Votre question

[Résolu] Pop up, Trojan....

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
13 Février 2009 19:59:34

bonjour. J'ai antivir et zonealarm. Internet explorer s'ouvre toutes les 5 min sur universal 101 (http://www.universal101.com/m.html) . Antivir détecte des trojan à chaque démarrage du pc. "ctrl alt supp" ne fonctionne plus et le gestionnaire des taches ne s'ouvre pas non plus à partir de la barre des taches, j'ai lu sur un forum une solution en allant dans "regedit" dans "exécuter" mais windows ne trouve pas "regedit".... pleins de problèmes. Merci pour votre aide!

Autres pages sur : resolu pop trojan

a c 296 8 Sécurité
13 Février 2009 20:29:46

Salut,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparait à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit\.
    m
    0
    l
    13 Février 2009 20:54:43

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by wiizer at 2009-02-13 20:50:07
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 20 GB (20%) free of 100 GB
    Total RAM: 2047 MB (40% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:50:44, on 13/02/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\windows\eHome\ehRecvr.exe
    C:\windows\eHome\ehSched.exe
    C:\windows\System32\GEARSec.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    C:\windows\system32\nvsvc32.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\windows\system32\PnkBstrA.exe
    C:\windows\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\windows\RTHDCPL.EXE
    C:\windows\System32\svchost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\windows\eHome\ehmsas.exe
    C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
    C:\Program Files\WinFast\WFDTV\WFWIZ.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
    C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\windows\system32\RUNDLL32.EXE
    C:\windows\system32\jwtch32.exe
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\Cyberlink\Shared Files\brs.exe
    C:\windows\system32\ctfmon.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\wiizer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\Documents and Settings\wiizer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Documents and Settings\wiizer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Documents and Settings\wiizer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\wiizer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    E:\Mes Documents\Downloads\RSIT.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\trend micro\wiizer.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dufpy.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\ONSPEED\PBHELPER.DLL (file missing)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll (file missing)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - E:\Mes Documents\Downloads\FindeXer win7 kit\FindeXer\FindeXer.dll
    O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\TOOLBAND.DLL (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
    O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
    O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
    O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
    O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE" /auto
    O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Microsoft netswitch] C:\windows\system32\jwtch32.exe
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [sTabLauncher] E:\Logiciel\sTabLauncher\sTabLauncher.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\wiizer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
    O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
    O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
    O4 - HKCU\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
    O4 - HKCU\..\Run: [sys32] C:\windows\system32\Windows_NT\vshost,.exe
    O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Global Startup: Air Mouse.lnk = C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
    O4 - Global Startup: Vuze.lnk = C:\Program Files\Azureus\Azureus.exe
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
    O20 - AppInit_DLLs: glcpwl.dll
    O20 - Winlogon Notify: Antiwpa - C:\windows\SYSTEM32\antiwpa.dll
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\windows\System32\appdrvrem01.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FAH@E:+Jeux+Far Cry 2+bin+FAH.exe - Unknown owner - E:\Jeux\Far Cry 2\bin\FAH.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\windows\System32\GEARSec.exe
    O23 - Service: Google Update Service (gupdate1c98b76b7e2157e) (gupdate1c98b76b7e2157e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 15080 bytes

    ======Scheduled tasks folder======

    C:\windows\tasks\AppleSoftwareUpdate.job
    C:\windows\tasks\Google Software Updater.job
    C:\windows\tasks\GoogleUpdateTaskMachine.job
    C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-861567501-839522115-1003.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4115122B-85FF-4DD3-9515-F075BEDE5EB5}]
    PBlockHelper Class - C:\Program Files\ONSPEED\PBHELPER.DLL []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9AA2F14F-E956-44B8-8694-A5B615CDF341}]
    NOW!Imaging - C:\Program Files\ONSPEED\components\NOWImaging.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-10 657904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD}]
    Loader Class - E:\Mes Documents\Downloads\FindeXer win7 kit\FindeXer\FindeXer.dll [2006-07-28 142848]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - ONSPEED - C:\Program Files\ONSPEED\TOOLBAND.DLL []

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"=C:\windows\system32\NvCpl.dll [2009-01-15 13680640]
    "RTHDCPL"=C:\windows\RTHDCPL.EXE [2007-03-21 16126464]
    "nwiz"=nwiz.exe /install []
    "JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
    "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
    "Alcmtr"=C:\windows\ALCMTR.EXE [2005-05-03 69632]
    "36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-03-21 1953792]
    "WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2007-02-12 69632]
    "WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2007-02-12 397312]
    "LogitechCommunicationsManager"=C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
    "pdfSaver3"= []
    "AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
    "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
    ""= []
    "Norton Ghost 9.0"=C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe [2004-07-29 1122304]
    "DrvIcon"=C:\Program Files\Vista Drive Icon\DrvIcon.exe []
    "MDDiskProtect.exe"=C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe [2005-04-15 106496]
    "Mediafour XPlay Tray Notification Icon"=C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE [2004-09-27 94208]
    "Mediafour Mac Volume Notifications"=C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE [2002-12-17 61440]
    "SlipStream"=C:\Program Files\ONSPEED\onspeedcore.exe []
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
    "NvMediaCenter"=C:\windows\system32\NvMcTray.dll [2009-01-15 86016]
    "Microsoft netswitch"=C:\windows\system32\jwtch32.exe [2009-02-12 49152]
    "RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
    "PDVD8LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
    "BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2009-02-13 91432]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-11-06 5724184]
    "ctfmon.exe"=C:\windows\system32\ctfmon.exe [2008-04-13 15360]
    "RocketDock"=C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
    "sTabLauncher"=E:\Logiciel\sTabLauncher\sTabLauncher.exe []
    "Google Update"=C:\Documents and Settings\wiizer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 133104]
    "H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
    "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-10 216520]
    "LClock"=C:\Program Files\LClock\LClock.exe []
    "ViStart"=C:\Program Files\ViStart\ViStart.exe []
    "ViOrb"=C:\Program Files\ViOrb\ViOrb.exe []
    "VisualTooltip"=C:\Program Files\VisualTooltip\VisualToolTip.exe []
    "sys32"=C:\windows\system32\Windows_NT\vshost []
    "RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-12-12 306088]
    "EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-02-06 3325952]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    E:\BitTorrent\bittorrent.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [2006-09-10 218032]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [2008-02-28 570664]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
    C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe [2004-07-29 1122304]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE [2009-02-10 161776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^wiizer^Menu Démarrer^Programmes^Démarrage^Enregistrement de produit Logitech.lnk]
    C:\PROGRA~1\Logitech\G51SKI~1\eReg.exe [2007-08-12 2979080]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "usnjsvc"=3
    "UleadBurningHelper"=2
    "ose"=3
    "odserv"=3
    "Nero BackItUp Scheduler 3"=2
    "iPod Service"=3
    "gusvc"=2
    "Bonjour Service"=2

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Air Mouse.lnk - C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
    Vuze.lnk - C:\Program Files\Azureus\Azureus.exe

    C:\Documents and Settings\wiizer\Menu Démarrer\Programmes\Démarrage
    RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="glcpwl.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa]
    C:\windows\system32\antiwpa.dll [2003-05-25 60416]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\windows\system32\WgaLogon.dll [2007-04-10 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{88485281-8b4b-4f8d-9ede-82e29a064277}"=C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 192512]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:p nkBstrA"
    "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:p nkBstrB"
    "E:\Jeux\SEGA Rally.exe"="E:\Jeux\SEGA Rally.exe:*:Enabled:SEGA Rally"
    "E:\Jeux\SEGA Rally_SSE1.exe"="E:\Jeux\SEGA Rally_SSE1.exe:*:Enabled:SEGA Rally"
    "E:\Jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="E:\Jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
    "E:\Jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="E:\Jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "E:\Jeux\Sega Rally\SEGA Rally.exe"="E:\Jeux\Sega Rally\SEGA Rally.exe:*:Enabled:SEGA Rally"
    "E:\Jeux\Sega Rally\SEGA Rally_SSE1.exe"="E:\Jeux\Sega Rally\SEGA Rally_SSE1.exe:*:Enabled:SEGA Rally"
    "E:\Jeux\Colin Mcrae Dirt\DiRT.exe"="E:\Jeux\Colin Mcrae Dirt\DiRT.exe:*:Enabled:D iRT Executable"
    "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
    "E:\Jeux\Unreal Tournament 3\Binaries\UT3.exe"="E:\Jeux\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3"
    "C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:D NA"
    "E:\BitTorrent\bittorrent.exe"="E:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "E:\Jeux\CoD4\Call of Duty 4 - Modern Warfare\iw3mp.exe"="E:\Jeux\CoD4\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
    "E:\Jeux\Supreme Commander Forged Alliance\GPGNet\GPG.Multiplayer.Client.exe"="E:\Jeux\Supreme Commander Forged Alliance\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance"
    "C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
    "C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe"="C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:*:D isabled:Adobe Photoshop Elements Media Server"
    "C:\Program Files\Podmailing\podmailing.exe"="C:\Program Files\Podmailing\podmailing.exe:*:Enabled:p odmailing Beta"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "E:\Jeux\Team Fortress 2\hl2.exe"="E:\Jeux\Team Fortress 2\hl2.exe:*:Enabled:hl2"
    "E:\Jeux\Grid\GRID.exe"="E:\Jeux\Grid\GRID.exe:*:Enabled:GRID Executable"
    "C:\Program Files\eMuleplus\eMule.exe"="C:\Program Files\eMuleplus\eMule.exe:*:Enabled:eMule Plus"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
    "C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
    "C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:p MSRegisterFile"
    "C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
    "E:\Program Files\Mass Effect\Binaries\MassEffect.exe"="E:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
    "E:\Program Files\Mass Effect\MassEffectLauncher.exe"="E:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
    "E:\Jeux\Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî\bin\xrEngine.exe"="E:\Jeux\Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî\bin\xrEngine.exe:*:Enabled:Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî (CLI)"
    "E:\Jeux\Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî\bin\dedicated\xrEngine.exe"="E:\Jeux\Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî\bin\dedicated\xrEngine.exe:*:Enabled:Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî (SRV)"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "E:\Jeux\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe"="E:\Jeux\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)"
    "E:\Jeux\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe"="E:\Jeux\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)"
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
    "E:\Jeux\Far Cry 2\bin\FarCry2.exe"="E:\Jeux\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
    "E:\Jeux\Far Cry 2\bin\FC2Launcher.exe"="E:\Jeux\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
    "E:\Jeux\Far Cry 2\bin\FC2Editor.exe"="E:\Jeux\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editeur"
    "E:\Jeux\Dead Space\Dead Space.exe"="E:\Jeux\Dead Space\Dead Space.exe:*:Enabled:D ead Space ™"
    "E:\Jeux\Call of Duty - World at War\CoDWaW.exe"="E:\Jeux\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
    "E:\Jeux\Call of Duty - World at War\CoDWaWmp.exe"="E:\Jeux\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
    "C:\Program Files\GameSpy\Comrade\Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade"
    "E:\Jeux\Left4Dead\hl2.exe"="E:\Jeux\Left4Dead\hl2.exe:*:Enabled:hl2"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:D isabled:BitComet - a BitTorrent Client"
    "C:\Program Files\Fichiers communs\XpressUpdate\XPressUpdate.exe"="C:\Program Files\Fichiers communs\XpressUpdate\XPressUpdate.exe:*:Enabled:XPressUpdate"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "E:\Jeux\Grand Theft Auto IV\LaunchGTAIV.exe"="E:\Jeux\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "E:\Jeux\Mirror's Edge\Binaries\MirrorsEdge.exe"="E:\Jeux\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"
    "C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
    "C:\Program Files\spooler.exe"="C:\Program Files\spooler.exe:*:Enabled:o tmspr"
    "E:\Jeux\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe"="E:\Jeux\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
    "E:\Jeux\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe"="E:\Jeux\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
    "E:\Jeux\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe"="E:\Jeux\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d478b3fa-8703-11dd-a146-001e8c548aaf}]
    shell\AutoRun\command - K:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d478b3fe-8703-11dd-a146-001e8c548aaf}]
    shell\AutoRun\command - M:\LaunchU3.exe -a


    ======List of files/folders created in the last 1 months======

    2009-02-13 20:50:07 ----D---- C:\rsit
    2009-02-13 16:46:57 ----D---- C:\Program Files\Badaboom
    2009-02-13 15:48:29 ----A---- C:\windows\Burnout(TM) Paradise The Ultimate Box Patch Log.txt
    2009-02-13 15:20:06 ----D---- C:\Documents and Settings\wiizer\Application Data\CyberLink
    2009-02-13 15:18:43 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
    2009-02-13 15:18:20 ----D---- C:\Program Files\Fichiers communs\CyberLink
    2009-02-13 15:17:55 ----A---- C:\windows\system32\jwtch32.exe
    2009-02-13 15:17:33 ----D---- C:\Program Files\CyberLink
    2009-02-13 15:15:52 ----D---- C:\Program Files\Cyberlink PowerDVD Ultra 8.0.1730
    2009-02-12 23:30:36 ----HDC---- C:\windows\$NtUninstallKB960715$
    2009-02-12 23:30:31 ----A---- C:\windows\imsins.BAK
    2009-02-10 18:04:55 ----D---- C:\Flobots.Fight.With.Tools[2007]-OriginalThought
    2009-02-10 18:04:55 ----D---- C:\Flobots - Platypus album[2005]
    2009-02-10 12:56:32 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
    2009-02-09 14:17:56 ----D---- C:\PART
    2009-02-08 14:05:19 ----D---- C:\Program Files\Rockstar Games
    2009-02-08 13:37:16 ----D---- C:\Program Files\SystemRequirementsLab
    2009-02-08 13:37:12 ----D---- C:\Documents and Settings\wiizer\Application Data\SystemRequirementsLab
    2009-02-07 20:33:29 ----D---- C:\Role Models DvdRip
    2009-02-03 18:35:01 ----D---- C:\Q3Ademo
    2009-02-03 10:27:23 ----D---- C:\windows\NV34921692.TMP
    2009-02-03 09:19:29 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts
    2009-02-01 22:32:33 ----D---- C:\Program Files\7-Zip
    2009-02-01 18:44:19 ----A---- C:\windows\system32\javaws.exe
    2009-02-01 18:44:19 ----A---- C:\windows\system32\javaw.exe
    2009-02-01 18:44:19 ----A---- C:\windows\system32\java.exe
    2009-02-01 14:00:12 ----D---- C:\Lavasoft Ad-Aware 2008 Pro 7.1.0.8+License-HeartBug
    2009-02-01 11:06:06 ----D---- C:\Program Files\Windows Live Safety Center
    2009-01-29 19:01:07 ----D---- C:\Program Files\WinAVI MP4 Converter
    2009-01-29 18:58:48 ----D---- C:\Lavasoft.Ad-Aware.2008.v7.1+Crack
    2009-01-29 18:58:26 ----D---- C:\Ad-Aware 2007 Professional Edition 7.0.1.6 + Crack [h33t] [CaZoR]
    2009-01-25 22:40:56 ----HDC---- C:\windows\$NtUninstallXPSEPSCLP$
    2009-01-25 19:09:10 ----D---- C:\Documents and Settings\wiizer\Application Data\SlipStream
    2009-01-25 15:49:27 ----D---- C:\Program Files\ONSPEED
    2009-01-25 15:49:27 ----A---- C:\windows\system32\sliprt.dll
    2009-01-25 00:17:36 ----D---- C:\Program Files\Code de la Route pour les Nuls
    2009-01-24 22:23:10 ----D---- C:\Program Files\Air Mouse
    2009-01-21 21:07:01 ----D---- C:\Documents and Settings\wiizer\Application Data\Crayon Physics Deluxe
    2009-01-21 20:55:27 ----D---- C:\Crayon Physics Deluxe
    2009-01-20 18:43:00 ----D---- C:\Armadillo_Run_1.0.3_Cracked_1000_levels
    2009-01-20 18:34:00 ----D---- C:\Program Files\Fichiers communs\Mediafour
    2009-01-20 18:33:50 ----D---- C:\Program Files\Mediafour
    2009-01-20 18:33:50 ----D---- C:\Documents and Settings\All Users\Application Data\Mediafour
    2009-01-19 18:40:14 ----D---- C:\XPlay 2
    2009-01-14 23:20:42 ----HDC---- C:\windows\$NtUninstallKB958687$

    ======List of files/folders modified in the last 1 months======

    2009-02-13 20:50:44 ----D---- C:\Program Files\Trend Micro
    2009-02-13 20:50:04 ----D---- C:\Documents and Settings\wiizer\Application Data\Azureus
    2009-02-13 20:26:17 ----D---- C:\windows\Temp
    2009-02-13 19:50:19 ----D---- C:\Program Files
    2009-02-13 19:46:58 ----D---- C:\windows\Prefetch
    2009-02-13 19:45:58 ----D---- C:\WINDOWS
    2009-02-13 19:45:25 ----D---- C:\windows\Registration
    2009-02-13 19:45:16 ----SD---- C:\windows\Tasks
    2009-02-13 19:44:56 ----D---- C:\windows\Internet Logs
    2009-02-13 19:43:31 ----D---- C:\windows\system32\CatRoot2
    2009-02-13 19:43:31 ----A---- C:\windows\SchedLgU.Txt
    2009-02-13 19:35:57 ----RSHD---- C:\windows\system32\Windows_NT
    2009-02-13 19:33:47 ----D---- C:\windows\Debug
    2009-02-13 15:44:00 ----SHD---- C:\windows\Installer
    2009-02-13 15:44:00 ----D---- C:\Config.Msi
    2009-02-13 15:25:00 ----HD---- C:\windows\inf
    2009-02-13 15:24:31 ----RSD---- C:\windows\assembly
    2009-02-13 15:23:57 ----D---- C:\windows\system32\DirectX
    2009-02-13 15:21:39 ----A---- C:\windows\NeroDigital.ini
    2009-02-13 15:19:43 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-02-13 15:18:22 ----AD---- C:\windows\system32
    2009-02-13 15:18:20 ----D---- C:\Program Files\Fichiers communs
    2009-02-13 15:18:19 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-02-13 15:16:11 ----A---- C:\windows\system32\msvcp71.dll
    2009-02-13 11:12:37 ----D---- C:\Program Files\Movie Maker
    2009-02-12 23:31:06 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2009-02-12 23:30:35 ----HD---- C:\windows\$hf_mig$
    2009-02-12 23:30:24 ----RSHDC---- C:\windows\system32\dllcache
    2009-02-12 23:30:21 ----D---- C:\Program Files\Internet Explorer
    2009-02-12 23:30:13 ----D---- C:\windows\ie7updates
    2009-02-12 20:00:38 ----D---- C:\Music
    2009-02-12 19:32:33 ----D---- C:\Program Files\Mozilla Firefox
    2009-02-12 15:19:37 ----D---- C:\Program Files\Windows Media Player
    2009-02-12 05:56:17 ----A---- C:\windows\system32\MRT.exe
    2009-02-10 23:32:12 ----D---- C:\Program Files\Google
    2009-02-10 21:00:54 ----D---- C:\Program Files\TimeAdjuster
    2009-02-10 18:48:29 ----D---- C:\Program Files\Steam
    2009-02-06 18:12:02 ----D---- C:\Program Files\Messenger Plus! Live
    2009-02-05 12:39:11 ----D---- C:\windows\system32\drivers
    2009-02-05 12:39:06 ----D---- C:\Program Files\Fichiers communs\logishrd
    2009-02-03 18:54:15 ----D---- C:\windows\system
    2009-02-03 18:44:22 ----D---- C:\Program Files\eMule
    2009-02-03 10:30:59 ----D---- C:\windows\Help
    2009-02-03 10:30:57 ----D---- C:\windows\nview
    2009-02-03 10:29:14 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2009-02-03 10:28:34 ----D---- C:\Program Files\AGEIA Technologies
    2009-02-03 10:26:53 ----D---- C:\windows\system32\ReinstallBackups
    2009-02-01 18:44:18 ----D---- C:\Program Files\Java
    2009-02-01 18:44:01 ----A---- C:\windows\system32\PerfStringBackup.INI
    2009-01-30 19:13:18 ----D---- C:\Documents and Settings\wiizer\Application Data\LimeWire
    2009-01-28 23:31:03 ----D---- C:\Program Files\Azureus
    2009-01-25 22:47:19 ----D---- C:\windows\Microsoft.NET
    2009-01-25 22:40:17 ----D---- C:\windows\system32\fr-fr
    2009-01-25 22:40:14 ----D---- C:\windows\system32\XPSViewer
    2009-01-25 22:36:12 ----D---- C:\windows\system32\CatRoot
    2009-01-25 22:33:36 ----D---- C:\windows\system32\en-us
    2009-01-24 23:23:16 ----D---- C:\Documents and Settings\wiizer\Application Data\Macromedia
    2009-01-24 22:18:20 ----D---- C:\windows\Downloaded Installations
    2009-01-24 18:52:10 ----D---- C:\windows\speech
    2009-01-24 18:48:07 ----D---- C:\Documents and Settings\wiizer\Application Data\InstallShield Installation Information
    2009-01-24 15:33:16 ----D---- C:\Program Files\Partouche
    2009-01-23 21:11:46 ----A---- C:\windows\ULEAD32.INI
    2009-01-20 18:42:37 ----A---- C:\windows\win.ini
    2009-01-16 21:15:42 ----A---- C:\windows\system32\mshtml.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nwiz.exe
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwssr.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwss.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrszht.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrszhc.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrstr.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsth.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrssv.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrssl.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrssk.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsru.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsptb.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrspt.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrspl.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsno.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsnl.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsko.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsja.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsit.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrshu.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrshe.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsfr.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsfi.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsesm.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrses.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrseng.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsel.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsde.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsda.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrscs.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsar.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwimg.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwdmcpl.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwddi.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvvitvsr.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvvitvs.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvudisp.exe
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvsvc32.exe
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvshell.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrszht.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrszhc.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrstr.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsth.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrssv.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrssl.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrssk.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsru.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsptb.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrspt.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrspl.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsno.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsnl.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsko.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsja.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsit.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrshu.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrshe.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsfr.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsfi.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsesm.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrses.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrseng.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsel.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsde.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsda.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrscs.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsar.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvoglnt.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvmoblsr.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvmobls.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvmctray.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvmccssr.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvmccss.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvmccsrs.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvmccs.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nview.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvgamesr.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvgames.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvdspsch.exe
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvdispsr.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvdisps.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvcuda.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvcpluir.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvcplui.exe
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvcpl.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvcolor.exe
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvcodins.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvcod.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvappbar.exe
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvapi.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nv4_disp.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\keystone.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 appdrv01;Application Driver (01); C:\windows\System32\Drivers\appdrv01.sys [2008-09-22 2915944]
    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
    R1 avipbb;avipbb; C:\windows\system32\DRIVERS\avipbb.sys [2008-11-26 75072]
    R1 GEARAspiWDM;GearAspiWDM; C:\windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R1 intelppm;Pilote de processeur Intel; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
    R1 kbdhid;Pilote HID de clavier; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
    R1 KLIF;KLIF; C:\windows\system32\DRIVERS\klif.sys [2007-07-19 127768]
    R1 MDFSYSNT;MDFSYSNT; C:\windows\system32\drivers\MDFSYSNT.sys [2006-09-13 213888]
    R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
    R1 PQIMount;PQIMount; C:\windows\system32\drivers\PQIMount.sys [2004-07-29 46779]
    R1 SCDEmu;SCDEmu; C:\windows\system32\drivers\SCDEmu.sys [2008-06-12 56108]
    R1 ssmdrv;ssmdrv; C:\windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
    R1 vsdatant;vsdatant; C:\windows\System32\vsdatant.sys [2008-07-09 394952]
    R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\windows\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl []
    R2 atksgt;atksgt; C:\windows\system32\DRIVERS\atksgt.sys [2008-11-12 279712]
    R2 CX23880;WinFast CX2388x WDM Video Capture.; C:\windows\system32\drivers\cx88vid.sys [2006-10-18 162944]
    R2 CXAVXBAR;WinFast CX2388x WDM Crossbar.; C:\windows\system32\drivers\cxavxbar.sys [2006-10-18 9728]
    R2 CXTUNE;WinFast CX2388x WDM TVTuner.; C:\windows\system32\drivers\CX88TUNE.sys [2006-10-18 50816]
    R2 lirsgt;lirsgt; C:\windows\system32\DRIVERS\lirsgt.sys [2008-11-12 25888]
    R3 Arp1394;Protocole client ARP 1394; C:\windows\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\windows\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
    R3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\windows\system32\DRIVERS\Camdrl.sys [2007-02-03 1075360]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 hidusb;Pilote de classe HID Microsoft; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\windows\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
    R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\windows\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
    R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\windows\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2007-03-26 4395008]
    R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\windows\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
    R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\windows\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
    R3 LVUSBSta;Logitech USB Monitor Filter; C:\windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
    R3 MarvinBus;Pinnacle Marvin Bus; C:\windows\system32\DRIVERS\MarvinBus.sys [2005-06-02 171008]
    R3 mouhid;Pilote HID de souris; C:\windows\system32\DRIVERS\mouhid.sys [2004-08-10 12288]
    R3 MTsensor;ATK0110 ACPI UTILITY; C:\windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
    R3 NIC1394;Pilote réseau 1394; C:\windows\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2009-01-15 6301248]
    R3 usbaudio;Pilote USB audio (WDM); C:\windows\system32\drivers\usbaudio.sys [2008-04-13 60032]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\windows\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\windows\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbprint;Classe d'imprimantes USB Microsoft; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    R3 usbscan;Pilote de scanneur USB; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS []
    R3 xnacc;Microsoft Common Controller For Windows Driver Service; C:\windows\system32\DRIVERS\xnacc.sys [2006-06-01 509440]
    S1 DVDRC;DVDRC; C:\windows\System32\drivers\DVDRC.sys []
    S1 efbDisk;efbDisk; C:\windows\system32\drivers\efbDisk.sys []
    S3 a473v2u7;a473v2u7; C:\windows\system32\drivers\a473v2u7.sys []
    S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
    S3 ASAPIW2K;ASAPIW2K; \??\C:\WINDOWS\system32\Drivers\asapiW2k.sys []
    S3 BT;Bluetooth PAN Network Adapter; C:\windows\system32\DRIVERS\btnetdrv.sys []
    S3 CCDECODE;Décodeur sous-titre fermé; C:\windows\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys []
    S3 LVcKap;Logitech AEC Driver; C:\windows\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
    S3 MHNDRV;Pilote MHN; C:\windows\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\windows\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\windows\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\windows\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 SLIP;Détrameur décalage BDA; C:\windows\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USBAAPL;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
    S3 VComm;Virtual Serial port driver; C:\windows\system32\DRIVERS\VComm.sys []
    S3 VcommMgr;Bluetooth VComm Manager Service; C:\windows\System32\Drivers\VcommMgr.sys []
    S3 WpdUsb;WpdUsb; C:\windows\System32\Drivers\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;Codec Teletext standard; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 ehRecvr;Media Center Receiver Service; C:\windows\eHome\ehRecvr.exe [2004-08-10 194560]
    R2 ehSched;Service de planification Media Center; C:\windows\eHome\ehSched.exe [2004-08-10 103424]
    R2 GEARSecurity;GEARSecurity; C:\windows\System32\GEARSec.exe [2004-07-29 53248]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
    R2 LVCOMSer;LVCOMSer; C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
    R2 LVPrcSrv;Process Monitor; C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
    R2 Norton Ghost;Norton Ghost; C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe [2004-07-29 1269760]
    R2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvsvc32.exe [2009-01-15 163908]
    R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
    R2 PnkBstrA;PnkBstrA; C:\windows\system32\PnkBstrA.exe [2008-11-13 66872]
    R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
    R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
    R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\windows\System32\appdrvrem01.exe [2008-09-22 304528]
    S2 FAH@E:+Jeux+Far Cry 2+bin+FAH.exe;FAH@E:+Jeux+Far Cry 2+bin+FAH.exe; E:\Jeux\Far Cry 2\bin\FAH.exe -svcstart []
    S2 gupdate1c98b76b7e2157e;Google Update Service (gupdate1c98b76b7e2157e); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
    S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-10 182768]
    S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
    S3 aspnet_state;Service d'état ASP.NET; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-07 654848]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
    S3 idsvc;Windows CardSpace; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
    S3 MHN;MHN; C:\windows\System32\svchost.exe [2008-04-13 14336]
    S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-13 14336]
    S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
    S4 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]

    -----------------EOF-----------------




















    info.txt logfile of random's system information tool 1.05 2009-02-13 20:50:50

    ======Uninstall list======

    -->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->C:\WINDOWS\UNRecode.exe /UNINSTALL
    -->MsiExec /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
    -->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    7-Zip 4.64-->"C:\Program Files\7-Zip\Uninstall.exe"
    Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78
    m
    0
    l
    Contenus similaires
    a c 296 8 Sécurité
    13 Février 2009 20:58:22

  • Fais analyser le fichier suivant : C:\windows\system32\jwtch32.exe

  • Sur VirusTotal et poste le lien de l'analyse.
    m
    0
    l
    13 Février 2009 20:59:49

    info.txt logfile of random's system information tool 1.05 2009-02-13 20:50:50

    ======Uninstall list======

    -->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->C:\WINDOWS\UNRecode.exe /UNINSTALL
    -->MsiExec /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
    -->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    7-Zip 4.64-->"C:\Program Files\7-Zip\Uninstall.exe"
    Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Adobe Color Common Settings-->C:\Program Files\Fichiers communs\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
    Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
    Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
    Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
    Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe ExtendScript Toolkit 2-->C:\Program Files\Fichiers communs\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
    Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
    Adobe Flash Player 10 Plugin-->C:\windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player ActiveX-->C:\windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
    Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
    Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
    Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
    Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
    Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
    Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
    Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
    Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
    Air Mouse Server-->MsiExec.exe /I{C61E3A15-3023-4E69-9C20-57DC25B92945}
    Alice ADSL - Installation principale-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE5D7CE8-27E7-4452-AF33-F38F074BBD08}\setup.exe" -l0x40c -eth -pri
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Assassin's Creed-->"E:\Logiciels\Kso-Steam\steam.exe" steam://uninstall/15100
    Assistant de connexion Windows Live-->MsiExec.exe /I{D6E592B3-67DA-4BBB-9783-E1838FB253A2}
    Attansic Ethernet Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
    Attansic L1 Gigabit Ethernet Driver-->rundll32.exe C:\WINDOWS\system32\Attansic\L1\atcInst.dll,AtcUninst C:\WINDOWS\system32\Attansic\L1 x86 1969 1048 L1
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
    Azureus-->C:\Program Files\Azureus\Uninstall.exe
    Badaboom 1.1.1.194-->C:\Program Files\Badaboom\uninst.exe
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    BS.Player FREE powered by AdVantage-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
    Burnout(TM) Paradise The Ultimate Box-->MsiExec.exe /X{9A996B6A-846E-4A89-B9C4-17546B7BE49F}
    Call of Duty(R) - World at War(TM) 1.1 Patch-->C:\Program Files\InstallShield Installation Information\{AFAE2B15-89A0-4215-A030-F7B5B478886B}\setup.exe -runfromtemp -l0x0409
    Call of Duty(R) - World at War(TM)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0409
    Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
    Camtasia Studio 6-->MsiExec.exe /I{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Coffret de pilotes Logitech QuickCam-->"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
    Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\windows\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Crayon Physics Deluxe - release 51-->"E:\jeux\Crayon Physics Deluxe\unins000.exe"
    CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall
    Dead Space™-->MsiExec.exe /X{4D87DC92-C328-46EC-A7B4-9C88129DC696}
    DEVIL MAY CRY 4-->MsiExec.exe /I{D4E5A687-797D-44B1-8F96-4FD7A24166A9}
    EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
    Easy Mosaic Trial Edition V8.0-->"C:\Program Files\Easy Mosaic V8 Trial\unins000.exe"
    EmoDio-->"C:\Program Files\InstallShield Installation Information\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\setup.exe" -runfromtemp -l0x040c -removeonly
    EmoDio-->MsiExec.exe /X{C20CE592-B0F8-4D20-BF31-0151CA6331A6}
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    Far Cry 2-->"C:\Program Files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x040c -removeonly
    Frets On Fire-->"E:\Jeux\Frets on Fire\Uninstall.exe"
    G51 Skins-->MsiExec.exe /X{B446F5BC-0503-452D-B9B9-37B782A51FB1}
    Galerie de photos Windows Live-->MsiExec.exe /X{43563ACB-371B-4C58-8979-B192B390424C}
    GEAR 32bit Driver Installer-->MsiExec.exe /X{E89B484C-B913-49A0-959B-89E836001658}
    GeoGebra-->"C:\Program Files\GeoGebra\UninstallerData\Uninstaller.exe"
    Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
    GPGNet-->MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
    Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x040c -removeonly
    GRID-->"C:\Program Files\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe" -runfromtemp -l0x040c -removeonly
    Half-Life 2: Episode One-->"E:\Logiciels\Kso-Steam\steam.exe" steam://uninstall/380
    Half-Life 2: Episode Two-->"E:\Logiciels\Kso-Steam\steam.exe" steam://uninstall/420
    Heroes of Might & Magic V: Hammers of Fate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66FF4C48-0083-4E60-8556-B883AB200091}\setup.exe" -l0x40c
    Heroes of Might and Magic V Collector Edition-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DDB68A90-340C-42B9-B42B-D2CBED1B91DC}\setup.exe" -l0x40c
    Heroes of Might and Magic V-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20071984-5EB1-4881-8EDB-082532ACEC6D}\Setup.exe" -l0x40c
    High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\windows\$NtUninstallKB929399$\spuninst\spuninst.exe"
    HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
    HP Document Viewer 7.0-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
    HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
    HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
    HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
    HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
    HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
    HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
    Ïåíóìáðà 2. Äíåâíèêè ìåðòâåöîâ-->C:\WINDOWS\IsUninstR.Exe -fe:\jeux\PENUMB~1\DeIsL1.isu -ce:\jeux\PENUMB~1\PENUMB~1.DLL
    IconTweaker 1.12-->"C:\Program Files\IconTweaker\Uninstall.exe"
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x40c -removeonly
    Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
    Lame ACM MP3 Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
    Left 4 Dead v1.0.0.5-->"E:\Jeux\Left4Dead\unins000.exe"
    LEGO® Indiana Jones™-->C:\Program Files\InstallShield Installation Information\{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}\setup.exe -runfromtemp -l0x040c
    LimeWire PRO 4.18.1-->"C:\Program Files\LimeWire\uninstall.exe"
    LiveUpdate 2.0 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
    Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
    Mass Effect-->C:\Program Files\Fichiers communs\BioWare\Uninstall Mass Effect.exe
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
    Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
    Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
    Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
    Microsoft .NET Framework 3.5-->c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
    Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
    Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
    Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
    Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
    Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\windows\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
    Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
    Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\windows\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\windows\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\windows\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\windows\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\windows\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\windows\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\windows\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\windows\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\windows\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\windows\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\windows\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\windows\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\windows\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\windows\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\windows\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\windows\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\windows\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\windows\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\windows\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\windows\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\windows\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\windows\$NtUninstallKB955839$\spuninst\spuninst.exe"
    MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
    Module linguistique Microsoft .NET Framework 3.5 - fra-->c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe
    Movies2iPhone .74b-->C:\Program Files\Movies2iPhone\uninst.exe
    Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
    MyFreeCodec-->C:\Program Files\MyFree Codec\09c beta\uninstall.exe
    Nero 8 Trial-->MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891036}
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    Norton Ghost 9.0-->MsiExec.exe /X{3C759736-8347-4031-BB9C-D75ADFE6B101}
    NVIDIA Drivers-->C:\windows\system32\nvuninst.exe UninstallGUI
    NVIDIA PhysX-->MsiExec.exe /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
    Oblivion-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
    OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
    ONSPEED-->C:\Program Files\ONSPEED\uninstall\uninstall.exe
    OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
    OpenOffice.org 2.4-->MsiExec.exe /I{B6694BAA-7604-46AA-A41F-B5F1E6DADE7A}
    Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
    Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_1F9DE4E49C97F59EE9F75C34E0E91E568FC9EEB2\amdk8.inf
    Partouche-->C:\Program Files\Partouche\uninst.exe
    PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
    PunkBuster Services-->C:\windows\system32\pbsvc.exe -u
    Quake 3 Arena Demo-->C:\windows\unvise32.exe c:\Q3Ademo\uninstal.log
    QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
    Réussir son Code de la Route Auto-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E42B81C-1B14-4185-A84A-F91F8B5ED10C}\SETUP.EXE" -l0x40c
    RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe"
    Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x040c -removeonly
    S.T.A.L.K.E.R. - Clear Sky [v1.0005]-->"E:\Jeux\S.T.A.L.K.E.R. - Clear Sky\unins000.exe"
    Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
    Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
    Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
    SIW version 2008-09-03-->"C:\Program Files\SIW\unins000.exe"
    Source SDK Base - Orange Box-->"E:\Logiciels\Kso-Steam\steam.exe" steam://uninstall/218
    Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
    Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
    Tomb Raider: Underworld 1.0-->E:\Jeux\Tomb Raider - Underworld\uninst.exe
    Total Annihilation-->E:\JEUX\TOTALA\setup.exe -u
    Ulead PhotoImpact 6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0F02CE0-491C-11D4-A44A-0000E86D2305}\setup.exe"
    Universe at War Earth Assault-->19
    Unreal Tournament 3-->MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
    Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
    Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Outlook 2007 Junk Email Filter (kb959634)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {50C77E2F-5C1C-467D-9BC8-3CA07D28C9F2}
    VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Vuze-->C:\Program Files\Azureus\uninstall.exe
    Warhammer 40,000: Dawn of War II - Beta-->"C:\Program Files\Steam\steam.exe" steam://uninstall/15660
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
    Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
    Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
    Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
    Windows Live Sync-->MsiExec.exe /X{67D0313C-4F15-437D-9A2D-C1564088A26A}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\windows\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
    Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    Windows XP Service Pack 3-->"C:\windows\$NtServicePackUninstall$\spuninst\spuninst.exe"
    WinFast PVR2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C92C584E-C781-475E-A8E2-C67D993A6B95}\Setup.exe" -l0x40c -removeonly
    WinFast TV2000XP Global Driver -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93461FB1-59B0-4BF4-A302-537684CF4ED0}\setup.exe" -l0x40c -removeonly
    WinSCP 4.1.8-->"C:\Program Files\WinSCP\unins000.exe"
    Xbox 360 Controller for Windows-->"C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"
    XML Paper Specification Shared Components Language Pack 1.0-->"C:\windows\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
    XPlay 2-->MsiExec.exe /X{C249CFB9-5FFC-4650-B78E-79B03622A355}
    XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"
    ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

    ======Security center information======

    AV: ZoneAlarm Security Suite Antivirus (disabled) (outdated)
    AV: Avira AntiVir PersonalEdition
    FW: ZoneAlarm Firewall

    System event log

    Computer Name: WIIZER-0C1703CA
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).

    Record Number: 24794
    Source Name: Service Control Manager
    Time Written: 20090121184957.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: WIIZER-0C1703CA
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Application système COM+.

    Record Number: 24793
    Source Name: Service Control Manager
    Time Written: 20090121184957.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: WIIZER-0C1703CA
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Logitech LVPr2Mon Driver.

    Record Number: 24792
    Source Name: Service Control Manager
    Time Written: 20090121184956.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: WIIZER-0C1703CA
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.

    Record Number: 24791
    Source Name: Service Control Manager
    Time Written: 20090121184956.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: WIIZER-0C1703CA
    Event Code: 7036
    Message: Le service Téléphonie est entré dans l'état : en cours d'exécution.

    Record Number: 24790
    Source Name: Service Control Manager
    Time Written: 20090121184956.000000+060
    Event Type: Informations
    User:

    Application event log

    Computer Name: WIIZER-0C1703CA
    Event Code: 100
    Message: Description: Norton Ghost service started successfully.
    Details:
    Source: Norton Ghost 9.0

    Record Number: 15551
    Source Name: Norton Ghost 9.0
    Time Written: 20090108090654.000000+060
    Event Type: Informations
    User:

    Computer Name: WIIZER-0C1703CA
    Event Code: 4096
    Message: The AntiVir service has been started successfully!

    Record Number: 15550
    Source Name: Avira AntiVir
    Time Written: 20090108090652.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: WIIZER-0C1703CA
    Event Code: 1800
    Message: Le service Centre de sécurité Windows a démarré.

    Record Number: 15549
    Source Name: SecurityCenter
    Time Written: 20090108090652.000000+060
    Event Type: Informations
    User:

    Computer Name: WIIZER-0C1703CA
    Event Code: 105
    Message: The service was started.

    Record Number: 15548
    Source Name: PLFlash DeviceIoControl Service
    Time Written: 20090108090651.000000+060
    Event Type: Informations
    User:

    Computer Name: WIIZER-0C1703CA
    Event Code: 0
    Message:
    Record Number: 15547
    Source Name: LVCOMSer
    Time Written: 20090108090647.000000+060
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727;C:\Program Files\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
    "PROCESSOR_REVISION"=1706
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "tvdumpflags"=8
    "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "RGSCLauncher"=C:\Program Files\Rockstar Games\Rockstar Games Social Club
    "RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0

    -----------------EOF-----------------

    m
    0
    l
    13 Février 2009 21:12:46

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.93 2009.02.13 -
    AhnLab-V3 5.0.0.2 2009.02.13 -
    AntiVir 7.9.0.79 2009.02.13 -
    Authentium 5.1.0.4 2009.02.13 -
    Avast 4.8.1335.0 2009.02.12 -
    AVG 8.0.0.237 2009.02.13 -
    BitDefender 7.2 2009.02.13 -
    CAT-QuickHeal 10.00 2009.02.13 -
    ClamAV 0.94.1 2009.02.13 -
    Comodo 976 2009.02.13 -
    DrWeb 4.44.0.09170 2009.02.13 -
    eSafe 7.0.17.0 2009.02.12 -
    eTrust-Vet 31.6.6356 2009.02.13 -
    F-Prot 4.4.4.56 2009.02.13 -
    F-Secure 8.0.14470.0 2009.02.13 -
    Fortinet 3.117.0.0 2009.02.13 -
    GData 19 2009.02.13 -
    Ikarus T3.1.1.45.0 2009.02.13 -
    K7AntiVirus 7.10.629 2009.02.13 -
    Kaspersky 7.0.0.125 2009.02.13 -
    McAfee 5524 2009.02.12 -
    McAfee+Artemis 5524 2009.02.12 -
    Microsoft 1.4306 2009.02.13 -
    NOD32 3851 2009.02.13 -
    Norman 6.00.02 2009.02.13 -
    nProtect 2009.1.8.0 2009.02.13 -
    Panda 10.0.0.10 2009.02.13 -
    PCTools 4.4.2.0 2009.02.13 -
    Prevx1 V2 2009.02.13 -
    Rising 21.16.42.00 2009.02.13 -
    SecureWeb-Gateway 6.7.6 2009.02.13 -
    Sophos 4.38.0 2009.02.13 -
    Sunbelt 3.2.1851.2 2009.02.12 -
    Symantec 10 2009.02.13 -
    TheHacker 6.3.2.0.255 2009.02.13 -
    TrendMicro 8.700.0.1004 2009.02.13 -
    VBA32 3.12.8.12 2009.02.13 -
    ViRobot 2009.2.13.1605 2009.02.13 -
    VirusBuster 4.5.11.0 2009.02.13 -
    Information additionnelle
    File size: 49152 bytes
    MD5...: acba6ded5664a5250bc27d2ba3e987ce
    SHA1..: a5e35a30dc48cadb7d4df69ecdd10837d091215e
    SHA256: 20b22ad21d35898a388128d4bab0888c941653e57b2a1b7e6402fee95470fa95
    SHA512: e1e54228519777c058397dc345a7a3ebe3d34b52511e6006fa052196dd329990
    6627a6c407e01a6d48755cbd99fd03c808f46951c027f1d2e4bdd005480fff8e
    ssdeep: 384:wyyB1UM/5caJUHzhD6stp2CV6A3fw9LknImk2DyZBFrY3LDbgaSWxZgeBSn:
    ERzUBT2CNYywfZLru3Pgcy
    PEiD..: -
    TrID..: File type identification
    Win32 Executable Generic (42.3%)
    Win32 Dynamic Link Library (generic) (37.6%)
    Generic Win/DOS Executable (9.9%)
    DOS Executable Generic (9.9%)
    VXD Driver (0.1%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x1000
    timedatestamp.....: 0x499443ca (Thu Feb 12 15:44:10 2009)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x1654 0x1800 7.06 e3bfebef87bcb3ed9b16f87df6717281
    .data 0x3000 0x3e28 0x4000 4.33 d97efed00353dfc5e6dd61bf16257f41
    .rsrc 0x7000 0x659c 0x6600 5.72 2ce36597ff732bd71edc77175d9129b9

    ( 3 imports )
    > kernel32.dll: CreateMutexA, GetLastError, GetModuleHandleA, LoadLibraryA, GetProcAddress, Sleep, FreeLibrary, ExitProcess, RtlZeroMemory, RtlMoveMemory, CreateFileA, WriteFile, CloseHandle, TerminateThread, TerminateProcess, GetSystemDirectoryA, GlobalAlloc, GlobalLock, GlobalHandle, GlobalUnlock, GlobalFree, FlushFileBuffers
    > user32.dll: DialogBoxParamA, LoadIconA, SendMessageA, SetDlgItemTextA, EndDialog, GetClassNameA, GetWindowThreadProcessId, ShowWindowAsync
    > comctl32.dll: InitCommonControls

    ( 0 exports )
    m
    0
    l
    a c 296 8 Sécurité
    13 Février 2009 21:38:42

    Merci ;) 

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher.
  • L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    m
    0
    l
    13 Février 2009 21:51:34

    Malwarebytes' Anti-Malware 1.34
    Version de la base de données: 1760
    Windows 5.1.2600 Service Pack 3

    13/02/2009 21:49:50
    mbam-log-2009-02-13 (21-49-50).txt

    Type de recherche: Examen rapide
    Eléments examinés: 75714
    Temps écoulé: 7 minute(s), 35 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 3

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa (Trojan.I.Stole.Windows) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\WINDOWS\system32\system32 (Trojan.Agent) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\system32\klog.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot.
    C:\Documents and Settings\wiizer\Application Data\addon.dat (Malware.Trace) -> Quarantined and deleted successfully.

    m
    0
    l
    a c 296 8 Sécurité
    13 Février 2009 21:55:37

  • Relance MBAM, va dans Quarantaine et supprime tout.

    ---> Télécharge JavaRa.zip (de Paul 'Prm753' McLain et Fred de Vries) sur ton Bureau.
    (Sur le site, il faut cliquer sur Download Windows Binary (.zip file))
  • Décompresse le fichier sur le Bureau (Clic droit > Extraire tout).
  • Double-clique sur le répertoire JavaRa.
  • Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher).
  • Choisis Français puis clique sur Select.
  • Clique sur Recherche de mises à jour.
  • Sélectionne Mettre à jour via jucheck.exe puis clique sur Rechercher.
  • Autorise le processus à se connecter s'il le demande, clique sur Installer et suis les instructions d'installation qui prennent quelques minutes.
  • L'installation est terminée, reviens à l'écran de JavaRa et clique sur Effacer les anciennes versions.
  • Clique sur Oui pour confirmer. Laisse travailler et clique ensuite sur OK, puis une deuxième fois sur OK.
  • Un rapport va s'ouvrir. Poste-le dans ta prochaine réponse.
  • Ferme l'application.

    Note : le rapport se trouve aussi dans C:\ sous le nom JavaRa.log.
    m
    0
    l
    13 Février 2009 22:18:37

    JavaRa 1.13 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Fri Feb 13 22:17:37 2009

    Found and removed: C:\Program Files\Java\jre1.6.0_05

    Found and removed: C:\Program Files\Java\jre1.6.0_07

    Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

    Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

    Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

    Found and removed: Software\Classes\JavaPlugin.160_05

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

    Found and removed: Software\JavaSoft\Java2D\1.6.0_05

    Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

    ------------------------------------

    Finished reporting.



    m
    0
    l
    a c 296 8 Sécurité
    13 Février 2009 22:46:03

  • Supprime JavaRa.

    Antivir existe en français, ça t'intéresse ?
    m
    0
    l
    13 Février 2009 22:48:58

    euh je sais, mais ça me gène pas =)
    j'ai toujours la pub...
    m
    0
    l
    a c 296 8 Sécurité
    13 Février 2009 22:52:50

    On est en train de regarder pour le fichier que tu as uploadé. Il a peut-être un rapport avec tes pubs.

  • Désinstalle Antivir en anglais.
  • Redémarre ton PC.

  • Installe Antivir et mets-le à jour.
  • Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.
  • Dans Antivir, choisis Outils puis Configuration.
  • Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.
  • Fais un scan complet et poste le rapport.
    m
    0
    l
    13 Février 2009 23:37:40

    ok pendant le scan quand il détecte les virus, je suis ses indications ou je choisis tout le temps supprimer ?
    m
    0
    l
    a c 296 8 Sécurité
    13 Février 2009 23:39:38

    Mets en quarantaine.

    Fais-moi ceci aussi :

  • Menu Démarrer > Exécuter > Tape regedit et valide. L'éditeur de registre va s'ouvrir.
  • Navigue avec les + et les - jusqu'à  la clé :

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security


  • Clique successivement sur Fichier puis sur Exporter et enregistre le fichier à un endroit que tu connais (le Bureau par exemple).
  • Ferme le registre.
  • Clique droit sur le fichier que tu as enregistré et choisis Modifier.
  • Le Bloc-notes s'ouvre avec le contenu de la clé.
  • Copie-le dans ta réponse.
    m
    0
    l
    13 Février 2009 23:45:20

    " windows ne trouve pas 'regedit' ..."
    m
    0
    l
    a c 296 8 Sécurité
    13 Février 2009 23:50:34

    Tu n'as pas regedit dans C:\Windows ?
    m
    0
    l
    13 Février 2009 23:50:59

    pourtant j'ai bien un fichier "regedit.exe" dans C:\Windows mais quand je le lances il me remet " windows ne trouve pas 'regedit.exe' ..."
    m
    0
    l
    a c 296 8 Sécurité
    13 Février 2009 23:58:23

  • Télécharge DirLook sur ton Bureau.
  • Double-clique sur DirLook.exe pour lance l'outil.
  • Vérifie que les deux cases situées derrière "Show hidden files/folders:" et "BBCode Output:" soient cochées.
  • Copie le texte ci-dessous :

    C:\windows\system32\Windows_NT


  • Dans la petite fenêtre de DirLook, faire un clic droit dans la zone blanche et choisir Coller.
    Note : les lignes sélectionnées précédemment doivent avoir été recopiées dans la zone blanche de DirLook.

  • Clique sur le bouton DirLook pour lancer la recherche. Lorsque l'outil a terminé cette recherche, le Bloc-notes s'ouvre.
    Note : Dans le Bloc-notes, vérifie dans le menu Format (en haut) que l'option "Retour automatique à la ligne" n'est pas cochée.

  • Enregistre le rapport sous le nom DirLook1.txt et ferme le Bloc-notes.
  • Ferme DirLook en cliquant sur le bouton Exit puis poste le rapport.
    m
    0
    l
    14 Février 2009 00:01:40

    DirLook.exe v2.0 by jpshortstuff
    Log created at 00:01 on 14/02/2009
    ==================================
    Contents of "C:\windows\system32\Windows_NT"

    ---FOLDERS---

    (none found)

    ---FILES---

    funcoes.dll (33396 bytes - created on 08/10/2005 at 15:07, modified on 08/10/2005 at 15:07) -rahsc
    logs.dat (919970 bytes - created on 06/11/2005 at 01:04, modified on 06/11/2005 at 01:04) --ah-c
    Thumb.dll (33388 bytes - created on 10/12/2005 at 02:47, modified on 10/12/2005 at 02:47) -rahsc

    ==================================
    =EOF=
    m
    0
    l
    a c 296 8 Sécurité
    14 Février 2009 00:06:25

    Ok, le scan avec Antivir se poursuit ?
    m
    0
    l
    14 Février 2009 00:08:48

    11.2 pourcent, c'est très long. je pense que le rapport sera pour demain.
    m
    0
    l
    a c 296 8 Sécurité
    14 Février 2009 00:09:50

    Pas de problème, j'aurai peut-être plus d'infos demain.
    m
    0
    l
    14 Février 2009 00:18:24

    ok merci pour votre aide. bonne nuit
    m
    0
    l
    a c 296 8 Sécurité
    14 Février 2009 00:23:31

    Tu peux déjà faire ça :

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Double-clique sur OTMoveIt3.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :files
    C:\windows\system32\jwtch32.exe

    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Microsoft netswitch"=-

    :commands
    [purity]
    [emptytemp]
    [start explorer]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    m
    0
    l
    14 Février 2009 11:50:56

    Antivir détecte à chaque démarrage C:\Program Files\spooler.exe quelque soit le choix fait il revient.
    je ne trouvais pas le rappport à l'endroit indiqué, mais je pense que c'est la même chose que le fichier txt qui s'est ouvert au démarage que je vous post :

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    C:\windows\system32\jwtch32.exe moved successfully.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft netswitch deleted successfully.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\hsperfdata_wiizer\4564 scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\e4j4.tmp_dir432\exe4jlib.jar scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\etilqs_OvqBEpvBNyWJ1oc scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-gdip-win32-3448.dll scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-win32-3448.dll scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\~DFA8C9.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\windows\temp\Perflib_Perfdata_944.dat scheduled to be deleted on reboot.
    File delete failed. C:\windows\temp\ZLT00090.TMP scheduled to be deleted on reboot.
    File delete failed. C:\windows\temp\ZLT0014d.TMP scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02142009_114032

    Files moved on Reboot...
    File C:\DOCUME~1\wiizer\LOCALS~1\Temp\hsperfdata_wiizer\4564 not found!
    C:\DOCUME~1\wiizer\LOCALS~1\Temp\e4j4.tmp_dir432\exe4jlib.jar moved successfully.
    File C:\DOCUME~1\wiizer\LOCALS~1\Temp\etilqs_OvqBEpvBNyWJ1oc not found!
    DllUnregisterServer procedure not found in C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-gdip-win32-3448.dll
    C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-gdip-win32-3448.dll NOT unregistered.
    C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-gdip-win32-3448.dll moved successfully.
    DllUnregisterServer procedure not found in C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-win32-3448.dll
    C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-win32-3448.dll NOT unregistered.
    C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-win32-3448.dll moved successfully.
    C:\DOCUME~1\wiizer\LOCALS~1\Temp\WCESLog.log moved successfully.
    File C:\DOCUME~1\wiizer\LOCALS~1\Temp\~DFA8C9.tmp not found!
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
    File C:\windows\temp\Perflib_Perfdata_944.dat not found!
    File C:\windows\temp\ZLT00090.TMP not found!
    File C:\windows\temp\ZLT0014d.TMP not found!

    m
    0
    l
    14 Février 2009 12:04:39

    En fait le rapport était dans E:\
    m
    0
    l
    a c 296 8 Sécurité
    14 Février 2009 14:05:11

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Double-clique sur OTMoveIt3.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :files
    C:\Program Files\spooler.exe

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    m
    0
    l
    14 Février 2009 14:13:56

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    File/Folder C:\Program Files\spooler.exe not found.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\hsperfdata_wiizer\5072 scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\e4j4.tmp_dir20081\exe4jlib.jar scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\etilqs_MfMPAROV5Cei9uf scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\etilqs_mPJjUGsTfJBj84L scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-gdip-win32-3448.dll scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-win32-3448.dll scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\~DF2FC1.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\windows\temp\Perflib_Perfdata_9c4.dat scheduled to be deleted on reboot.
    File delete failed. C:\windows\temp\ZLT03d30.TMP scheduled to be deleted on reboot.
    File delete failed. C:\windows\temp\ZLT04d00.TMP scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    FireFox cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02142009_140703




    antivir a redétecter spooler au démarrage.
    m
    0
    l
    a c 296 8 Sécurité
    14 Février 2009 14:21:40

  • Refais un scan RSIT et poste le rapport log.
    m
    0
    l
    14 Février 2009 14:38:20

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by wiizer at 2009-02-14 14:37:34
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 25 GB (25%) free of 100 GB
    Total RAM: 2047 MB (55% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:37:47, on 14/02/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\windows\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\windows\eHome\ehRecvr.exe
    C:\windows\eHome\ehSched.exe
    C:\windows\System32\GEARSec.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    C:\windows\system32\nvsvc32.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\windows\system32\PnkBstrA.exe
    C:\windows\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\windows\notepad.exe
    C:\windows\RTHDCPL.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\windows\System32\svchost.exe
    C:\windows\eHome\ehmsas.exe
    C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
    C:\Program Files\WinFast\WFDTV\WFWIZ.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
    C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\windows\system32\RUNDLL32.EXE
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\Cyberlink\Shared Files\brs.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\windows\system32\jwtch32.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\windows\system32\ctfmon.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Documents and Settings\wiizer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Electronic Arts\EADM\Core.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\Documents and Settings\wiizer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\wiizer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\windows\system32\OOBE\msoobe.exe
    C:\Documents and Settings\wiizer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    E:\Mes Documents\Downloads\RSIT.exe
    C:\Program Files\trend micro\wiizer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dufpy.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\ONSPEED\PBHELPER.DLL (file missing)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll (file missing)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - E:\Mes Documents\Downloads\FindeXer win7 kit\FindeXer\FindeXer.dll
    O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\TOOLBAND.DLL (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
    O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
    O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
    O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
    O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE" /auto
    O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
    O4 - HKLM\..\Run: [Printspooler] C:\Program Files\spooler.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Microsoft netswitch] C:\windows\system32\jwtch32.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [sTabLauncher] E:\Logiciel\sTabLauncher\sTabLauncher.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\wiizer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
    O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
    O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
    O4 - HKCU\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
    O4 - HKCU\..\Run: [sys32] C:\windows\system32\Windows_NT\vshost,.exe
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Global Startup: Air Mouse.lnk = C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
    O4 - Global Startup: Vuze.lnk = C:\Program Files\Azureus\Azureus.exe
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
    O20 - AppInit_DLLs: glcpwl.dll
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\windows\System32\appdrvrem01.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FAH@E:+Jeux+Far Cry 2+bin+FAH.exe - Unknown owner - E:\Jeux\Far Cry 2\bin\FAH.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\windows\System32\GEARSec.exe
    O23 - Service: Google Update Service (gupdate1c98b76b7e2157e) (gupdate1c98b76b7e2157e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 14757 bytes

    ======Scheduled tasks folder======

    C:\windows\tasks\AppleSoftwareUpdate.job
    C:\windows\tasks\Google Software Updater.job
    C:\windows\tasks\GoogleUpdateTaskMachine.job
    C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-861567501-839522115-1003.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4115122B-85FF-4DD3-9515-F075BEDE5EB5}]
    PBlockHelper Class - C:\Program Files\ONSPEED\PBHELPER.DLL []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9AA2F14F-E956-44B8-8694-A5B615CDF341}]
    NOW!Imaging - C:\Program Files\ONSPEED\components\NOWImaging.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-10 657904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD}]
    Loader Class - E:\Mes Documents\Downloads\FindeXer win7 kit\FindeXer\FindeXer.dll [2006-07-28 142848]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - ONSPEED - C:\Program Files\ONSPEED\TOOLBAND.DLL []

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"=C:\windows\system32\NvCpl.dll [2009-01-15 13680640]
    "RTHDCPL"=C:\windows\RTHDCPL.EXE [2007-03-21 16126464]
    "nwiz"=nwiz.exe /install []
    "JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
    "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
    "Alcmtr"=C:\windows\ALCMTR.EXE [2005-05-03 69632]
    "36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-03-21 1953792]
    "WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2007-02-12 69632]
    "WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2007-02-12 397312]
    "LogitechCommunicationsManager"=C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
    "pdfSaver3"= []
    "AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
    "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
    ""= []
    "Norton Ghost 9.0"=C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe [2004-07-29 1122304]
    "DrvIcon"=C:\Program Files\Vista Drive Icon\DrvIcon.exe []
    "MDDiskProtect.exe"=C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe [2005-04-15 106496]
    "Mediafour XPlay Tray Notification Icon"=C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE [2004-09-27 94208]
    "Mediafour Mac Volume Notifications"=C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE [2002-12-17 61440]
    "SlipStream"=C:\Program Files\ONSPEED\onspeedcore.exe []
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
    "NvMediaCenter"=C:\windows\system32\NvMcTray.dll [2009-01-15 86016]
    "RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
    "PDVD8LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
    "BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2009-02-13 91432]
    "Printspooler"=C:\Program Files\spooler.exe []
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
    "Microsoft netswitch"=C:\windows\system32\jwtch32.exe [2009-02-12 49152]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-11-06 5724184]
    "ctfmon.exe"=C:\windows\system32\ctfmon.exe [2008-04-13 15360]
    "RocketDock"=C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
    "sTabLauncher"=E:\Logiciel\sTabLauncher\sTabLauncher.exe []
    "Google Update"=C:\Documents and Settings\wiizer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 133104]
    "H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
    "LClock"=C:\Program Files\LClock\LClock.exe []
    "ViStart"=C:\Program Files\ViStart\ViStart.exe []
    "ViOrb"=C:\Program Files\ViOrb\ViOrb.exe []
    "VisualTooltip"=C:\Program Files\VisualTooltip\VisualToolTip.exe []
    "sys32"=C:\windows\system32\Windows_NT\vshost []
    "EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-02-06 3325952]
    "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    E:\BitTorrent\bittorrent.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [2006-09-10 218032]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [2008-02-28 570664]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
    C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe [2004-07-29 1122304]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE [2009-02-10 161776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^wiizer^Menu Démarrer^Programmes^Démarrage^Enregistrement de produit Logitech.lnk]
    C:\PROGRA~1\Logitech\G51SKI~1\eReg.exe [2007-08-12 2979080]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "usnjsvc"=3
    "UleadBurningHelper"=2
    "ose"=3
    "odserv"=3
    "Nero BackItUp Scheduler 3"=2
    "iPod Service"=3
    "gusvc"=2
    "Bonjour Service"=2

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Air Mouse.lnk - C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
    Vuze.lnk - C:\Program Files\Azureus\Azureus.exe

    C:\Documents and Settings\wiizer\Menu Démarrer\Programmes\Démarrage
    RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="glcpwl.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\windows\system32\WgaLogon.dll [2007-04-10 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{88485281-8b4b-4f8d-9ede-82e29a064277}"=C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 192512]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:p nkBstrA"
    "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:p nkBstrB"
    "E:\Jeux\SEGA Rally.exe"="E:\Jeux\SEGA Rally.exe:*:Enabled:SEGA Rally"
    "E:\Jeux\SEGA Rally_SSE1.exe"="E:\Jeux\SEGA Rally_SSE1.exe:*:Enabled:SEGA Rally"
    "E:\Jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="E:\Jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
    "E:\Jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="E:\Jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "E:\Jeux\Sega Rally\SEGA Rally.exe"="E:\Jeux\Sega Rally\SEGA Rally.exe:*:Enabled:SEGA Rally"
    "E:\Jeux\Sega Rally\SEGA Rally_SSE1.exe"="E:\Jeux\Sega Rally\SEGA Rally_SSE1.exe:*:Enabled:SEGA Rally"
    "E:\Jeux\Colin Mcrae Dirt\DiRT.exe"="E:\Jeux\Colin Mcrae Dirt\DiRT.exe:*:Enabled:D iRT Executable"
    "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
    "E:\Jeux\Unreal Tournament 3\Binaries\UT3.exe"="E:\Jeux\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3"
    "C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:D NA"
    "E:\BitTorrent\bittorrent.exe"="E:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "E:\Jeux\CoD4\Call of Duty 4 - Modern Warfare\iw3mp.exe"="E:\Jeux\CoD4\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
    "E:\Jeux\Supreme Commander Forged Alliance\GPGNet\GPG.Multiplayer.Client.exe"="E:\Jeux\Supreme Commander Forged Alliance\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance"
    "C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
    "C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe"="C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:*:D isabled:Adobe Photoshop Elements Media Server"
    "C:\Program Files\Podmailing\podmailing.exe"="C:\Program Files\Podmailing\podmailing.exe:*:Enabled:p odmailing Beta"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "E:\Jeux\Team Fortress 2\hl2.exe"="E:\Jeux\Team Fortress 2\hl2.exe:*:Enabled:hl2"
    "E:\Jeux\Grid\GRID.exe"="E:\Jeux\Grid\GRID.exe:*:Enabled:GRID Executable"
    "C:\Program Files\eMuleplus\eMule.exe"="C:\Program Files\eMuleplus\eMule.exe:*:Enabled:eMule Plus"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
    "C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
    "C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:p MSRegisterFile"
    "C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
    "E:\Program Files\Mass Effect\Binaries\MassEffect.exe"="E:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
    "E:\Program Files\Mass Effect\MassEffectLauncher.exe"="E:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
    "E:\Jeux\Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî\bin\xrEngine.exe"="E:\Jeux\Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî\bin\xrEngine.exe:*:Enabled:Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî (CLI)"
    "E:\Jeux\Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî\bin\dedicated\xrEngine.exe"="E:\Jeux\Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî\bin\dedicated\xrEngine.exe:*:Enabled:Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî (SRV)"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "E:\Jeux\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe"="E:\Jeux\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)"
    "E:\Jeux\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe"="E:\Jeux\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)"
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
    "E:\Jeux\Far Cry 2\bin\FarCry2.exe"="E:\Jeux\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
    "E:\Jeux\Far Cry 2\bin\FC2Launcher.exe"="E:\Jeux\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
    "E:\Jeux\Far Cry 2\bin\FC2Editor.exe"="E:\Jeux\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editeur"
    "E:\Jeux\Dead Space\Dead Space.exe"="E:\Jeux\Dead Space\Dead Space.exe:*:Enabled:D ead Space ™"
    "E:\Jeux\Call of Duty - World at War\CoDWaW.exe"="E:\Jeux\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
    "E:\Jeux\Call of Duty - World at War\CoDWaWmp.exe"="E:\Jeux\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
    "C:\Program Files\GameSpy\Comrade\Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade"
    "E:\Jeux\Left4Dead\hl2.exe"="E:\Jeux\Left4Dead\hl2.exe:*:Enabled:hl2"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:D isabled:BitComet - a BitTorrent Client"
    "C:\Program Files\Fichiers communs\XpressUpdate\XPressUpdate.exe"="C:\Program Files\Fichiers communs\XpressUpdate\XPressUpdate.exe:*:Enabled:XPressUpdate"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "E:\Jeux\Grand Theft Auto IV\LaunchGTAIV.exe"="E:\Jeux\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "E:\Jeux\Mirror's Edge\Binaries\MirrorsEdge.exe"="E:\Jeux\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"
    "C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
    "C:\Program Files\spooler.exe"="C:\Program Files\spooler.exe:*:Enabled:o tmspr"
    "E:\Jeux\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe"="E:\Jeux\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
    "E:\Jeux\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe"="E:\Jeux\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
    "E:\Jeux\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe"="E:\Jeux\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d478b3fa-8703-11dd-a146-001e8c548aaf}]
    shell\AutoRun\command - K:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d478b3fe-8703-11dd-a146-001e8c548aaf}]
    shell\AutoRun\command - M:\LaunchU3.exe -a


    ======List of files/folders created in the last 1 months======

    2009-02-14 00:01:13 ----A---- C:\DirLook.txt
    2009-02-13 22:05:41 ----A---- C:\windows\setuplog.txt
    2009-02-13 21:40:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-02-13 20:50:07 ----D---- C:\rsit
    2009-02-13 16:46:57 ----D---- C:\Program Files\Badaboom
    2009-02-13 15:48:29 ----A---- C:\windows\Burnout(TM) Paradise The Ultimate Box Patch Log.txt
    2009-02-13 15:20:06 ----D---- C:\Documents and Settings\wiizer\Application Data\CyberLink
    2009-02-13 15:18:43 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
    2009-02-13 15:18:20 ----D---- C:\Program Files\Fichiers communs\CyberLink
    2009-02-13 15:17:55 ----N---- C:\windows\system32\jwtch32.exe
    2009-02-13 15:17:33 ----D---- C:\Program Files\CyberLink
    2009-02-13 15:15:52 ----D---- C:\Program Files\Cyberlink PowerDVD Ultra 8.0.1730
    2009-02-12 23:30:36 ----HDC---- C:\windows\$NtUninstallKB960715$
    2009-02-12 23:30:31 ----A---- C:\windows\imsins.BAK
    2009-02-10 18:04:55 ----D---- C:\Flobots.Fight.With.Tools[2007]-OriginalThought
    2009-02-10 18:04:55 ----D---- C:\Flobots - Platypus album[2005]
    2009-02-10 12:56:32 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
    2009-02-09 14:17:56 ----D---- C:\PART
    2009-02-08 14:05:19 ----D---- C:\Program Files\Rockstar Games
    2009-02-08 13:37:16 ----D---- C:\Program Files\SystemRequirementsLab
    2009-02-08 13:37:12 ----D---- C:\Documents and Settings\wiizer\Application Data\SystemRequirementsLab
    2009-02-07 20:33:29 ----D---- C:\Role Models DvdRip
    2009-02-03 18:35:01 ----D---- C:\Q3Ademo
    2009-02-03 10:27:23 ----D---- C:\windows\NV34921692.TMP
    2009-02-03 09:19:29 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts
    2009-02-01 22:32:33 ----D---- C:\Program Files\7-Zip
    2009-02-01 18:44:19 ----A---- C:\windows\system32\javaws.exe
    2009-02-01 18:44:19 ----A---- C:\windows\system32\javaw.exe
    2009-02-01 18:44:19 ----A---- C:\windows\system32\java.exe
    2009-02-01 11:06:06 ----D---- C:\Program Files\Windows Live Safety Center
    2009-01-29 19:01:07 ----D---- C:\Program Files\WinAVI MP4 Converter
    2009-01-29 18:58:48 ----D---- C:\Lavasoft.Ad-Aware.2008.v7.1+Crack
    2009-01-29 18:58:26 ----D---- C:\Ad-Aware 2007 Professional Edition 7.0.1.6 + Crack [h33t] [CaZoR]
    2009-01-25 22:40:56 ----HDC---- C:\windows\$NtUninstallXPSEPSCLP$
    2009-01-25 19:09:10 ----D---- C:\Documents and Settings\wiizer\Application Data\SlipStream
    2009-01-25 15:49:27 ----D---- C:\Program Files\ONSPEED
    2009-01-25 15:49:27 ----A---- C:\windows\system32\sliprt.dll
    2009-01-25 00:17:36 ----D---- C:\Program Files\Code de la Route pour les Nuls
    2009-01-24 22:23:10 ----D---- C:\Program Files\Air Mouse
    2009-01-21 21:07:01 ----D---- C:\Documents and Settings\wiizer\Application Data\Crayon Physics Deluxe
    2009-01-21 20:55:27 ----D---- C:\Crayon Physics Deluxe
    2009-01-20 18:43:00 ----D---- C:\Armadillo_Run_1.0.3_Cracked_1000_levels
    2009-01-20 18:34:00 ----D---- C:\Program Files\Fichiers communs\Mediafour
    2009-01-20 18:33:50 ----D---- C:\Program Files\Mediafour
    2009-01-20 18:33:50 ----D---- C:\Documents and Settings\All Users\Application Data\Mediafour
    2009-01-19 18:40:14 ----D---- C:\XPlay 2

    ======List of files/folders modified in the last 1 months======

    2009-02-14 14:37:45 ----D---- C:\windows\Prefetch
    2009-02-14 14:37:40 ----D---- C:\Documents and Settings\wiizer\Application Data\Azureus
    2009-02-14 14:37:36 ----D---- C:\Program Files\Trend Micro
    2009-02-14 14:30:29 ----D---- C:\windows\Temp
    2009-02-14 14:11:41 ----D---- C:\Program Files
    2009-02-14 14:11:09 ----D---- C:\WINDOWS
    2009-02-14 14:09:23 ----SD---- C:\windows\Tasks
    2009-02-14 14:09:23 ----D---- C:\windows\Registration
    2009-02-14 14:07:38 ----A---- C:\windows\SchedLgU.Txt
    2009-02-14 14:07:36 ----D---- C:\windows\system32\CatRoot2
    2009-02-14 13:06:03 ----D---- C:\windows\Internet Logs
    2009-02-14 11:35:01 ----D---- C:\Program Files\DAEMON Tools Lite
    2009-02-14 00:13:44 ----D---- C:\Music
    2009-02-13 23:35:22 ----AD---- C:\windows\system32
    2009-02-13 23:27:03 ----D---- C:\windows\system32\drivers
    2009-02-13 23:27:01 ----D---- C:\Program Files\Avira
    2009-02-13 23:27:01 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
    2009-02-13 22:26:17 ----D---- C:\Program Files\Partouche
    2009-02-13 22:17:51 ----D---- C:\Program Files\Java
    2009-02-13 19:35:57 ----RSHD---- C:\windows\system32\Windows_NT
    2009-02-13 19:33:47 ----D---- C:\windows\Debug
    2009-02-13 15:44:00 ----SHD---- C:\windows\Installer
    2009-02-13 15:44:00 ----D---- C:\Config.Msi
    2009-02-13 15:25:04 ----D---- C:\windows\system32\DirectX
    2009-02-13 15:25:00 ----HD---- C:\windows\inf
    2009-02-13 15:24:31 ----RSD---- C:\windows\assembly
    2009-02-13 15:21:39 ----A---- C:\windows\NeroDigital.ini
    2009-02-13 15:19:43 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-02-13 15:18:20 ----D---- C:\Program Files\Fichiers communs
    2009-02-13 15:18:19 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-02-13 15:16:11 ----A---- C:\windows\system32\msvcp71.dll
    2009-02-13 11:12:37 ----D---- C:\Program Files\Movie Maker
    2009-02-12 23:31:06 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2009-02-12 23:30:35 ----HD---- C:\windows\$hf_mig$
    2009-02-12 23:30:24 ----RSHDC---- C:\windows\system32\dllcache
    2009-02-12 23:30:21 ----D---- C:\Program Files\Internet Explorer
    2009-02-12 23:30:13 ----D---- C:\windows\ie7updates
    2009-02-12 19:32:33 ----D---- C:\Program Files\Mozilla Firefox
    2009-02-12 15:19:37 ----D---- C:\Program Files\Windows Media Player
    2009-02-12 05:56:17 ----A---- C:\windows\system32\MRT.exe
    2009-02-10 23:32:12 ----D---- C:\Program Files\Google
    2009-02-10 21:00:54 ----D---- C:\Program Files\TimeAdjuster
    2009-02-10 18:48:29 ----D---- C:\Program Files\Steam
    2009-02-06 18:12:02 ----D---- C:\Program Files\Messenger Plus! Live
    2009-02-05 12:39:06 ----D---- C:\Program Files\Fichiers communs\logishrd
    2009-02-03 18:54:15 ----D---- C:\windows\system
    2009-02-03 18:44:22 ----D---- C:\Program Files\eMule
    2009-02-03 10:30:59 ----D---- C:\windows\Help
    2009-02-03 10:30:57 ----D---- C:\windows\nview
    2009-02-03 10:29:14 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2009-02-03 10:28:34 ----D---- C:\Program Files\AGEIA Technologies
    2009-02-03 10:26:53 ----D---- C:\windows\system32\ReinstallBackups
    2009-02-01 18:44:01 ----A---- C:\windows\system32\PerfStringBackup.INI
    2009-01-30 19:13:18 ----D---- C:\Documents and Settings\wiizer\Application Data\LimeWire
    2009-01-28 23:31:03 ----D---- C:\Program Files\Azureus
    2009-01-25 22:47:19 ----D---- C:\windows\Microsoft.NET
    2009-01-25 22:40:17 ----D---- C:\windows\system32\fr-fr
    2009-01-25 22:40:14 ----D---- C:\windows\system32\XPSViewer
    2009-01-25 22:36:12 ----D---- C:\windows\system32\CatRoot
    2009-01-25 22:33:36 ----D---- C:\windows\system32\en-us
    2009-01-24 23:23:16 ----D---- C:\Documents and Settings\wiizer\Application Data\Macromedia
    2009-01-24 22:18:20 ----D---- C:\windows\Downloaded Installations
    2009-01-24 18:52:10 ----D---- C:\windows\speech
    2009-01-24 18:48:07 ----D---- C:\Documents and Settings\wiizer\Application Data\InstallShield Installation Information
    2009-01-23 21:11:46 ----A---- C:\windows\ULEAD32.INI
    2009-01-20 18:42:37 ----A---- C:\windows\win.ini
    2009-01-16 21:15:42 ----A---- C:\windows\system32\mshtml.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nwiz.exe
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwssr.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwss.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrszht.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrszhc.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrstr.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsth.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrssv.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrssl.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrssk.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsru.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsptb.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrspt.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrspl.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsno.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsnl.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsko.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsja.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsit.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrshu.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrshe.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsfr.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsfi.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsesm.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrses.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrseng.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsel.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsde.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsda.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrscs.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwrsar.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwimg.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwdmcpl.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvwddi.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvvitvsr.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvvitvs.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvudisp.exe
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvsvc32.exe
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvshell.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrszht.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrszhc.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrstr.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsth.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrssv.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrssl.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrssk.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsru.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsptb.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrspt.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrspl.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsno.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsnl.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsko.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsja.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsit.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrshu.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrshe.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsfr.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsfi.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsesm.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrses.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrseng.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsel.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsde.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsda.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrscs.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvrsar.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvoglnt.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvmoblsr.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvmobls.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvmctray.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvmccssr.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvmccss.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvmccsrs.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvmccs.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nview.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvgamesr.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvgames.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvdspsch.exe
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvdispsr.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvdisps.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvcuda.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvcpluir.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvcplui.exe
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvcpl.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvcolor.exe
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvcodins.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvcod.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvappbar.exe
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nvapi.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\nv4_disp.dll
    2009-01-15 08:19:00 ----A---- C:\windows\system32\keystone.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 appdrv01;Application Driver (01); C:\windows\System32\Drivers\appdrv01.sys [2008-09-22 2915944]
    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
    R1 avipbb;avipbb; C:\windows\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
    R1 GEARAspiWDM;GearAspiWDM; C:\windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R1 intelppm;Pilote de processeur Intel; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
    R1 kbdhid;Pilote HID de clavier; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
    R1 KLIF;KLIF; C:\windows\system32\DRIVERS\klif.sys [2007-07-19 127768]
    R1 MDFSYSNT;MDFSYSNT; C:\windows\system32\drivers\MDFSYSNT.sys [2006-09-13 213888]
    R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
    R1 PQIMount;PQIMount; C:\windows\system32\drivers\PQIMount.sys [2004-07-29 46779]
    R1 SCDEmu;SCDEmu; C:\windows\system32\drivers\SCDEmu.sys [2008-06-12 56108]
    R1 ssmdrv;ssmdrv; C:\windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
    R1 vsdatant;vsdatant; C:\windows\System32\vsdatant.sys [2008-07-09 394952]
    R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\windows\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl []
    R2 atksgt;atksgt; C:\windows\system32\DRIVERS\atksgt.sys [2008-11-12 279712]
    R2 CX23880;WinFast CX2388x WDM Video Capture.; C:\windows\system32\drivers\cx88vid.sys [2006-10-18 162944]
    R2 CXAVXBAR;WinFast CX2388x WDM Crossbar.; C:\windows\system32\drivers\cxavxbar.sys [2006-10-18 9728]
    R2 CXTUNE;WinFast CX2388x WDM TVTuner.; C:\windows\system32\drivers\CX88TUNE.sys [2006-10-18 50816]
    R2 lirsgt;lirsgt; C:\windows\system32\DRIVERS\lirsgt.sys [2008-11-12 25888]
    R3 Arp1394;Protocole client ARP 1394; C:\windows\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\windows\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
    R3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\windows\system32\DRIVERS\Camdrl.sys [2007-02-03 1075360]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 hidusb;Pilote de classe HID Microsoft; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2007-03-26 4395008]
    R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\windows\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
    R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\windows\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
    R3 LVUSBSta;Logitech USB Monitor Filter; C:\windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
    R3 MarvinBus;Pinnacle Marvin Bus; C:\windows\system32\DRIVERS\MarvinBus.sys [2005-06-02 171008]
    R3 mouhid;Pilote HID de souris; C:\windows\system32\DRIVERS\mouhid.sys [2004-08-10 12288]
    R3 MTsensor;ATK0110 ACPI UTILITY; C:\windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
    R3 NIC1394;Pilote réseau 1394; C:\windows\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2009-01-15 6301248]
    R3 usbaudio;Pilote USB audio (WDM); C:\windows\system32\drivers\usbaudio.sys [2008-04-13 60032]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\windows\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\windows\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS []
    R3 xnacc;Microsoft Common Controller For Windows Driver Service; C:\windows\system32\DRIVERS\xnacc.sys [2006-06-01 509440]
    S1 DVDRC;DVDRC; C:\windows\System32\drivers\DVDRC.sys []
    S1 efbDisk;efbDisk; C:\windows\system32\drivers\efbDisk.sys []
    S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
    S3 ASAPIW2K;ASAPIW2K; \??\C:\WINDOWS\system32\Drivers\asapiW2k.sys []
    S3 BT;Bluetooth PAN Network Adapter; C:\windows\system32\DRIVERS\btnetdrv.sys []
    S3 CCDECODE;Décodeur sous-titre fermé; C:\windows\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys []
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\windows\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\windows\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\windows\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
    S3 LVcKap;Logitech AEC Driver; C:\windows\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
    S3 MHNDRV;Pilote MHN; C:\windows\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\windows\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\windows\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\windows\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 SLIP;Détrameur décalage BDA; C:\windows\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USBAAPL;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;Pilote de stockage de masse USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 VComm;Virtual Serial port driver; C:\windows\system32\DRIVERS\VComm.sys []
    S3 VcommMgr;Bluetooth VComm Manager Service; C:\windows\System32\Drivers\VcommMgr.sys []
    S3 WpdUsb;WpdUsb; C:\windows\System32\Drivers\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;Codec Teletext standard; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 ehRecvr;Media Center Receiver Service; C:\windows\eHome\ehRecvr.exe [2004-08-10 194560]
    R2 ehSched;Service de planification Media Center; C:\windows\eHome\ehSched.exe [2004-08-10 103424]
    R2 GEARSecurity;GEARSecurity; C:\windows\System32\GEARSec.exe [2004-07-29 53248]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
    R2 LVCOMSer;LVCOMSer; C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
    R2 LVPrcSrv;Process Monitor; C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
    R2 Norton Ghost;Norton Ghost; C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe [2004-07-29 1269760]
    R2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvsvc32.exe [2009-01-15 163908]
    R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
    R2 PnkBstrA;PnkBstrA; C:\windows\system32\PnkBstrA.exe [2008-11-13 66872]
    R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
    R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\windows\System32\appdrvrem01.exe [2008-09-22 304528]
    S2 FAH@E:+Jeux+Far Cry 2+bin+FAH.exe;FAH@E:+Jeux+Far Cry 2+bin+FAH.exe; E:\Jeux\Far Cry 2\bin\FAH.exe -svcstart []
    S2 gupdate1c98b76b7e2157e;Google Update Service (gupdate1c98b76b7e2157e); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
    S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-10 182768]
    S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
    S3 aspnet_state;Service d'état ASP.NET; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-07 654848]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
    S3 idsvc;Windows CardSpace; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
    S3 MHN;MHN; C:\windows\System32\svchost.exe [2008-04-13 14336]
    S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-13 14336]
    S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
    S4 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]

    -----------------EOF-----------------

    m
    0
    l
    a c 296 8 Sécurité
    14 Février 2009 14:46:42

    1/

  • Cherche ce fichier : C:\Program Files\trend micro\wiizer.exe
  • Double-clique sur ce fichier.
  • Choisis Do a system scan only.
  • Coche les cases qui sont devant les lignes suivantes :

    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\ONSPEED\PBHELPER.DLL (file missing)

    O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll (file missing)

    O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\TOOLBAND.DLL (file missing)

    O4 - HKLM\..\Run: [Printspooler] C:\Program Files\spooler.exe

    O4 - HKLM\..\Run: [Microsoft netswitch] C:\windows\system32\jwtch32.exe

    O4 - HKCU\..\Run: [sys32] C:\windows\system32\Windows_NT\vshost,.exe

    O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

    O20 - AppInit_DLLs: glcpwl.dll

    O23 - Service: FAH@E:+Jeux+Far Cry 2+bin+FAH.exe - Unknown owner - E:\Jeux\Far Cry 2\bin\FAH.exe (file missing)

  • Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
  • Ferme HijackThis.


    2/

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Double-clique sur OTMoveIt3.exe pour le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :files
    C:\WINDOWS\system32\glcpwl.dll
    C:\windows\system32\Windows_NT
    C:\Program Files\spooler.exe
    C:\windows\system32\jwtch32.exe

    :reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\spooler.exe"=-

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    m
    0
    l
    14 Février 2009 15:05:15

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    File/Folder C:\WINDOWS\system32\glcpwl.dll not found.
    C:\windows\system32\Windows_NT moved successfully.
    File/Folder C:\Program Files\spooler.exe not found.
    C:\windows\system32\jwtch32.exe moved successfully.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\spooler.exe deleted successfully.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\hsperfdata_wiizer\3976 scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\e4j4.tmp_dir6808\exe4jlib.jar scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\etilqs_SHoS6AGhBoqFu5r scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-gdip-win32-3448.dll scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-win32-3448.dll scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\~DF453F.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\windows\temp\Perflib_Perfdata_988.dat scheduled to be deleted on reboot.
    File delete failed. C:\windows\temp\ZLT01983.TMP scheduled to be deleted on reboot.
    File delete failed. C:\windows\temp\ZLT01986.TMP scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    FireFox cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02142009_145933

    Files moved on Reboot...
    File C:\DOCUME~1\wiizer\LOCALS~1\Temp\hsperfdata_wiizer\3976 not found!
    C:\DOCUME~1\wiizer\LOCALS~1\Temp\e4j4.tmp_dir6808\exe4jlib.jar moved successfully.
    File C:\DOCUME~1\wiizer\LOCALS~1\Temp\etilqs_SHoS6AGhBoqFu5r not found!
    DllUnregisterServer procedure not found in C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-gdip-win32-3448.dll
    C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-gdip-win32-3448.dll NOT unregistered.
    C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-gdip-win32-3448.dll moved successfully.
    DllUnregisterServer procedure not found in C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-win32-3448.dll
    C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-win32-3448.dll NOT unregistered.
    C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-win32-3448.dll moved successfully.
    C:\DOCUME~1\wiizer\LOCALS~1\Temp\WCESLog.log moved successfully.
    File C:\DOCUME~1\wiizer\LOCALS~1\Temp\~DF453F.tmp not found!
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
    File C:\windows\temp\Perflib_Perfdata_988.dat not found!
    File C:\windows\temp\ZLT01983.TMP not found!
    File C:\windows\temp\ZLT01986.TMP not found!

    m
    0
    l
    a c 296 8 Sécurité
    14 Février 2009 15:16:29

  • Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.
  • Dans Antivir, choisis Outils puis Configuration.
  • Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.
  • Fais un scan complet et poste le rapport.
    m
    0
    l
    15 Février 2009 00:58:25




    Avira AntiVir Personal
    Date de création du fichier de rapport : samedi 14 février 2009 17:35

    La recherche porte sur 1245161 souches de virus.

    Détenteur de la licence :Avira AntiVir PersonalEdition Classic
    Numéro de série : 0000149996-ADJIE-0001
    Plateforme : Windows XP
    Version de Windows :( Service Pack 3) [5.1.2600]
    Mode Boot : Démarré normalement
    Identifiant : SYSTEM
    Nom de l'ordinateur :WIIZER-0C1703CA

    Informations de version :
    BUILD.DAT : 8.2.0.52 16931 Bytes 02/12/2008 14:55:00
    AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:00
    AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16
    LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:27
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
    ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 22:33:06
    ANTIVIR2.VDF : 7.1.2.13 2048 Bytes 11/02/2009 22:33:07
    ANTIVIR3.VDF : 7.1.2.25 65536 Bytes 13/02/2009 22:33:07
    Version du moteur: 8.2.0.79
    AEVDF.DLL : 8.1.1.0 106868 Bytes 13/02/2009 22:33:14
    AESCRIPT.DLL : 8.1.1.47 348539 Bytes 13/02/2009 22:33:13
    AESCN.DLL : 8.1.1.7 127347 Bytes 13/02/2009 22:33:12
    AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
    AEPACK.DLL : 8.1.3.8 397684 Bytes 13/02/2009 22:33:12
    AEOFFICE.DLL : 8.1.0.33 196987 Bytes 13/02/2009 22:33:11
    AEHEUR.DLL : 8.1.0.90 1573237 Bytes 13/02/2009 22:33:10
    AEHELP.DLL : 8.1.2.0 119159 Bytes 13/02/2009 22:33:09
    AEGEN.DLL : 8.1.1.16 332148 Bytes 13/02/2009 22:33:08
    AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
    AECORE.DLL : 8.1.6.5 176501 Bytes 13/02/2009 22:33:08
    AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:02
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58
    AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:37
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16
    RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43

    Configuration pour la recherche actuelle :
    Nom de la tâche..................: Contrôle intégral du système
    Fichier de configuration.........: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Documentation....................: bas
    Action principale................: interactif
    Action secondaire................: ignorer
    Recherche sur les secteurs d'amorçage maître: marche
    Recherche sur les secteurs d'amorçage: marche
    Secteurs d'amorçage..............: C:, E:,
    Recherche dans les programmes actifs: marche
    Recherche en cours sur l'enregistrement: marche
    Recherche de Rootkits............: marche
    Fichier mode de recherche........: Sélection de fichiers intelligente
    Recherche sur les archives.......: marche
    Limiter la profondeur de récursivité: 20
    Archive Smart Extensions.........: marche
    Heuristique de macrovirus........: marche
    Heuristique fichier..............: moyen

    Début de la recherche : samedi 14 février 2009 17:35

    La recherche d'objets cachés commence.
    '76990' objets ont été contrôlés, '0' objets cachés ont été trouvés.

    La recherche sur les processus démarrés commence :
    Processus de recherche 'chrome.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'chrome.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'chrome.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'chrome.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'UberIcon Manager.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'Azureus.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'Air Mouse.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'rapimgr.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'iPodService.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'Core.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'wcescomm.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'GoogleUpdate.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'RocketDock.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'wpabaln.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'brs.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'PDVD8Serv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'MACVNTFY.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'MDDiskProtect.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'GhostTray.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'zlclient.exe' - '0' module(s) sont contrôlés
    Processus de recherche 'iTunesHelper.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'hpwuSchd2.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'Communications_Helper.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'WFWIZ.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'DTVSchdl.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'ehmsas.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'ehtray.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'RTHDCPL.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'LVComSer.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'dllhost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'PnkBstrA.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'HPZipm12.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'IoctlSvc.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'nvsvc32.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'PQV2iSvc.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'LVComSer.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'gearsec.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'ehSched.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'ehRecvr.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'GoogleUpdate.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'LVPrcSrv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'vsmon.exe' - '0' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
    '68' processus ont été contrôlés avec '68' modules

    La recherche sur les secteurs d'amorçage maître commence :
    Secteur d'amorçage maître HD0
    [INFO] Aucun virus trouvé !

    La recherche sur les secteurs d'amorçage commence :
    Secteur d'amorçage 'C:\'
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage 'E:\'
    [INFO] Aucun virus trouvé !

    La recherche sur les renvois aux fichiers exécutables (registre) commence.
    Le registre a été contrôlé ( '73' fichiers).


    La recherche sur les fichiers sélectionnés commence :

    Recherche débutant dans 'C:\'
    C:\hiberfil.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    C:\pagefile.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    C:\Program Files\Samsung\Samsung Media Studio 5\temp2\firmware\firmware.cab
    [0] Type d'archive: CAB (Microsoft)
    --> T10J.ROM
    [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
    C:\WINDOWS\system32\drivers\sptd.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    Recherche débutant dans 'E:\'
    E:\Mes Documents\Downloads\windowsxpservicepack2activationcrack.zip
    [0] Type d'archive: ZIP
    --> KeyGen.exe
    [RESULTAT] Contient le cheval de Troie TR/Agent.98304.BU
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a055278.qua' !
    E:\System Volume Information\_restore{02A523C0-F58B-43B3-8111-25B034A417A9}\RP542\A0150876.ExE
    [RESULTAT] Contient le cheval de Troie TR/VB.ieq.33
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49c8591e.qua' !


    Fin de la recherche : dimanche 15 février 2009 00:53
    Temps nécessaire: 7:17:41 Heure(s)

    La recherche a été effectuée intégralement

    29685 Les répertoires ont été contrôlés
    1549219 Des fichiers ont été contrôlés
    2 Des virus ou programmes indésirables ont été trouvés
    0 Des fichiers ont été classés comme suspects
    0 Des fichiers ont été supprimés
    0 Des virus ou programmes indésirables ont été réparés
    2 Les fichiers ont été déplacés dans la quarantaine
    0 Les fichiers ont été renommés
    3 Impossible de contrôler des fichiers
    1549214 Fichiers non infectés
    20485 Les archives ont été contrôlées
    4 Avertissements
    2 Consignes
    76990 Des objets ont été contrôlés lors du Rootkitscan
    0 Des objets cachés ont été trouvés


    m
    0
    l
    a c 296 8 Sécurité
    15 Février 2009 01:08:32

    Regedit fonctionne ?
    m
    0
    l
    15 Février 2009 01:14:57

    non.
    m
    0
    l
    15 Février 2009 12:12:23

    il reste des solutions ?
    m
    0
    l
    15 Février 2009 13:18:36

    depuis ce matin il n'y a plus de pubs qui s'ouvrent. Mais il manque toujours le gestionnaire de taches et regedit
    m
    0
    l
    a c 296 8 Sécurité
    15 Février 2009 14:45:41

    Tu as le même message d'erreur que regedit pour le gestionnaire des tâches ?
    m
    0
    l
    15 Février 2009 14:53:27

    je pense réinstaller windows dans une semaine, ou utiliser une sauvegarde...
    m
    0
    l
    a c 296 8 Sécurité
    15 Février 2009 15:02:57

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    m
    0
    l
    15 Février 2009 17:49:44

    ComboFix 09-02-14.01 - wiizer 2009-02-15 16:00:06.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.1062 [GMT 1:00]
    Running from: e:\mes documents\Downloads\ComboFix.exe
    AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
    AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated)
    FW: ZoneAlarm Firewall *disabled*
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\install.exe
    c:\windows\system32\tmp36.tmp
    c:\windows\system32\tmp44.tmp
    c:\windows\system32\tmp45.tmp
    c:\windows\system32\tmp78.tmp
    c:\windows\system32\tmp79.tmp

    .
    ((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
    .

    2009-02-15 14:21 . 2009-02-15 14:21 <REP> d-------- c:\windows\LastGood
    2009-02-13 23:35 . 2009-02-13 23:35 4,444 --a------ c:\windows\system32\pid.PNF
    2009-02-13 21:40 . 2009-02-13 21:40 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-02-13 21:40 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-13 21:40 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-02-13 20:50 . 2009-02-13 20:50 <REP> d-------- C:\rsit
    2009-02-13 16:46 . 2009-02-13 16:49 <REP> d-------- c:\program files\Badaboom
    2009-02-13 15:22 . 2009-02-14 14:52 4,395 --a------ c:\windows\pop.htm
    2009-02-13 15:20 . 2009-02-13 15:20 <REP> d-------- c:\documents and settings\wiizer\Application Data\CyberLink
    2009-02-13 15:18 . 2009-02-13 15:18 <REP> d-------- c:\program files\Fichiers communs\CyberLink
    2009-02-13 15:18 . 2009-02-13 15:21 <REP> d-------- c:\documents and settings\All Users\Application Data\CyberLink
    2009-02-13 15:17 . 2009-02-13 15:18 <REP> d-------- c:\program files\CyberLink
    2009-02-13 15:15 . 2009-02-13 15:15 <REP> d-------- c:\program files\Cyberlink PowerDVD Ultra 8.0.1730
    2009-02-10 18:04 . 2009-02-10 18:05 <REP> d-------- C:\Flobots.Fight.With.Tools[2007]-OriginalThought
    2009-02-10 18:04 . 2009-02-10 18:05 <REP> d-------- C:\Flobots - Platypus album[2005]
    2009-02-10 12:56 . 2009-02-14 18:01 <REP> d-------- c:\documents and settings\All Users\Application Data\Google Updater
    2009-02-09 14:17 . 2009-02-12 15:26 <REP> d-------- C:\PART
    2009-02-08 14:05 . 2009-02-08 14:05 <REP> d-------- c:\program files\Rockstar Games
    2009-02-08 13:37 . 2009-02-08 13:47 <REP> d-------- c:\program files\SystemRequirementsLab
    2009-02-08 13:37 . 2009-02-08 13:37 <REP> d-------- c:\documents and settings\wiizer\Application Data\SystemRequirementsLab
    2009-02-07 20:33 . 2009-02-08 11:13 <REP> d-------- C:\Role Models DvdRip
    2009-02-03 18:35 . 2009-02-03 18:35 <REP> d-------- C:\Q3Ademo
    2009-02-03 10:27 . 2009-02-03 10:30 <REP> d-------- c:\windows\NV34921692.TMP
    2009-02-03 09:19 . 2009-02-03 09:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts
    2009-02-01 22:32 . 2009-02-01 22:32 <REP> d-------- c:\program files\7-Zip
    2009-02-01 11:06 . 2009-02-15 14:21 <REP> d-------- c:\program files\Windows Live Safety Center
    2009-01-29 19:01 . 2009-02-12 19:37 <REP> d-------- c:\program files\WinAVI MP4 Converter
    2009-01-29 18:58 . 2009-02-14 00:03 <REP> d-------- C:\Lavasoft.Ad-Aware.2008.v7.1+Crack
    2009-01-25 19:09 . 2009-01-25 19:09 <REP> d-------- c:\documents and settings\wiizer\Application Data\SlipStream
    2009-01-25 15:49 . 2009-01-25 19:54 <REP> d-------- c:\program files\ONSPEED
    2009-01-25 15:49 . 2006-08-03 17:33 86,016 --a------ c:\windows\system32\sliprt.dll
    2009-01-25 13:43 . 2009-01-25 13:53 13,188 --a------ C:\MACDR055.CST
    2009-01-25 00:17 . 2009-01-25 00:20 <REP> d-------- c:\program files\Code de la Route pour les Nuls
    2009-01-24 22:23 . 2009-01-24 22:23 <REP> d-------- c:\program files\Air Mouse
    2009-01-21 21:07 . 2009-01-21 21:57 <REP> d-------- c:\documents and settings\wiizer\Application Data\Crayon Physics Deluxe
    2009-01-21 20:55 . 2009-02-15 00:24 <REP> d-------- C:\Crayon Physics Deluxe
    2009-01-20 18:34 . 2009-01-20 18:42 <REP> d-------- c:\program files\Fichiers communs\Mediafour
    2009-01-20 18:33 . 2009-01-20 18:34 <REP> d-------- c:\program files\Mediafour
    2009-01-20 18:33 . 2009-01-20 18:33 <REP> d-------- c:\documents and settings\All Users\Application Data\Mediafour
    2009-01-19 19:05 . 2009-01-19 19:07 2,158,475 --a------ C:\PhoneView.zip
    2009-01-19 18:40 . 2009-01-19 18:40 <REP> d-------- C:\XPlay 2
    2009-01-18 13:35 . 2009-01-18 14:56 91,144,348 --a------ C:\MetalSlugX.nrg
    2009-01-15 08:19 . 2009-01-15 08:19 1,253,376 --a------ c:\windows\system32\NvPVEnc.ax

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-15 15:05 37,316,640 --sha-w c:\windows\system32\drivers\fidbox.dat
    2009-02-15 15:04 --------- d-----w c:\documents and settings\wiizer\Application Data\Azureus
    2009-02-15 12:58 --------- d-----w c:\program files\Fichiers communs\Adobe
    2009-02-15 00:27 438,140 --sha-w c:\windows\system32\drivers\fidbox.idx
    2009-02-14 17:28 --------- d-----w c:\program files\Steam
    2009-02-14 17:27 --------- d-----w c:\program files\LimeWire
    2009-02-14 17:27 --------- d-----w c:\documents and settings\wiizer\Application Data\IconTweaker
    2009-02-14 17:27 --------- d-----w c:\documents and settings\All Users\Application Data\IconTweaker
    2009-02-14 13:52 --------- d-----w c:\program files\Trend Micro
    2009-02-14 10:35 --------- d-----w c:\program files\DAEMON Tools Lite
    2009-02-14 10:17 7,391,789 ----a-w c:\windows\Internet Logs\tvDebug.zip
    2009-02-13 22:27 --------- d-----w c:\program files\Avira
    2009-02-13 22:27 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
    2009-02-13 21:26 --------- d-----w c:\program files\Partouche
    2009-02-13 21:17 --------- d-----w c:\program files\Java
    2009-02-13 18:43 2,925,056 ----a-w c:\windows\Internet Logs\xDBE.tmp
    2009-02-13 14:19 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-02-13 14:18 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-02-13 14:16 505,128 ----a-w c:\windows\system32\msvcp71.dll
    2009-02-12 22:31 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-02-10 22:32 --------- d-----w c:\program files\Google
    2009-02-10 20:00 --------- d-----w c:\program files\TimeAdjuster
    2009-02-06 17:12 --------- d-----w c:\program files\Messenger Plus! Live
    2009-02-05 11:39 --------- d-----w c:\program files\Fichiers communs\logishrd
    2009-02-04 15:40 2,364,928 ----a-w c:\windows\Internet Logs\xDBD.tmp
    2009-02-03 17:44 --------- d-----w c:\program files\eMule
    2009-02-03 09:29 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
    2009-02-03 09:28 --------- d-----w c:\program files\AGEIA Technologies
    2009-01-30 18:13 --------- d-----w c:\documents and settings\wiizer\Application Data\LimeWire
    2009-01-28 22:31 --------- d-----w c:\program files\Azureus
    2009-01-24 17:48 --------- d-----w c:\documents and settings\wiizer\Application Data\InstallShield Installation Information
    2009-01-24 10:47 2,989,568 ----a-w c:\windows\Internet Logs\xDBB.tmp
    2009-01-24 10:47 2,232,832 ----a-w c:\windows\Internet Logs\xDBC.tmp
    2009-01-23 17:32 2,233,856 ----a-w c:\windows\Internet Logs\xDBA.tmp
    2009-01-21 17:48 2,228,224 ----a-w c:\windows\Internet Logs\xDB9.tmp
    2009-01-13 20:48 --------- d-----w c:\program files\TechSmith
    2009-01-13 20:48 --------- d-----w c:\program files\Fichiers communs\TechSmith Shared
    2009-01-11 13:37 2,178,560 ----a-w c:\windows\Internet Logs\xDB8.tmp
    2009-01-10 16:27 --------- d-----w c:\program files\WinSCP
    2009-01-10 13:46 36,727,883 ----a-w C:\Monkey Ball.app.zip
    2009-01-10 12:32 8,955,549 ----a-w C:\Fieldrunners.zip
    2009-01-07 10:28 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
    2009-01-03 12:57 --------- d-----w c:\documents and settings\wiizer\Application Data\FindeXer
    2009-01-03 10:27 --------- d-----w c:\program files\CCleaner
    2009-01-02 21:45 --------- d-----w c:\program files\Fichiers communs\Stardock
    2009-01-01 23:04 67,981 ----a-w c:\windows\BricoPackUninst.cmd
    2009-01-01 23:04 5,269 ----a-w c:\windows\BricoPackFoldersDelete.cmd
    2009-01-01 23:04 219,648 ----a-w c:\windows\system32\uxtheme.dll
    2009-01-01 22:56 --------- d-----w c:\program files\Styler
    2009-01-01 22:04 2,141,696 ----a-w c:\windows\Internet Logs\xDB7.tmp
    2008-12-28 11:32 2,298,328 ----a-w C:\FREEUSENETACCOUNTS_401564F.EXE
    2008-12-27 13:37 --------- d-----w c:\program files\Stardock
    2008-12-26 16:53 2,930,176 ----a-w c:\windows\Internet Logs\xDB6.tmp
    2008-12-24 14:19 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
    2008-12-24 12:18 --------- d-----w c:\program files\WinFlip
    2008-12-24 12:18 --------- d-----w c:\program files\ViSplore
    2008-12-24 12:18 --------- d-----w c:\program files\TrueTransparency
    2008-12-23 22:58 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
    2008-12-21 15:27 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
    2008-12-21 15:24 --------- d-----w c:\program files\Windows Installer Clean Up
    2008-12-21 15:24 --------- d-----w c:\program files\MSECACHE
    2008-12-21 15:08 53,879,008 -c--a-w c:\program files\Windows Live.rar
    2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-12-20 22:24 --------- d-----w c:\program files\NCH Swift Sound
    2008-12-20 22:22 --------- d-----w c:\program files\Visicom Media
    2008-12-19 17:51 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
    2008-12-19 17:48 2,872,320 -c--a-w c:\windows\Internet Logs\xDB4.tmp
    2008-12-19 17:48 1,456,128 -c--a-w c:\windows\Internet Logs\xDB5.tmp
    2008-12-19 17:44 1,456,128 -c--a-w c:\windows\Internet Logs\xDB3.tmp
    2008-12-18 20:42 --------- d-----w c:\program files\Windows Live
    2008-12-18 20:17 1,462,272 -c--a-w c:\windows\Internet Logs\xDB2.tmp
    2008-12-18 20:17 1,329,152 -c--a-w c:\windows\Internet Logs\xDB1.tmp
    2008-12-18 17:37 --------- d-----w c:\program files\MSBuild
    2008-12-18 17:29 --------- d-----w c:\program files\Reference Assemblies
    2008-12-17 15:45 --------- d-----w c:\program files\Microsoft Office Outlook Connector
    2008-12-17 15:45 --------- d-----w c:\program files\Microsoft
    2008-12-17 15:42 --------- d-----w c:\program files\Windows Live SkyDrive
    2008-12-17 15:35 --------- d-----w c:\program files\Fichiers communs\Windows Live
    2008-12-16 17:33 --------- d-----w c:\documents and settings\wiizer\Application Data\DAEMON Tools Pro
    2008-12-16 17:33 --------- d-----w c:\documents and settings\wiizer\Application Data\DAEMON Tools Lite
    2008-12-16 17:33 --------- d-----w c:\documents and settings\wiizer\Application Data\DAEMON Tools
    2008-12-16 17:33 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
    2008-12-12 10:11 61,440 ----a-w c:\windows\system32\dnssd.dll
    2008-12-10 08:45 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
    2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
    2008-12-04 08:28 24,344 ----a-w c:\windows\system32\PhysXDevice.dll
    2008-11-22 15:48 17,034,222 ----a-w C:\QuickPwn22-1.exe
    2008-11-15 18:10 1,420,800 -c--a-w c:\windows\Internet Logs\xDB38A.tmp
    2008-11-13 07:40 22,328 -c--a-w c:\documents and settings\wiizer\Application Data\PnkBstrK.sys
    2008-04-13 16:04 35 ----a-w c:\documents and settings\Magali\Res_magali.bat
    2008-04-13 16:03 36 ----a-w c:\documents and settings\wiizer\Res_calliste.bat
    2008-04-13 16:03 36 ----a-w c:\documents and settings\wiizer\Copie de Res_calliste.bat
    2008-04-13 15:58 137,216 ----a-w c:\documents and settings\wiizer\Setvideo.exe
    2008-04-13 15:58 137,216 ----a-w c:\documents and settings\Magali\Setvideo.exe
    2006-06-23 22:48 32,768 -c--a-r c:\windows\inf\UpdateUSB.exe
    .

    ------- Sigcheck -------

    2008-04-13 19:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\explorer.exe
    2007-06-13 14:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2007-06-13 14:22 1037312 d0288319660edcfed07c7e74c4ea38a5 c:\windows\$NtServicePackUninstall$\explorer.exe
    2004-08-10 13:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa c:\windows\$NtUninstallKB938828$\explorer.exe
    2008-04-13 19:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\ServicePackFiles\i386\explorer.exe

    2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\ServicePackFiles\i386\wuauclt.exe
    2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe
    2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-11-06 5724184]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
    "Google Update"="c:\documents and settings\wiizer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
    "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-02-06 3325952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
    "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
    "WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-02-12 69632]
    "WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-02-12 397312]
    "LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
    "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
    "Norton Ghost 9.0"="c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-29 1122304]
    "MDDiskProtect.exe"="c:\program files\Mediafour\MacDrive\MDDiskProtect.exe" [2005-04-15 106496]
    "Mediafour XPlay Tray Notification Icon"="c:\program files\Mediafour\XPlay\XPTRYICN.EXE" [2004-09-27 94208]
    "Mediafour Mac Volume Notifications"="c:\program files\Fichiers communs\Mediafour\MACVNTFY.EXE" [2002-12-17 61440]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
    "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
    "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
    "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-13 91432]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]
    "nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

    c:\documents and settings\Magali\Menu D‚marrer\Programmes\D‚marrage\
    Raccourci vers Res_magali.lnk - c:\documents and settings\Magali\Res_magali.bat [2008-04-13 35]

    c:\documents and settings\wiizer\Menu D‚marrer\Programmes\D‚marrage\
    RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
    TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
    UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
    backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^wiizer^Menu Démarrer^Programmes^Démarrage^Enregistrement de produit Logitech.lnk]
    path=c:\documents and settings\wiizer\Menu Démarrer\Programmes\Démarrage\Enregistrement de produit Logitech.lnk
    backup=c:\windows\pss\Enregistrement de produit Logitech.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a--c--- 2008-02-28 16:07 1828136 c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    --a--c--- 2006-09-10 21:56 218032 c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    --a------ 2007-10-25 15:37 2178832 c:\program files\Logitech\QuickCam\Quickcam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    --a--c--- 2008-02-18 15:29 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a--c--- 2008-02-28 08:59 570664 c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
    --a------ 2004-07-29 04:41 1122304 c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "usnjsvc"=3 (0x3)
    "UleadBurningHelper"=2 (0x2)
    "ose"=3 (0x3)
    "odserv"=3 (0x3)
    "Nero BackItUp Scheduler 3"=2 (0x2)
    "iPod Service"=3 (0x3)
    "gusvc"=2 (0x2)
    "Bonjour Service"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "e:\\Jeux\\Unreal Tournament 3\\Binaries\\UT3.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\WINDOWS\\system32\\muzapp.exe"=
    "e:\\Jeux\\Grid\\GRID.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "e:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
    "e:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "e:\\Jeux\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=
    "e:\\Jeux\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "e:\\Jeux\\Far Cry 2\\bin\\FarCry2.exe"=
    "e:\\Jeux\\Far Cry 2\\bin\\FC2Launcher.exe"=
    "e:\\Jeux\\Far Cry 2\\bin\\FC2Editor.exe"=
    "e:\\Jeux\\Dead Space\\Dead Space.exe"=
    "e:\\Jeux\\Call of Duty - World at War\\CoDWaW.exe"=
    "e:\\Jeux\\Call of Duty - World at War\\CoDWaWmp.exe"=
    "e:\\Jeux\\Left4Dead\\hl2.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\BitComet\\BitComet.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "e:\\Jeux\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
    "e:\\Jeux\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
    "e:\\Jeux\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
    "e:\\Jeux\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.SYS [2005-07-20 24320]
    R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-07-29 138780]
    R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2008-09-22 2915944]
    R1 MDFSYSNT;MDFSYSNT;c:\windows\system32\drivers\MDFSYSNT.SYS [2006-09-13 213888]
    R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-07-29 46779]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-05-15 12:07:00 61424]
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008-04-12 38656]
    R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [2008-05-18 9446]
    S1 efbDisk;efbDisk; [x]
    S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
    S2 gupdate1c98b76b7e2157e;Google Update Service (gupdate1c98b76b7e2157e);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
    S4 FAH@E:+Jeux+Far Cry 2+bin+FAH.exe;FAH@E:+Jeux+Far Cry 2+bin+FAH.exe;e:\jeux\Far Cry 2\bin\FAH.exe -svcstart --> e:\jeux\Far Cry 2\bin\FAH.exe -svcstart [?]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d478b3fa-8703-11dd-a146-001e8c548aaf}]
    \Shell\AutoRun\command - K:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d478b3fe-8703-11dd-a146-001e8c548aaf}]
    \Shell\AutoRun\command - M:\LaunchU3.exe -a

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1511V381-503S-FJK6-DV2X-OM1X47B72P41}]
    c:\windows\system32\Windows_NT\vshost,.exe Restart

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3F84FD27-F960-045B-9922-05659432BC56}]
    c:\windows\system32:svchost.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FED86DD-301D-00E3-DE76-5A248A19EDE8}]
    c:\windows\system32:system32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{63E320C5-1DCA-CC58-8BA8-2365F1D0E3C4}]
    c:\windows\system32\system32\sys32.exe s
    .
    Contents of the 'Scheduled Tasks' folder

    2009-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-02-15 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-10 12:56]

    2009-02-15 c:\windows\Tasks\GoogleUpdateTaskMachine.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 12:57]

    2009-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-861567501-839522115-1003.job
    - c:\documents and settings\wiizer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 20:35]
    .
    - - - - ORPHANS REMOVED - - - -

    ShellIconOverlayIdentifiers-Mediafour Mac Volume Icons - (no file)
    HKCU-Run-sTabLauncher - e:\logiciel\sTabLauncher\sTabLauncher.exe
    HKCU-Run-LClock - c:\program files\LClock\LClock.exe
    HKCU-Run-ViStart - c:\program files\ViStart\ViStart.exe
    HKCU-Run-ViOrb - c:\program files\ViOrb\ViOrb.exe
    HKCU-Run-VisualTooltip - c:\program files\VisualTooltip\VisualToolTip.exe
    HKCU-Run-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
    HKLM-Run-DrvIcon - c:\program files\Vista Drive Icon\DrvIcon.exe
    HKLM-Run-SlipStream - c:\program files\ONSPEED\onspeedcore.exe
    HKLM-Run-Printspooler - c:\program files\spooler.exe
    HKLM-Run-pdfSaver3 - (no file)
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    MSConfigStartUp-BitTorrent - e:\bittorrent\bittorrent.exe
    MSConfigStartUp-SSBkgdUpdate - c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.dufpy.com
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    mWindow Title =
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    LSP: c:\progra~1\ONSPEED\sliplsp.dll
    Trusted Zone: localhost
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    FF - ProfilePath - c:\documents and settings\wiizer\Application Data\Mozilla\Firefox\Profiles\3opjyj2z.default\
    FF - prefs.js: browser.search.selectedEngine - Live Search
    FF - prefs.js: browser.startup.homepage - hxxp://google.fr/
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
    FF - component: c:\documents and settings\wiizer\Application Data\Mozilla\Firefox\Profiles\3opjyj2z.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
    FF - component: c:\documents and settings\wiizer\Application Data\Mozilla\Firefox\Profiles\3opjyj2z.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
    FF - component: c:\documents and settings\wiizer\Application Data\Mozilla\Firefox\Profiles\3opjyj2z.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-15 16:04:58
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    "ServiceDll"="c:\windows\system32\es.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@E:+Jeux+Far Cry 2+bin+FAH.exe]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1078081533-861567501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E3099F85-FF8C-6DDD-BFDD-6467C69A4FE1}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "pabjcmnkamdkdcmbnfffjikikdhmpfbj"=hex:69,61,6f,62,64,68,6c,67,6a,66,6f,65,67,
    68,64,67,6a,70,00,00
    "oadiibpjlkohckmlabjbhedebcghhc"=hex:69,61,6f,62,64,68,6c,67,6a,66,6f,65,67,68,
    64,67,6a,70,00,00

    [HKEY_USERS\S-1-5-21-1078081533-861567501-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:b3,ab,1a,60,59,87,23,de,d8,82,ea,63,a8,cf,89,d0,3f,0c,19,59,32,75,48,
    0e,82,22,74,5a,15,c6,a3,32,a8,ab,d2,36,57,51,45,86,ee,4d,14,3a,3a,12,71,0e,\
    "??"=hex:a4,55,f2,81,51,55,21,a9,fe,24,6e,cd,a8,1f,d7,ca

    [HKEY_USERS\S-1-5-21-1078081533-861567501-839522115-1003\Software\SecuROM\License information*]
    "datasecu"=hex:bc,ca,ed,b7,3e,4d,2f,3e,89,7a,76,88,04,28,90,c9,7d,b4,b5,2a,92,
    75,6a,2e,62,46,73,3f,50,fd,df,07,24,7f,36,ba,ad,f2,d7,00,a2,45,2c,fa,13,b0,\
    "rkeysecu"=hex:D 1,36,ce,5c,9e,44,7e,02,cf,86,79,08,13,fc,92,8d

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,64,c2,4a,bb,55,
    aa,dd,c3,e2,63,26,f1,3f,c8,ff,68,41,78,54,6b,cb,25,73,5e,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,54,19,d2,0c,e7,
    73,ca,39,6a,9c,d6,61,af,45,84,18,38,bb,d5,45,c2,68,70,5c,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,ee,66,9b,bd,ad,
    b8,10,80,ff,7c,85,e0,43,d4,0e,fe,e7,38,ef,42,95,63,97,c3,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,4a,e9,7c,e0,61,
    70,c7,58,86,8c,21,01,be,91,eb,e7,ba,33,a5,03,1a,41,48,16,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,78,1a,35,95,c7,
    46,84,5c,f5,1d,4d,73,a8,13,5c,05,1d,83,69,e8,ac,fb,66,38,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:D f,20,58,62,78,6b,cf,c8,d5,f7,92,ec,ef,
    75,dc,03,df,20,58,62,78,6b,cf,c8,4e,9e,52,48,ec,c0,a7,1c,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,c7,88,21,0f,f1,
    d6,79,82,fb,a7,78,e6,12,2f,9a,ea,e2,c6,0d,83,3a,45,f8,77,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,a8,be,1c,0b,c7,
    c5,9c,2a,01,3a,48,fc,e8,04,4a,f1,82,29,83,2f,7d,40,7b,d2,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,47,16,73,47,89,
    61,70,02,f6,0f,4e,58,98,5b,89,c9,25,df,65,00,2e,63,32,b1,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,41,c2,0a,00,96,
    e2,24,f5,3d,ce,ea,26,2d,45,aa,78,37,32,9f,41,5c,1f,78,77,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,65,88,ef,ad,83,
    50,d4,ee,2a,b7,cc,b5,b9,7f,41,e7,8b,2c,6d,d9,31,77,a6,50,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,e4,d1,5f,6e,af,
    ec,e0,8c,6c,43,2d,1e,aa,22,2f,9c,92,e1,1e,0f,d6,06,73,36,6c,43,2d,1e,aa,22,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(1112)
    c:\windows\system32\scecli.dll
    c:\progra~1\ONSPEED\sliplsp.dll
    c:\windows\system32\sliprt.dll
    .
    Completion time: 2009-02-15 16:06:47
    ComboFix-quarantined-files.txt 2009-02-15 15:06:38

    Pre-Run: 26ÿ950ÿ717ÿ440 octets libres
    Post-Run: 26,954,375,168 octets libres

    484 --- E O F --- 2009-02-13 18:36:03

    m
    0
    l
    a c 296 8 Sécurité
    15 Février 2009 17:56:23

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Double-clique sur OTMoveIt3.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :files
    c:\windows\pop.htm
    c:\windows\system32\jwtch32.exe
    c:\program files\spooler.exe

    :reg
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    m
    0
    l
    15 Février 2009 18:16:19

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    c:\windows\pop.htm moved successfully.
    File/Folder c:\windows\system32\jwtch32.exe not found.
    File/Folder c:\program files\spooler.exe not found.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe\\ not found.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe\\ not found.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\hsperfdata_wiizer\4452 scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\e4j4.tmp_dir25048\exe4jlib.jar scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\etilqs_GQxrOXUfiEMgM8I scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\etilqs_YgikQCFj1sblJnu scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-gdip-win32-3448.dll scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-win32-3448.dll scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\wiizer\LOCALS~1\Temp\~DF2A1D.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\windows\temp\Perflib_Perfdata_8c4.dat scheduled to be deleted on reboot.
    File delete failed. C:\windows\temp\ZLT06d16.TMP scheduled to be deleted on reboot.
    File delete failed. C:\windows\temp\ZLT06d19.TMP scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    FireFox cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02152009_180322

    Files moved on Reboot...
    File C:\DOCUME~1\wiizer\LOCALS~1\Temp\hsperfdata_wiizer\4452 not found!
    C:\DOCUME~1\wiizer\LOCALS~1\Temp\e4j4.tmp_dir25048\exe4jlib.jar moved successfully.
    File C:\DOCUME~1\wiizer\LOCALS~1\Temp\etilqs_GQxrOXUfiEMgM8I not found!
    File C:\DOCUME~1\wiizer\LOCALS~1\Temp\etilqs_YgikQCFj1sblJnu not found!
    DllUnregisterServer procedure not found in C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-gdip-win32-3448.dll
    C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-gdip-win32-3448.dll NOT unregistered.
    C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-gdip-win32-3448.dll moved successfully.
    DllUnregisterServer procedure not found in C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-win32-3448.dll
    C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-win32-3448.dll NOT unregistered.
    C:\DOCUME~1\wiizer\LOCALS~1\Temp\swt-win32-3448.dll moved successfully.
    C:\DOCUME~1\wiizer\LOCALS~1\Temp\WCESLog.log moved successfully.
    File C:\DOCUME~1\wiizer\LOCALS~1\Temp\~DF2A1D.tmp not found!
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
    File C:\windows\temp\Perflib_Perfdata_8c4.dat not found!
    File C:\windows\temp\ZLT06d16.TMP not found!
    File C:\windows\temp\ZLT06d19.TMP not found!

    m
    0
    l
    15 Février 2009 18:16:59

    regedit et le gestionnaire de tache remarche. Merci beaucoup à vous!
    m
    0
    l
    a c 296 8 Sécurité
    15 Février 2009 18:18:12

    Et oui ;) 

  • Télécharge SDFix (créé par AndyManchesta) sur ton Bureau.
  • Double-clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
  • Redémarre ton ordinateur en Mode sans échec.

    Pour redémarrer en mode sans échec :
  • Redémarre ton PC.
  • Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
  • Dans le menu d'options avancées, choisis Mode sans échec.
  • Choisis ta session.

    Déroule la liste des instructions ci-dessous :
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse.
    m
    0
    l
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS