert à cracker Vista.
    23 Avril 2009 17:02:09

    dans ce cas la non.
    Mais ya deux jours j'ai ouvert uin fichier qui était un fake donc c'était peut etre sa.
    a c 267 8 Sécurité
    a b 9 Windows
    23 Avril 2009 17:10:53

    Dans ce cas-là, je vais te faire supprimer les fichiers mais ne me dis pas après que je t'ai retiré le crack de ton Vista (s'il est craké).
    23 Avril 2009 17:14:16

    ok
    Comment je supprime le fichier?
    Merci de ton aide
    a c 267 8 Sécurité
    a b 9 Windows
    23 Avril 2009 17:17:38

    /!\ Seul logicielsdeouf peut suivre cette procédure /!\

    Désactive toute protection résidente (Antivirus...) !

    ---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    Driver::
    28536

    File::
    C:\Users\Thomas\AppData\Local\TimerStop64.sys
    C:\Users\Thomas\AppData\Local\TimerStop.sys
    C:\Users\Thomas\AppData\Local\TimerLockSetup.exe
    C:\Windows\System32\28536.sys


    ---> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    ---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 
    23 Avril 2009 18:39:26

    Mon ordi a redémarrer et je n'ai pas le rapport :S
    Comment savoir si sa a bien marcher?

    Merci
    a c 267 8 Sécurité
    a b 9 Windows
    23 Avril 2009 19:03:27

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    27 Avril 2009 16:18:15

    Bojour,
    Merci de ton aide.
    info.txt logfile of random's system information tool 1.06 2009-04-27 16:06:11

    ======Uninstall list======

    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
    -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
    -->C:\Windows\UNNeroShowTime.exe /UNINSTALL
    -->C:\Windows\UNRecode.exe /UNINSTALL
    -->MsiExec /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\setup.exe" -l0x40c
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    3DMark Vantage-->C:\Program Files\InstallShield Installation Information\{C40C3C3D-97CF-44B5-836C-766E374464B3}\setup.exe -runfromtemp -l0x0009 -removeonly
    Absolute MP3 Splitter version 2.7.1-->"C:\Program Files\Absolute MP3 Splitter\unins000.exe"
    Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
    Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
    Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
    Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
    Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
    Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\UninstFl.exe -q
    Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
    Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
    Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
    Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
    Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
    Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
    Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
    Alice nel Paese delle Meraviglie-->"C:\Program Files\Alice nel Paese delle Meraviglie\UNWISE.EXE" "C:\Program Files\Alice nel Paese delle Meraviglie\INSTALL.LOG"
    Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    a-squared Free 3.5-->"C:\Program Files\a-squared Free\unins000.exe"
    Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x040c -removeonly
    Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATITool Overclocking Utility-->"C:\Program Files\ATITool\Uninstall.exe"
    Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
    AusLogics BoostSpeed-->"C:\Program Files\Auslogics\AusLogics BoostSpeed\unins000.exe"
    AusLogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
    Bestemmiatore1_1-->MsiExec.exe /I{26917BD4-CC0C-40FB-B7FD-13741B0053A7}
    Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
    Call of Duty(R) - World at War(TM)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x040c
    Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c
    CamStudio 2.0 Fr-->"C:\Program Files\CamStudio\unins000.exe"
    CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
    Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Coffret de pilotes Logitech QuickCam-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
    Combat Arms EU-->"C:\ProgramData\NexonEU\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexoneu.com/cbangm/NGM/Bin/NGMDll.dll -game:50340359 -locale:EU
    Combat Arms-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US
    ConvertXtoDVD 3.2.1.55b-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
    CPUCooL (remove only)-->"C:\Program Files\CPUCooL\CPUCooL-uninst.exe"
    CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
    Creative WebCam Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\setup.exe" -l0x40c /remove
    Creative WebCam Notebook Driver (1.04.01.0322)-->C:\Windows\CtDrvIns.exe -uninstall -script Pd1171.uns -unsext NT -plugin P1171Pin.dll -pluginres P1171Pin.crl
    Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
    Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe"
    DirectVobSub (remove only)-->"C:\Program Files\DirectVobSub\uninstall.exe"
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    D-Link RangeBooster N 650 DWA-547-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}\setup.exe" -l0x40c -removeonly
    Documents To Go-->MsiExec.exe /X{194B2FE0-2B17-4DF2-A532-213FDFC87FB9}
    Download Direct-->MsiExec.exe /I{DB6A8C83-EFF7-4955-BBD0-81C13DDE5395}
    Dragon NaturallySpeaking 9-->MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}
    DriverAgent by eSupport.com-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
    Dual-Core Optimizer-->MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5}
    DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
    DVDCoach Express 1.0.0-->"C:\Program Files\Kibisoft\DVDCoach Express\unins000.exe"
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    ESET NOD32 Antivirus-->MsiExec.exe /I{855AF172-B32E-4A74-AC95-E798DD784ABC}
    ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
    ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
    ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
    ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
    ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
    ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
    ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
    ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
    ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
    essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
    EVEREST Ultimate Edition v5.00-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
    Far Cry 2-->"C:\Program Files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x040c -removeonly
    FindGraph 2.01-->"C:\Program Files\FindGraph\unins000.exe"
    Free iPod Video Converter 1.34-->"C:\Program Files\Free iPod Video Converter\unins000.exe"
    Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
    Geonaute KeyMaze 300-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35DFE767-D0DB-4228-A64E-7E6D50B6FEA4}\Setup.exe"
    Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
    Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x040c -removeonly
    GraphSight Junior v.1.0-->"C:\Program Files\GraphSight Junior v.1.0\uninstall.exe"
    GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x40c -removeonly
    GTA4 Mod Installer 0.4.0B-->C:\Program Files\GTA4MODS.com\GTA4 Mod Installer\Uninstall.exe
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hitman Blood Money-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}\setup.exe" -l0xc0c -removeonly
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
    iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
    Kit Runtime VB6.0-->C:\WINDOWS\st6unst.exe -n "C:\Windows\system32\ST6UNST.LOG"
    K-Lite Codec Pack 3.9.0 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
    KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
    Le Centre de Contrôle de Licences de Syncrosoft-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
    LimeWire 5.0.11-->"C:\Program Files\LimeWire\uninstall.exe"
    LMSOFT Web Creator Pro 4-->C:\PROGRA~1\MINDSC~1\WEBCRE~2\UNWISE.EXE C:\PROGRA~1\MINDSC~1\WEBCRE~2\INSTALL.LOG
    Logiciel Kodak EasyShare-->C:\ProgramData\Kodak\EasyShareSetup\$SETUP_1e0002_1b582d\Setup.exe /APR-REMOVE
    Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
    Machine Check Analysis Tool-->MsiExec.exe /X{B23DD567-8CFF-40FF-A47C-6508D15986A0}
    Ma-Config.com-->MsiExec.exe /X{8AFB8FC4-3EBA-4C67-943F-CF43DB2180F1}
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
    Matrix Screen Locker-->MsiExec.exe /X{34B426CD-5758-4309-AA64-3CAA49A55237}
    Matroska Pack - Lazy Man's MKV 0.9.9-->"C:\Program Files\LD-Anime\unins000.exe"
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
    Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Flight Simulator X-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
    Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
    Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
    Microsoft Office 2000 Standard-->MsiExec.exe /I{0002040C-78E1-11D2-B60F-006097C998E7}
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 6.0 Standard Edition-->"C:\Program Files\Microsoft Visual Studio\VC98\Setup\1033\Setup.exe"
    Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
    MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
    Modèles de sons Windows-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
    Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
    Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    Nero 8-->MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1036}
    Nero Digital-->C:\Windows\UNNeroVision.exe /UNINSTALL
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
    Notepad++-->C:\Program Files\Notepad++\uninstall.exe
    Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
    NVIDIA PhysX v8.10.17-->MsiExec.exe /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
    OCCT Perestroika 3.0.0-->"C:\Program Files\OCCT\unins000.exe"
    OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
    OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Palm Desktop-->MsiExec.exe /X{B1D78321-7AB1-45A7-A084-885AF75B8F3D}
    Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
    PC Pad Profile Editor 1.0-->"C:\Program Files\PC Pad\unins000.exe"
    PC Wizard 2008.1.82-->"C:\Program Files\PC Wizard 2008\unins000.exe"
    PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
    PL-2303 Vista Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}\setup.exe" -l0x9 -removeonly
    PokerStars.it-->"C:\Program Files\PokerStars.IT\PokerStarsUninstall.exe" /u:p okerStars.it
    PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
    QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    RealSpeak Solo per l'Italiano, Silvia-->MsiExec.exe /I{2F7E5F47-40EC-403E-844C-0874E07F5358}
    RivaTuner v2.20-->"C:\Program Files\RivaTuner v2.20\uninstall.exe"
    Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x040c -removeonly
    Rome Total War - patch 1.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}\Setup.exe" -l0x40c
    rPat...entino 3.01.01b-->"C:\Program Files\rpatentino\unins000.exe"
    SBaGen 1.4.4-->"C:\Program Files\SBaGen\unins000.exe"
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
    Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
    SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
    SFR2-->MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
    SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
    skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
    SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
    SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
    staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
    Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    Steinberg Cubase SX 3-->"C:\Program Files\Steinberg\Cubase SX 3\Uninstall.exe" "C:\Program Files\Steinberg\Cubase SX 3\INSTALL.LOG"
    Steinberg Cubase SX v3.1.1.944-->C:\PROGRA~1\STEINB~1\CUBASE~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\INSTALL.LOG
    SWAT 4-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8} uninstall
    SyncroSoft Emu (Remove only)-->C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
    System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
    Tests de QI et Mémoire-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A164036A-722E-41CB-A1C1-3C3825A575D6}\Setup.exe" -l0x40c
    Tests de QI-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Micro Application\Tests de QI\Uninst.isu" -c"C:\Program Files\Micro Application\Tests de QI\Uninst.dll"
    Tom Clancy's Rainbow Six Vegas 2-->"C:\Program Files\InstallShield Installation Information\{FD416706-875C-4B0B-A23A-9E740DAE029E}\setup.exe" -runfromtemp -l0x040c -removeonly
    tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
    Toy Story 2-->C:\Windows\IsUn040c.exe -fC:\PROGRA~3\DISNEY~1\JEUDAC~1\DeIsL1.isu
    Unreal Tournament 3-->MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
    Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
    Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
    Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {80E46078-C1C5-4AE8-8744-3EAFC812E118}
    Update for Office 2007 (KB946691)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
    UPX Shell-->C:\Program Files\UPX Shell\uninstall.exe
    Version d'évaluation de Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
    VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~2\UNWISE.EXE C:\PROGRA~1\VIRTUA~2\INSTALL.LOG
    VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
    Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}
    Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
    Windows Live Movie Maker Bêta-->MsiExec.exe /X{F874DF52-A31F-44C1-A606-EF40F1549261}
    Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
    Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
    Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
    World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}
    Xara3D6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64C96428-3A75-4AAE-A538-C450EF68175F}\setup.exe" -l0x9

    ======Security center information======

    AS: Windows Defender

    ======System event log======

    Computer Name: PC-de-Thomas
    Event Code: 7001
    Message: Le service Gestionnaire de connexions d'accès distant dépend du service Téléphonie qui n'a pas pu démarrer en raison de l'erreur :
    Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.
    Record Number: 751397
    Source Name: Service Control Manager
    Time Written: 20090427140348.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-Thomas
    Event Code: 7001
    Message: Le service Gestionnaire de connexions d'accès distant dépend du service Téléphonie qui n'a pas pu démarrer en raison de l'erreur :
    Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.
    Record Number: 751398
    Source Name: Service Control Manager
    Time Written: 20090427140348.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-Thomas
    Event Code: 7001
    Message: Le service Gestionnaire de connexions d'accès distant dépend du service Téléphonie qui n'a pas pu démarrer en raison de l'erreur :
    Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.
    Record Number: 751399
    Source Name: Service Control Manager
    Time Written: 20090427140439.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-Thomas
    Event Code: 7001
    Message: Le service Gestionnaire de connexions d'accès distant dépend du service Téléphonie qui n'a pas pu démarrer en raison de l'erreur :
    Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.
    Record Number: 751400
    Source Name: Service Control Manager
    Time Written: 20090427140445.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-Thomas
    Event Code: 7001
    Message: Le service Gestionnaire de connexions d'accès distant dépend du service Téléphonie qui n'a pas pu démarrer en raison de l'erreur :
    Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.
    Record Number: 751401
    Source Name: Service Control Manager
    Time Written: 20090427140445.000000-000
    Event Type: Erreur
    User:

    =====Application event log=====

    Computer Name: PC-de-Thomas
    Event Code: 4105
    Message: Windows est en période de notification.
    Record Number: 25180
    Source Name: Microsoft-Windows-Winlogon
    Time Written: 20090426155346.000000-000
    Event Type: Avertissement
    User:

    Computer Name: PC-de-Thomas
    Event Code: 8194
    Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005. Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.

    Opération :
    Données du rédacteur en cours de collecte

    Contexte :
    ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
    Nom du rédacteur: System Writer
    ID d’instance du rédacteur: {dac9a9fc-9e27-487d-af06-b53f0d190af7}
    Record Number: 25207
    Source Name: VSS
    Time Written: 20090426182942.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-Thomas
    Event Code: 1530
    Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

    DÉTAIL -
    1 user registry handles leaked from \Registry\User\S-1-5-21-2549099593-1315904904-3128934940-1000_Classes:
    Process 1704 (\Device\HarddiskVolume1\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2549099593-1315904904-3128934940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

    Record Number: 25213
    Source Name: Microsoft-Windows-User Profiles Service
    Time Written: 20090426210328.000000-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: PC-de-Thomas
    Event Code: 4105
    Message: Windows est en période de notification.
    Record Number: 25231
    Source Name: Microsoft-Windows-Winlogon
    Time Written: 20090427105702.000000-000
    Event Type: Avertissement
    User:

    Computer Name: PC-de-Thomas
    Event Code: 4105
    Message: Windows est en période de notification.
    Record Number: 25253
    Source Name: Microsoft-Windows-Winlogon
    Time Written: 20090427111819.000000-000
    Event Type: Avertissement
    User:

    =====Security event log=====

    Computer Name: PC-de-Thomas
    Event Code: 4672
    Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

    Sujet :
    ID de sécurité : S-1-5-18
    Nom du compte : SYSTEM
    Domaine du compte : AUTORITE NT
    ID d’ouverture de session : 0x3e7

    Privilèges : SeAssignPrimaryTokenPrivilege
    SeTcbPrivilege
    SeSecurityPrivilege
    SeTakeOwnershipPrivilege
    SeLoadDriverPrivilege
    SeBackupPrivilege
    SeRestorePrivilege
    SeDebugPrivilege
    SeAuditPrivilege
    SeSystemEnvironmentPrivilege
    SeImpersonatePrivilege
    Record Number: 20883
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090217070239.927742-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-Thomas
    Event Code: 4648
    Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

    Sujet :
    ID de sécurité : S-1-5-18
    Nom du compte : PC-DE-THOMAS$
    Domaine du compte : WORKGROUP
    ID d’ouverture de session : 0x3e7
    GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

    Compte dont les informations d’identification ont été utilisées :
    Nom du compte : SYSTEM
    Domaine du compte : AUTORITE NT
    GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

    Serveur cible :
    Nom du serveur cible : localhost
    Informations supplémentaires : localhost

    Informations sur le processus :
    ID du processus : 0x290
    Nom du processus : C:\Windows\System32\services.exe

    Informations sur le réseau :
    Adresse du réseau : -
    Port : -

    Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
    Record Number: 20884
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090217070647.012742-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-Thomas
    Event Code: 4624
    Message: L’ouverture de session d’un compte s’est correctement déroulée.

    Sujet :
    ID de sécurité : S-1-5-18
    Nom du compte : PC-DE-THOMAS$
    Domaine du compte : WORKGROUP
    ID d’ouverture de session : 0x3e7

    Type d’ouverture de session : 5

    Nouvelle ouverture de session :
    ID de sécurité : S-1-5-18
    Nom du compte : SYSTEM
    Domaine du compte : AUTORITE NT
    ID d’ouverture de session : 0x3e7
    GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

    Informations sur le processus :
    ID du processus : 0x290
    Nom du processus : C:\Windows\System32\services.exe

    Informations sur le réseau :
    Nom de la station de travail :
    Adresse du réseau source : -
    Port source : -

    Informations détaillées sur l’authentification :
    Processus d’ouverture de session : Advapi
    Package d’authentification : Negotiate
    Services en transit : -
    Nom du package (NTLM uniquement) : -
    Longueur de la clé : 0

    Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

    Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

    Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

    Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

    Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

    Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
    - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
    - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
    - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
    - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
    Record Number: 20885
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090217070647.012742-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-Thomas
    Event Code: 4672
    Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

    Sujet :
    ID de sécurité : S-1-5-18
    Nom du compte : SYSTEM
    Domaine du compte : AUTORITE NT
    ID d’ouverture de session : 0x3e7

    Privilèges : SeAssignPrimaryTokenPrivilege
    SeTcbPrivilege
    SeSecurityPrivilege
    SeTakeOwnershipPrivilege
    SeLoadDriverPrivilege
    SeBackupPrivilege
    SeRestorePrivilege
    SeDebugPrivilege
    SeAuditPrivilege
    SeSystemEnvironmentPrivilege
    SeImpersonatePrivilege
    Record Number: 20886
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090217070647.012742-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-Thomas
    Event Code: 4904
    Message: Une tentative d’inscription de la source d’un événement de sécurité a été effectuée.

    Sujet :
    ID de sécurité : S-1-5-18
    Nom du compte : PC-DE-THOMAS$
    Domaine du compte : WORKGROUP
    ID d’ouverture de session : 0x3e7

    Processus :
    ID du processus : 0x7b0
    Nom du processus : C:\Windows\System32\VSSVC.exe

    Source de l’événement :
    Nom de la source : VSSAudit
    ID de la source de l’événement : 0x2e82a2
    Record Number: 20887
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090217070727.402742-000
    Event Type: Succès de l'audit
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\AMD\MCat;C:\Program Files\QuickTime\QTSystem
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=x86
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
    "PROCESSOR_REVISION"=6b02
    "NUMBER_OF_PROCESSORS"=2
    "RGSCLauncher"=C:\Program Files\Rockstar Games\Rockstar Games Social Club
    "RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

    -----------------EOF-----------------





    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Thomas at 2009-04-27 16:05:31
    Microsoft® Windows Vista™ Édition Intégrale Service Pack 1
    System drive C: has 60 GB (13%) free of 477 GB
    Total RAM: 2047 MB (42% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:05:49, on 27/04/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18226)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\explorer.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Thomas\Downloads\RSIT.exe
    C:\Program Files\trend micro\Thomas.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe
    O13 - Gopher Prefix:
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpld...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E2F13CEB-4EE3-4BF5-968C-01D8D097166A}: NameServer = 193.70.152.15,193.70.152.25
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
    O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --
    End of file - 5604 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2549099593-1315904904-3128934940-1000.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
    Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-11-04 463872]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
    "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-03-17 61440]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
    "eMuleAutoStart"=C:\Program Files\eMule\emule.exe [2009-02-22 5668864]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\akouwme]
    c:\users\thomas\appdata\local\akouwme.exe akouwme []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
    C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
    C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-08-03 202024]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
    C:\Program Files\GameSpy\Comrade\Comrade.exe [2007-06-29 36864]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE]
    C:\Program Files\DLD.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
    C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe [2006-11-27 255528]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    C:\Windows\ehome\ehTray.exe [2008-04-11 125952]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
    C:\Program Files\eMule\emule.exe [2009-02-22 5668864]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
    C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-10 133104]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-23 385024]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo Startup]
    C:\Program Files\iolo\Common\Lib\ioloLManager.exe [2008-05-06 307568]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-08-08 1828136]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ninja Surfing]
    C:\Program Files\NinjaSurfing\nsurfing.exe /tray []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
    C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2009-04-25 306088]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
    C:\Program Files\RivaTuner v2.20\RivaTunerWrapper.exe [2008-11-19 24576]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-11 1233920]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream]
    C:\Program Files\ONSPEED\onspeedcore.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-03-17 61440]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-03-07 198160]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStar]
    C:\Users\Thomas\AppData\Roaming\UpdateStar\UpdateStar.exe -A []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC9Player]
    C:\Program Files\Virtual CD v9\System\VC9Play.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
    C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-11-04 3522296]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScannerPro]
    C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]
    C:\Program Files\Zango\bin\10.3.70.0\Weather.exe -auto []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    C:\Program Files\Windows Defender\MSASCui.exe [2008-04-11 1008184]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-04-11 202240]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]
    C:\Program Files\Zango\bin\10.3.70.0\OEAddOn.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]
    C:\Program Files\Zango\bin\10.3.70.0\ZangoSA.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
    C:\PROGRA~1\WIDCOMM\LOGICI~1\BTTray.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
    C:\PROGRA~1\COMMON~1\DataViz\DVZINC~1.EXE [2008-09-19 24576]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak software updater.lnk]
    C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE [2004-02-13 16423]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logiciel Kodak EasyShare.lnk]
    C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2007-06-21 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Matrix Screen Locker.lnk]
    C:\PROGRA~1\BAROUF~1\MATRIX~1\matrix.exe [2006-01-29 539136]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ONSPEED.lnk]
    C:\PROGRA~1\ONSPEED\ONSPEE~2.EXE []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Connection Manager.lnk]
    C:\PROGRA~1\D-Link\D-LINK~1\WIRELE~1.EXE [2006-11-03 12693504]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK]
    C:\PROGRA~1\vghd\vghd.exe [2008-12-05 357712]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
    C:\PROGRA~1\palmOne\HOTSYNC.EXE [2004-04-12 299008]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
    C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
    C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-12-15 384000]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerStrip.lnk]
    C:\PROGRA~1\POWERS~1\PStrip.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^VirtuaGirl2.lnk]
    C:\PROGRA~1\Vg\VIRTUA~1.EXE []

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "NoSecCpl"=0
    "DisableChangePassword"=0
    "DisableLockWorkstation"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0
    "DisableStatusMessages"=1
    "EnableLUA"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoLogOff"=0
    "NoDriveTypeAutoRun"=0
    "NoStartMenuPinnedList"=0
    "NoStartMenuMFUprogramsList"=0
    "NoUserNameInStartMenu"=0
    "NoStartMenuSubFolders"=0
    "NoCommonGroups"=0
    "NoPrinterTabs"=0
    "NoDeletePrinter"=0
    "NoAddPrinter"=0
    "NoPrinters"=0
    "NoFavoritesMenu"=0
    "NoDrives"=0
    "NoRecentDocsNetHood"=0
    "NoChangeAnimation"=0
    "NoChangeKeyboardNavigationIndicators"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
    "C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
    "C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
    "C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
    "C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
    "C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
    "C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
    "C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
    "C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{931ff3eb-2e40-11dd-a4a4-001c2530884d}]
    shell\AutoRun\command - J:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda8e037-22aa-11dd-99f9-806e6f6e6963}]
    shell\AutoRun\command - D:\install.EXE /AUTORUN
    shell\configure\command - D:\install.EXE
    shell\install\command - D:\install.EXE


    ======File associations======

    .js - open - NOTEPAD.EXE %1
    .vbs - open - NOTEPAD.EXE %1

    ======List of files/folders created in the last 1 months======

    2009-04-27 16:02:08 ----D---- C:\Program Files\trend micro
    2009-04-27 16:02:05 ----D---- C:\rsit
    2009-04-27 14:33:04 ----D---- C:\Program Files\rpatentino
    2009-04-25 14:01:18 ----A---- C:\Windows\ODBC.INI
    2009-04-25 13:59:12 ----D---- C:\Users\Thomas\AppData\Roaming\Microsoft Web Folders
    2009-04-24 13:57:44 ----D---- C:\ProgramData\ATI
    2009-04-23 19:01:41 ----D---- C:\ProgramData\NexonEU
    2009-04-23 17:46:19 ----A---- C:\avenger.txt
    2009-04-23 17:44:58 ----D---- C:\Windows\temp
    2009-04-23 17:37:17 ----D---- C:\ComboFix
    2009-04-23 17:37:16 ----A---- C:\Windows\system32\CF10409.exe
    2009-04-23 16:12:30 ----A---- C:\Windows\PSEXESVC.EXE
    2009-04-23 16:04:11 ----A---- C:\Windows\zip.exe
    2009-04-23 16:04:11 ----A---- C:\Windows\vFind.exe
    2009-04-23 16:04:11 ----A---- C:\Windows\SWXCACLS.exe
    2009-04-23 16:04:11 ----A---- C:\Windows\SWSC.exe
    2009-04-23 16:04:11 ----A---- C:\Windows\SWREG.exe
    2009-04-23 16:04:11 ----A---- C:\Windows\sed.exe
    2009-04-23 16:04:11 ----A---- C:\Windows\NIRCMD.exe
    2009-04-23 16:04:11 ----A---- C:\Windows\grep.exe
    2009-04-23 16:03:26 ----D---- C:\Windows\ERDNT
    2009-04-23 16:03:25 ----A---- C:\Windows\system32\swsc.exe
    2009-04-23 16:03:24 ----D---- C:\Qoobox
    2009-04-23 15:52:20 ----D---- C:\Users\Thomas\AppData\Roaming\Malwarebytes
    2009-04-23 15:52:15 ----D---- C:\ProgramData\Malwarebytes
    2009-04-23 15:52:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-04-21 19:22:29 ----D---- C:\ProgramData\NexonUS
    2009-04-21 18:38:31 ----D---- C:\ProgramData\PMB Files
    2009-04-16 22:53:26 ----A---- C:\Windows\system32\winhttp.dll
    2009-04-16 22:53:22 ----A---- C:\Windows\system32\xolehlp.dll
    2009-04-16 22:53:22 ----A---- C:\Windows\system32\msdtcprx.dll
    2009-04-16 22:53:16 ----A---- C:\Windows\system32\rpcss.dll
    2009-04-16 22:53:15 ----A---- C:\Windows\system32\ntoskrnl.exe
    2009-04-16 22:53:15 ----A---- C:\Windows\system32\ntkrnlpa.exe
    2009-04-16 22:53:14 ----A---- C:\Windows\system32\sdohlp.dll
    2009-04-16 22:53:14 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
    2009-04-16 22:53:14 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
    2009-04-16 22:53:14 ----A---- C:\Windows\system32\iasrecst.dll
    2009-04-16 22:53:14 ----A---- C:\Windows\system32\iashost.exe
    2009-04-16 22:53:14 ----A---- C:\Windows\system32\iasdatastore.dll
    2009-04-16 22:53:14 ----A---- C:\Windows\system32\iasads.dll
    2009-04-16 22:53:12 ----A---- C:\Windows\system32\lsasrv.dll
    2009-04-16 22:53:11 ----A---- C:\Windows\system32\kernel32.dll
    2009-04-16 22:53:10 ----A---- C:\Windows\system32\secur32.dll
    2009-04-16 22:53:10 ----A---- C:\Windows\system32\apilogen.dll
    2009-04-16 22:53:10 ----A---- C:\Windows\system32\amxread.dll
    2009-04-16 22:53:06 ----A---- C:\Windows\system32\mshtml.dll
    2009-04-16 22:53:05 ----A---- C:\Windows\system32\ieframe.dll
    2009-04-16 22:53:04 ----A---- C:\Windows\system32\urlmon.dll
    2009-04-16 22:53:03 ----A---- C:\Windows\system32\wininet.dll
    2009-04-16 22:53:03 ----A---- C:\Windows\system32\occache.dll
    2009-04-16 22:53:03 ----A---- C:\Windows\system32\msfeeds.dll
    2009-04-16 22:53:03 ----A---- C:\Windows\system32\iertutil.dll
    2009-04-16 22:53:03 ----A---- C:\Windows\system32\iedkcs32.dll
    2009-04-16 22:53:03 ----A---- C:\Windows\system32\ieaksie.dll
    2009-04-16 22:53:02 ----A---- C:\Windows\system32\mstime.dll
    2009-04-16 22:53:02 ----A---- C:\Windows\system32\ieUnatt.exe
    2009-04-16 22:53:02 ----A---- C:\Windows\system32\ieencode.dll
    2009-04-16 22:53:00 ----A---- C:\Windows\system32\jsproxy.dll
    2009-04-13 21:08:11 ----A---- C:\Windows\system32\GEARAspi.dll
    2009-04-13 21:08:00 ----D---- C:\Program Files\iPod
    2009-04-13 21:07:47 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-13 21:07:46 ----D---- C:\Program Files\iTunes
    2009-04-08 17:13:24 ----A---- C:\spiele.ini
    2009-04-08 17:13:24 ----A---- C:\Lisezmoi.txt
    2009-04-08 17:13:24 ----A---- C:\IQT.ini
    2009-04-08 17:13:24 ----A---- C:\IQ800.ini
    2009-04-08 17:13:24 ----A---- C:\IQ1024.ini
    2009-04-08 17:13:23 ----A---- C:\Uninst.dll
    2009-04-08 17:13:23 ----A---- C:\turangau.exe
    2009-04-08 17:13:23 ----A---- C:\IQTest.exe
    2009-04-08 17:13:23 ----A---- C:\Galgenmaennchen.exe
    2009-04-08 17:13:17 ----D---- C:\spiele
    2009-04-08 17:13:17 ----D---- C:\Levels
    2009-04-08 17:13:17 ----D---- C:\Datenbank
    2009-04-08 17:07:48 ----D---- C:\Program Files\Common Files\Borland Shared
    2009-04-07 22:37:28 ----D---- C:\Program Files\Micro Application
    2009-03-31 20:25:59 ----D---- C:\Program Files\GTA4MODS.com
    2009-03-31 14:53:16 ----A---- C:\Windows\system32\CmdLineExt.dll
    2009-03-30 13:54:38 ----D---- C:\Users\Thomas\AppData\Roaming\New Technology Studio

    ======List of files/folders modified in the last 1 months======

    2009-04-27 16:02:19 ----D---- C:\Windows\Prefetch
    2009-04-27 16:02:08 ----D---- C:\Program Files
    2009-04-27 15:59:51 ----D---- C:\Program Files\Mozilla Firefox
    2009-04-27 14:33:05 ----D---- C:\Windows\System32
    2009-04-27 14:32:18 ----D---- C:\Program Files\a-squared Free
    2009-04-26 21:08:58 ----SHD---- C:\System Volume Information
    2009-04-26 19:27:30 ----D---- C:\Windows\system32\drivers
    2009-04-25 14:08:33 ----SD---- C:\Users\Thomas\AppData\Roaming\Microsoft
    2009-04-25 14:01:19 ----SHD---- C:\Windows\Installer
    2009-04-25 14:01:18 ----SHD---- C:\Config.Msi
    2009-04-25 14:01:18 ----D---- C:\Windows
    2009-04-25 14:01:09 ----D---- C:\Program Files\Common Files
    2009-04-25 14:00:54 ----A---- C:\Windows\win.ini
    2009-04-25 14:00:25 ----RSD---- C:\Windows\Media
    2009-04-25 14:00:17 ----D---- C:\Program Files\Common Files\microsoft shared
    2009-04-25 14:00:13 ----D---- C:\Program Files\Common Files\System
    2009-04-25 14:00:10 ----D---- C:\Windows\ShellNew
    2009-04-25 13:59:49 ----D---- C:\Windows\Help
    20
    a c 267 8 Sécurité
    a b 9 Windows
    27 Avril 2009 16:20:59

    Le rapport log est incomplet.
    27 Avril 2009 17:32:35

    ah oui désolé


    voici le rapport complet,

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Thomas at 2009-04-27 16:05:31
    Microsoft® Windows Vista™ Édition Intégrale Service Pack 1
    System drive C: has 60 GB (13%) free of 477 GB
    Total RAM: 2047 MB (42% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:05:49, on 27/04/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18226)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\explorer.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Thomas\Downloads\RSIT.exe
    C:\Program Files\trend micro\Thomas.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe
    O13 - Gopher Prefix:
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpld...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E2F13CEB-4EE3-4BF5-968C-01D8D097166A}: NameServer = 193.70.152.15,193.70.152.25
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
    O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --
    End of file - 5604 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2549099593-1315904904-3128934940-1000.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
    Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-11-04 463872]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
    "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-03-17 61440]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
    "eMuleAutoStart"=C:\Program Files\eMule\emule.exe [2009-02-22 5668864]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\akouwme]
    c:\users\thomas\appdata\local\akouwme.exe akouwme []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
    C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
    C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-08-03 202024]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
    C:\Program Files\GameSpy\Comrade\Comrade.exe [2007-06-29 36864]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE]
    C:\Program Files\DLD.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
    C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe [2006-11-27 255528]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    C:\Windows\ehome\ehTray.exe [2008-04-11 125952]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
    C:\Program Files\eMule\emule.exe [2009-02-22 5668864]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
    C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-10 133104]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-23 385024]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo Startup]
    C:\Program Files\iolo\Common\Lib\ioloLManager.exe [2008-05-06 307568]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-08-08 1828136]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ninja Surfing]
    C:\Program Files\NinjaSurfing\nsurfing.exe /tray []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
    C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2009-04-25 306088]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
    C:\Program Files\RivaTuner v2.20\RivaTunerWrapper.exe [2008-11-19 24576]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-11 1233920]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream]
    C:\Program Files\ONSPEED\onspeedcore.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-03-17 61440]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-03-07 198160]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStar]
    C:\Users\Thomas\AppData\Roaming\UpdateStar\UpdateStar.exe -A []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC9Player]
    C:\Program Files\Virtual CD v9\System\VC9Play.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
    C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-11-04 3522296]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScannerPro]
    C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]
    C:\Program Files\Zango\bin\10.3.70.0\Weather.exe -auto []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    C:\Program Files\Windows Defender\MSASCui.exe [2008-04-11 1008184]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-04-11 202240]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]
    C:\Program Files\Zango\bin\10.3.70.0\OEAddOn.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]
    C:\Program Files\Zango\bin\10.3.70.0\ZangoSA.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
    C:\PROGRA~1\WIDCOMM\LOGICI~1\BTTray.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
    C:\PROGRA~1\COMMON~1\DataViz\DVZINC~1.EXE [2008-09-19 24576]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak software updater.lnk]
    C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE [2004-02-13 16423]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logiciel Kodak EasyShare.lnk]
    C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2007-06-21 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Matrix Screen Locker.lnk]
    C:\PROGRA~1\BAROUF~1\MATRIX~1\matrix.exe [2006-01-29 539136]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ONSPEED.lnk]
    C:\PROGRA~1\ONSPEED\ONSPEE~2.EXE []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Connection Manager.lnk]
    C:\PROGRA~1\D-Link\D-LINK~1\WIRELE~1.EXE [2006-11-03 12693504]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK]
    C:\PROGRA~1\vghd\vghd.exe [2008-12-05 357712]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
    C:\PROGRA~1\palmOne\HOTSYNC.EXE [2004-04-12 299008]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
    C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
    C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-12-15 384000]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerStrip.lnk]
    C:\PROGRA~1\POWERS~1\PStrip.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^VirtuaGirl2.lnk]
    C:\PROGRA~1\Vg\VIRTUA~1.EXE []

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "NoSecCpl"=0
    "DisableChangePassword"=0
    "DisableLockWorkstation"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0
    "DisableStatusMessages"=1
    "EnableLUA"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoLogOff"=0
    "NoDriveTypeAutoRun"=0
    "NoStartMenuPinnedList"=0
    "NoStartMenuMFUprogramsList"=0
    "NoUserNameInStartMenu"=0
    "NoStartMenuSubFolders"=0
    "NoCommonGroups"=0
    "NoPrinterTabs"=0
    "NoDeletePrinter"=0
    "NoAddPrinter"=0
    "NoPrinters"=0
    "NoFavoritesMenu"=0
    "NoDrives"=0
    "NoRecentDocsNetHood"=0
    "NoChangeAnimation"=0
    "NoChangeKeyboardNavigationIndicators"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
    "C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
    "C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
    "C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
    "C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
    "C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
    "C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
    "C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
    "C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{931ff3eb-2e40-11dd-a4a4-001c2530884d}]
    shell\AutoRun\command - J:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda8e037-22aa-11dd-99f9-806e6f6e6963}]
    shell\AutoRun\command - D:\install.EXE /AUTORUN
    shell\configure\command - D:\install.EXE
    shell\install\command - D:\install.EXE


    ======File associations======

    .js - open - NOTEPAD.EXE %1
    .vbs - open - NOTEPAD.EXE %1

    ======List of files/folders created in the last 1 months======

    2009-04-27 16:02:08 ----D---- C:\Program Files\trend micro
    2009-04-27 16:02:05 ----D---- C:\rsit
    2009-04-27 14:33:04 ----D---- C:\Program Files\rpatentino
    2009-04-25 14:01:18 ----A---- C:\Windows\ODBC.INI
    2009-04-25 13:59:12 ----D---- C:\Users\Thomas\AppData\Roaming\Microsoft Web Folders
    2009-04-24 13:57:44 ----D---- C:\ProgramData\ATI
    2009-04-23 19:01:41 ----D---- C:\ProgramData\NexonEU
    2009-04-23 17:46:19 ----A---- C:\avenger.txt
    2009-04-23 17:44:58 ----D---- C:\Windows\temp
    2009-04-23 17:37:17 ----D---- C:\ComboFix
    2009-04-23 17:37:16 ----A---- C:\Windows\system32\CF10409.exe
    2009-04-23 16:12:30 ----A---- C:\Windows\PSEXESVC.EXE
    2009-04-23 16:04:11 ----A---- C:\Windows\zip.exe
    2009-04-23 16:04:11 ----A---- C:\Windows\vFind.exe
    2009-04-23 16:04:11 ----A---- C:\Windows\SWXCACLS.exe
    2009-04-23 16:04:11 ----A---- C:\Windows\SWSC.exe
    2009-04-23 16:04:11 ----A---- C:\Windows\SWREG.exe
    2009-04-23 16:04:11 ----A---- C:\Windows\sed.exe
    2009-04-23 16:04:11 ----A---- C:\Windows\NIRCMD.exe
    2009-04-23 16:04:11 ----A---- C:\Windows\grep.exe
    2009-04-23 16:03:26 ----D---- C:\Windows\ERDNT
    2009-04-23 16:03:25 ----A---- C:\Windows\system32\swsc.exe
    2009-04-23 16:03:24 ----D---- C:\Qoobox
    2009-04-23 15:52:20 ----D---- C:\Users\Thomas\AppData\Roaming\Malwarebytes
    2009-04-23 15:52:15 ----D---- C:\ProgramData\Malwarebytes
    2009-04-23 15:52:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-04-21 19:22:29 ----D---- C:\ProgramData\NexonUS
    2009-04-21 18:38:31 ----D---- C:\ProgramData\PMB Files
    2009-04-16 22:53:26 ----A---- C:\Windows\system32\winhttp.dll
    2009-04-16 22:53:22 ----A---- C:\Windows\system32\xolehlp.dll
    2009-04-16 22:53:22 ----A---- C:\Windows\system32\msdtcprx.dll
    2009-04-16 22:53:16 ----A---- C:\Windows\system32\rpcss.dll
    2009-04-16 22:53:15 ----A---- C:\Windows\system32\ntoskrnl.exe
    2009-04-16 22:53:15 ----A---- C:\Windows\system32\ntkrnlpa.exe
    2009-04-16 22:53:14 ----A---- C:\Windows\system32\sdohlp.dll
    2009-04-16 22:53:14 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
    2009-04-16 22:53:14 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
    2009-04-16 22:53:14 ----A---- C:\Windows\system32\iasrecst.dll
    2009-04-16 22:53:14 ----A---- C:\Windows\system32\iashost.exe
    2009-04-16 22:53:14 ----A---- C:\Windows\system32\iasdatastore.dll
    2009-04-16 22:53:14 ----A---- C:\Windows\system32\iasads.dll
    2009-04-16 22:53:12 ----A---- C:\Windows\system32\lsasrv.dll
    2009-04-16 22:53:11 ----A---- C:\Windows\system32\kernel32.dll
    2009-04-16 22:53:10 ----A---- C:\Windows\system32\secur32.dll
    2009-04-16 22:53:10 ----A---- C:\Windows\system32\apilogen.dll
    2009-04-16 22:53:10 ----A---- C:\Windows\system32\amxread.dll
    2009-04-16 22:53:06 ----A---- C:\Windows\system32\mshtml.dll
    2009-04-16 22:53:05 ----A---- C:\Windows\system32\ieframe.dll
    2009-04-16 22:53:04 ----A---- C:\Windows\system32\urlmon.dll
    2009-04-16 22:53:03 ----A---- C:\Windows\system32\wininet.dll
    2009-04-16 22:53:03 ----A---- C:\Windows\system32\occache.dll
    2009-04-16 22:53:03 ----A---- C:\Windows\system32\msfeeds.dll
    2009-04-16 22:53:03 ----A---- C:\Windows\system32\iertutil.dll
    2009-04-16 22:53:03 ----A---- C:\Windows\system32\iedkcs32.dll
    2009-04-16 22:53:03 ----A---- C:\Windows\system32\ieaksie.dll
    2009-04-16 22:53:02 ----A---- C:\Windows\system32\mstime.dll
    2009-04-16 22:53:02 ----A---- C:\Windows\system32\ieUnatt.exe
    2009-04-16 22:53:02 ----A---- C:\Windows\system32\ieencode.dll
    2009-04-16 22:53:00 ----A---- C:\Windows\system32\jsproxy.dll
    2009-04-13 21:08:11 ----A---- C:\Windows\system32\GEARAspi.dll
    2009-04-13 21:08:00 ----D---- C:\Program Files\iPod
    2009-04-13 21:07:47 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-13 21:07:46 ----D---- C:\Program Files\iTunes
    2009-04-08 17:13:24 ----A---- C:\spiele.ini
    2009-04-08 17:13:24 ----A---- C:\Lisezmoi.txt
    2009-04-08 17:13:24 ----A---- C:\IQT.ini
    2009-04-08 17:13:24 ----A---- C:\IQ800.ini
    2009-04-08 17:13:24 ----A---- C:\IQ1024.ini
    2009-04-08 17:13:23 ----A---- C:\Uninst.dll
    2009-04-08 17:13:23 ----A---- C:\turangau.exe
    2009-04-08 17:13:23 ----A---- C:\IQTest.exe
    2009-04-08 17:13:23 ----A---- C:\Galgenmaennchen.exe
    2009-04-08 17:13:17 ----D---- C:\spiele
    2009-04-08 17:13:17 ----D---- C:\Levels
    2009-04-08 17:13:17 ----D---- C:\Datenbank
    2009-04-08 17:07:48 ----D---- C:\Program Files\Common Files\Borland Shared
    2009-04-07 22:37:28 ----D---- C:\Program Files\Micro Application
    2009-03-31 20:25:59 ----D---- C:\Program Files\GTA4MODS.com
    2009-03-31 14:53:16 ----A---- C:\Windows\system32\CmdLineExt.dll
    2009-03-30 13:54:38 ----D---- C:\Users\Thomas\AppData\Roaming\New Technology Studio

    ======List of files/folders modified in the last 1 months======

    2009-04-27 16:02:19 ----D---- C:\Windows\Prefetch
    2009-04-27 16:02:08 ----D---- C:\Program Files
    2009-04-27 15:59:51 ----D---- C:\Program Files\Mozilla Firefox
    2009-04-27 14:33:05 ----D---- C:\Windows\System32
    2009-04-27 14:32:18 ----D---- C:\Program Files\a-squared Free
    2009-04-26 21:08:58 ----SHD---- C:\System Volume Information
    2009-04-26 19:27:30 ----D---- C:\Windows\system32\drivers
    2009-04-25 14:08:33 ----SD---- C:\Users\Thomas\AppData\Roaming\Microsoft
    2009-04-25 14:01:19 ----SHD---- C:\Windows\Installer
    2009-04-25 14:01:18 ----SHD---- C:\Config.Msi
    2009-04-25 14:01:18 ----D---- C:\Windows
    2009-04-25 14:01:09 ----D---- C:\Program Files\Common Files
    2009-04-25 14:00:54 ----A---- C:\Windows\win.ini
    2009-04-25 14:00:25 ----RSD---- C:\Windows\Media
    2009-04-25 14:00:17 ----D---- C:\Program Files\Common Files\microsoft shared
    2009-04-25 14:00:13 ----D---- C:\Program Files\Common Files\System
    2009-04-25 14:00:10 ----D---- C:\Windows\ShellNew
    2009-04-25 13:59:49 ----D---- C:\Windows\Help
    2009-04-25 13:59:48 ----D---- C:\Windows\MSAgent
    2009-04-25 13:59:12 ----D---- C:\Program Files\Microsoft Office
    2009-04-25 13:59:02 ----D---- C:\Windows\system
    2009-04-25 13:59:02 ----D---- C:\temp
    2009-04-25 13:48:06 ----D---- C:\Program Files\ATI
    2009-04-24 21:43:55 ----A---- C:\Windows\NeroDigital.ini
    2009-04-24 13:57:44 ----HD---- C:\ProgramData
    2009-04-23 19:01:42 ----D---- C:\Nexon
    2009-04-23 19:00:16 ----RSD---- C:\Windows\assembly
    2009-04-23 18:59:40 ----D---- C:\Program Files\ATI Technologies
    2009-04-23 18:57:46 ----D---- C:\Windows\system32\catroot
    2009-04-23 18:57:46 ----D---- C:\Windows\inf
    2009-04-23 17:48:51 ----A---- C:\Windows\system.ini
    2009-04-23 17:45:20 ----D---- C:\Windows\system32\config
    2009-04-23 17:42:03 ----D---- C:\Windows\AppPatch
    2009-04-23 17:37:16 ----D---- C:\Windows\system32\fr-FR
    2009-04-22 19:37:39 ----D---- C:\Poker
    2009-04-20 20:45:26 ----D---- C:\Windows\Minidump
    2009-04-18 13:03:21 ----D---- C:\Windows\system32\catroot2
    2009-04-17 13:38:15 ----D---- C:\Windows\system32\wbem
    2009-04-17 13:38:15 ----D---- C:\Windows\system32\manifeststore
    2009-04-17 13:38:14 ----D---- C:\Program Files\Internet Explorer
    2009-04-17 13:38:04 ----D---- C:\Windows\winsxs
    2009-04-17 13:37:37 ----D---- C:\ProgramData\Microsoft Help
    2009-04-14 20:45:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2009-04-13 21:08:11 ----DC---- C:\Windows\system32\DRVSTORE
    2009-04-13 21:07:59 ----D---- C:\Program Files\Common Files\Apple
    2009-04-13 21:06:58 ----D---- C:\Program Files\Bonjour
    2009-04-07 22:37:28 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-03-31 23:19:48 ----D---- C:\Program Files\Ubisoft

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 ATITool;ATITool Overclocking Utility; C:\Windows\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
    R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-04-11 350720]
    R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 12800]
    R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-07-21 121872]
    R1 ntiopnp;ntiopnp; C:\Windows\system32\drivers\ntiopnp.sys [2007-02-12 12800]
    R1 PStrip;PStrip; C:\Windows\system32\drivers\pstrip.sys [2007-07-15 27992]
    R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 55264]
    R2 Nsynas32;Nsynas32; C:\Windows\system32\drivers\Nsynas32.sys [2001-04-09 17784]
    R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
    R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-12-29 952832]
    R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-02-20 95760]
    R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-03-16 4361216]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\bdfndisf.sys [2007-10-19 87952]
    R3 CLEDX;Team H2O CLEDX service; C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
    R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
    R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-04-06 38496]
    R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-05-18 47360]
    S1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys []
    S1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys []
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys []
    S1 vdrv9000;vdrv9000; C:\Windows\system32\DRIVERS\vdrv9000.sys []
    S2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys []
    S3 abq6uz99;abq6uz99; C:\Windows\system32\drivers\abq6uz99.sys []
    S3 agxqxxkg;agxqxxkg; C:\Windows\system32\drivers\agxqxxkg.sys []
    S3 AR5416;D-Link RangeBooster N Service; C:\Windows\system32\DRIVERS\ar5416.sys [2006-09-25 1037088]
    S3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2007-08-02 188432]
    S3 BthEnum;Service d'énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-11 19456]
    S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-04-11 92160]
    S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
    S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
    S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\Windows\System32\Drivers\btwusb.sys []
    S3 catchme;catchme; \??\C:\Users\Thomas\AppData\Local\Temp\catchme.sys []
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-01-24 14336]
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-04-11 5632]
    S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
    S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2008-04-22 27672]
    S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
    S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
    S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
    S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-04-11 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-04-11 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-04-11 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-04-11 6016]
    S3 P1171VID;Creative WebCam Notebook #2; C:\Windows\system32\DRIVERS\P1171Vid.sys [2004-03-19 91392]
    S3 PalmUSBD;PalmUSBD; C:\Windows\system32\drivers\PalmUSBD.sys [2004-04-12 16509]
    S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2007-10-12 490776]
    S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-04-11 49664]
    S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.20\RivaTuner32.sys [2008-11-19 9088]
    S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2007-07-31 76800]
    S3 TVICHW32;TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [2007-01-05 23600]
    S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-03-26 36864]
    S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-04-11 35328]
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-04-11 39936]
    S3 WSIMD;wsimd Service; C:\Windows\system32\DRIVERS\wsimd.sys [2006-07-20 54432]
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-04-11 83328]
    S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-12-09 311808]
    S4 ErrDev;Pilote de périphérique d’erreur matérielle Microsoft; C:\Windows\system32\drivers\errdev.sys [2008-04-11 6656]
    S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-04-11 386616]
    S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-04-11 11264]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-03-16 180224]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R2 CPUCooLServer;CPUCooLServer Service; C:\Program Files\CPUCooL\CooLSrv.exe [2007-07-31 118784]
    R2 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
    R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
    S2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe []
    S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-04-11 21504]
    S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe []
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-04-11 21504]
    S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-04-11 917504]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S4 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-04-22 425080]
    S4 ACS;Atheros Configuration Service; C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\acs.exe [2006-08-25 360532]
    S4 aspnet_state;Service d'état ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
    S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-04-11 21504]
    S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-04-11 21504]
    S4 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-04-11 523776]
    S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-05-18 654848]
    S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S4 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 566120]
    S4 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 566120]
    S4 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
    S4 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
    S4 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
    S4 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-01-24 216232]
    S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]
    S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]
    S4 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2008-12-04 107832]
    S4 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-04-11 21504]
    S4 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
    S4 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-12 87288]

    -----------------EOF-----------------
    a c 267 8 Sécurité
    a b 9 Windows
    27 Avril 2009 17:44:13

    Tu as désinstallé NOD32 ?
    27 Avril 2009 17:55:02

    oui mais je croi qu'il restent quelque fichier un peu en bordel.
    Merci de ton aide
    a c 267 8 Sécurité
    a b 9 Windows
    27 Avril 2009 17:58:26

    Tu comptes installer quoi comme antivirus à la place ?

    Il reste des traces de NOD32.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS