msserver et trojan problemes

bonjour a vous, ca fait un bon moment que je suis sur votre forum a essayer de lire et surtout de comprendre, il me semble que les personnes ici sont competantes, et peut etre vous pourrez m'aider
j'ai depuis plusieurs jour un probleme de Trojan, j'utilise McAfee, antivirus/firewall avec abonnement chez mon FAI
je lance l'analyse et il me trouve a chaque fois un trojan (.../windows/system32/....dll), mais aussi dans la base de registre, (j'abrege).../run/msserver. j'essaye a chaque fois de l'effacer de la base de registres, mais il revient sans cesse, quaand au trojan, il m'ait demande de redemarrer, ce que je fait a chaque fois, et le trojan revient aussi, sous un autre nom
merci de m'aider, si vous le pouvez et le voulez
Jean
j'ai deja telechage HijackThis et ComboFix (en cas de besoin)

Bonsoir,

Télécharge HiJackThis de Merijn sur ton bureau.

- Double-clic sur HijackThis.
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note.

- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller

Aide : N'hésite pas à consulter l'aide HiJackThis.


Cordialement.

merci et voici le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:01:06, on 14/08/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
E:\Windows\system32\Dwm.exe
E:\Windows\system32\taskeng.exe
E:\Windows\Explorer.EXE
E:\Windows\RtHDVCpl.exe
E:\Windows\System32\oodtray.exe
E:\Program Files\McAfee.com\Agent\mcagent.exe
E:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
E:\Program Files\Windows Media Player\wmpnscfg.exe
E:\Windows\System32\rundll32.exe
E:\Program Files\Microsoft Office\Office10\msoffice.exe
E:\Windows\system32\conime.exe
E:\Windows\System32\mobsync.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jeancdg.aceboard.fr/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {27B47AD3-2380-361D-83E3-A008F592F141} - (no file)
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - e:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Smart-Shopper - {4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} - E:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - E:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: CoolIrisIEHelperObject.CoolIrisIEBHO - {AD0BAB4B-212D-45D7-9E5B-CB1579132715} - E:\Program Files\CoolIris\CoolIrisIEHelperObject.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - e:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - E:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {E9FF1CAC-D44E-4A35-A6CA-76FF9DE396AB} - (no file)
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - E:\Program Files\PicLensIE\cooliris.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [WinSys2] E:\Windows\system32\startup.exe
O4 - HKLM\..\Run: [OODefragTray] E:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [mcagent_exe] "E:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McAfee Backup] "E:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe E:\Windows\system32\rqRHyWMF.dll,#1
O4 - HKCU\..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] E:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] E:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: @E:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @E:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - E:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - E:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - E:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: CoolIris Preferences - {449DB14A-F988-4fd8-9361-F212D7B6414B} - E:\Program Files\CoolIris\CoolIrisPreferences.exe
O9 - Extra 'Tools' menuitem: CoolIris Preferences - {449DB14A-F988-4fd8-9361-F212D7B6414B} - E:\Program Files\CoolIris\CoolIrisPreferences.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.ca(...)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - E:\Windows\System32\DreamScene.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boostez votre PC Task Manager - Unknown owner - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HDD Information Service (HDDSvc) - Unknown owner - E:\Windows\system32\HDDSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - E:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - E:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - E:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - E:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - E:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - E:\Windows\system32\oodag.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - E:\Windows\system32\drivers\pclepci.sys
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - E:\Windows\system32\IoctlSvc.exe (file missing)
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - E:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - E:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - E:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - E:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - E:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - E:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Windows Live ID Sign-in Assistant (wlidsvc) - Unknown owner - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (file missing)

--
End of file - 11201 bytes

Bonsoir,

Désactive tes logiciels de sécurité durant la procédure.

1) Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

- Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
- Double-clique sur l'icône AD-Remover située sur ton Bureau.
- Au menu principal, choisis l'option L.
- Poste le rapport qui apparaît à la fin.

Le rapport est sauvegardé aussi sous C:\Ad-report(date).log


2) Télécharge OTL (de OldTimer) et enregistre-le sur ton Bureau.

- Quitte les applications en cours afin de ne pas interrompre le scan.
- Une fenêtre apparaît. Dans la section Output en haut de cette fenêtre, coche "Minimal Output". Fais de même avec "Scan All Users".
- Coche également les cases à côté de "LOP Check" et "Purity Check".
- Dans la zone Extra Registry, coche "Use Safelist".

Ne modifie pas les autres paramètres !

- Clique sur le bouton Run Scan.
- Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTListIT2 (donc par défaut sur le Bureau).

- Copie/colle ici le contenu des deux fichiers. Utilise un message par rapport.


Cordialement.

j'essaye d'installer Ad-remover, et mon antivirus me met ce msg
McAfee a bloqué un programme potentiellement indésirable sur votre ordinateur. Si vous ne reconnaissez pas ce programme, nous vous recommandons de le supprimer.

A propos de ce Programme potentiellement indésirable
Nom: PrcViewer
Emplacement: E:\Program Files\Ad-remover\Process.$$A

Les logiciels espions, publicitaires et d'autres programmes potentiellement indésirables peuvent nuire à votre ordinateur, compromettre la sécurité informatique et endommager de précieux fichiers.


que faire ? "autoriser le programme"

Bonsoir,

Il s'agit d'une fausse alerte.

Cordialement.

voici le rapport de ad-remover, et je continue avec OTL, je posterai les 2 rapports sur 2 msg

merci

.
======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 21:14:53, 14/08/2009 | Mode Normal | Option: CLEAN
Exécuté de: E:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows Vista™ Ultimate Service Pack 2 v6.0.6002
Nom du PC: CDGJEAN | Utilisateur actuel: jean
.
Administrateur: Administrateur *Desactive*
N'est pas administrateur: ASPNET
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité *Desactive*
Administrateur: jean
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
HKCR\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
HKCR\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
HKCR\MediaPlayer.GraphicsUtils
HKCR\MediaPlayer.GraphicsUtils.1
HKCR\MgMediaPlayer.GifAnimator
HKCR\MgMediaPlayer.GifAnimator.1
HKCR\SWEETIE.IEToolbar
HKCR\SWEETIE.IEToolbar.1
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}
HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}
HKCU\Software\SweetIM
HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
HKLM\Software\SweetIM
HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\Registry\User\S-1-5-21-1644491937-1085031214-839522115-1004\Software\Sweetim
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
.
E:\Users\jean\AppData\Roaming\Mozilla\Firefox\Profiles\hdr7utgp.default\SweetIMToolbarData\logs
E:\Users\jean\AppData\Roaming\Mozilla\Firefox\Profiles\hdr7utgp.default\SweetIMToolbarData
E:\Program Files\AskTBar\bar
E:\Program Files\AskTBar\bar\History
E:\Program Files\AskTBar\bar\Settings
E:\Program Files\AskTBar\bar\History\search2
E:\Program Files\AskTBar
E:\Users\jean\AppData\Roaming\Mozilla\Firefox\Profiles\hdr7utgp.default\searchplugins\sweetim.xml

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.

* Mozilla FireFox Version 3.5.2 *

Nom du profil: hdr7utgp.default (jean)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Yahoo");
(Prefs.js) user_pref("browser.search.selectedEngine", "Google");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://jeancdg.aceboard.fr/index.php");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.1.2");
.
(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.mode.debug", "false");
(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p=");
(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.search.history.capacity", "10");
(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.simapp_id", "{E1305D52-5C03-11DE-95BC-0019DBF52E28}");
(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.version", "1.0.0.8");
.

* Internet Explorer Version 8.0.6001.18813 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

.
============== Processus Caches/Bloque ==============
.
PID: 1412 [LOCKED] audiodg.exe
.

============== Suspect (Cracks, Serials ... ) ==============

.
.
===================================
.
5714 Octet(s) - E:\Ad-Report-CLEAN.log
.
1 Fichier(s) - E:\Users\jean\AppData\Local\Temp
13 Fichier(s) - E:\Windows\Temp
.
21 Fichier(s) - E:\Program Files\Ad-remover\BACKUP
1 Fichier(s) - E:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 21:43:34 | 14/08/2009
.
============== E.O.F ==============
.

OTL.txt

OTL logfile created on: 14/08/2009 21:55:21 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = E:\Users\jean\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 46,94% Memory free
4,00 Gb Paging File | 3,10 Gb Available in Paging File | 77,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 92,23 Gb Total Space | 53,39 Gb Free Space | 57,89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 74,53 Gb Total Space | 19,17 Gb Free Space | 25,73% Space Free | Partition Type: NTFS
Drive F: | 94,64 Gb Total Space | 88,22 Gb Free Space | 93,22% Space Free | Partition Type: NTFS
Drive G: | 92,61 Gb Total Space | 77,27 Gb Free Space | 83,44% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 74,52 Gb Total Space | 24,80 Gb Free Space | 33,27% Space Free | Partition Type: NTFS
Drive M: | 111,79 Gb Total Space | 38,01 Gb Free Space | 34,00% Space Free | Partition Type: NTFS

Computer Name: CDGJEAN
Current User Name: jean
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - E:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - E:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - E:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - E:\Windows\System32\oodtray.exe (O&O Software GmbH)
PRC - E:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - E:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - E:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - E:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - E:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - e:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - E:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - E:\Program Files\Microsoft Office\Office10\msoffice.exe (Microsoft Corporation)
PRC - E:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - E:\Windows\System32\oodag.exe (O&O Software GmbH)
PRC - E:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - E:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - E:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - E:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - E:\Windows\ehome\ehsched.exe (Microsoft Corporation)
PRC - E:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
PRC - e:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - E:\Windows\System32\mobsync.exe (Microsoft Corporation)
PRC - E:\Windows\explorer.exe (Microsoft Corporation)
PRC - E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - E:\Users\jean\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (ACDaemon [Auto | Running]) -- E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (Apple Mobile Device [Auto | Running]) -- E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- E:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Boostez votre PC Task Manager [Auto | Stopped]) -- File not found
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Running]) -- E:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Running]) -- E:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- E:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- E:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- E:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate [Auto | Stopped]) -- E:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (HDDSvc [Auto | Stopped]) -- File not found
SRV - (IDriverT [On_Demand | Stopped]) -- E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- E:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- E:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LightScribeService [Auto | Running]) -- E:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MBackMonitor [On_Demand | Stopped]) -- E:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- E:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (mcmscsvc [Auto | Running]) -- E:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- e:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- E:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- e:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- E:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [Disabled | Stopped]) -- E:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MDM [Auto | Running]) -- E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- E:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MpfService [Auto | Running]) -- E:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service [Auto | Running]) -- E:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- E:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (nvsvc [Auto | Running]) -- E:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (O&O Defrag [Auto | Running]) -- E:\Windows\System32\oodag.exe (O&O Software GmbH)
SRV - (odserv [On_Demand | Stopped]) -- E:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PCLEPCI [Auto | Stopped]) -- E:\Windows\System32\drivers\pclepci.sys (Pinnacle Systems GmbH)
SRV - (PLFlash DeviceIoControl Service [Auto | Stopped]) -- File not found
SRV - (RapiMgr [Auto | Running]) -- E:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (Roxio UPnP Renderer 10 [On_Demand | Stopped]) -- E:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 10 [Auto | Stopped]) -- E:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (RoxLiveShare10 [Auto | Stopped]) -- E:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxMediaDB10 [On_Demand | Stopped]) -- E:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (RoxWatch10 [Auto | Stopped]) -- E:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (Stereo Service [Auto | Running]) -- E:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (stllssvr [On_Demand | Stopped]) -- E:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (WcesComm [Auto | Running]) -- E:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (WinDefend [On_Demand | Stopped]) -- E:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (wlidsvc [Auto | Stopped]) -- File not found
SRV - (WMPNetworkSvc [On_Demand | Running]) -- E:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adfs [Auto | Running]) -- E:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (adp94xx [Disabled | Stopped]) -- E:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- E:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- E:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- E:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (Afc [On_Demand | Running]) -- E:\Windows\System32\drivers\Afc.sys (Arcsoft, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- E:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- E:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- E:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (archlp [System | Running]) -- E:\Windows\System32\drivers\archlp.sys ()
DRV - (arcsas [Disabled | Stopped]) -- E:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- E:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- E:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- E:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- E:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- E:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- E:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (camfilt2 [On_Demand | Stopped]) -- E:\Windows\System32\Drivers\camfilt2.sys (Guillemot Corporation)
DRV - (CLBStor [System | Running]) -- E:\Windows\System32\drivers\CLBStor.sys (Cyberlink Co.,Ltd.)
DRV - (CLBUDF [Auto | Running]) -- E:\Windows\System32\drivers\CLBUDF.sys (CyberLink Corporation.)
DRV - (cmdide [Disabled | Stopped]) -- E:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (COMMONFX.DLL [On_Demand | Running]) -- E:\Windows\System32\COMMONFX.DLL (Creative Technology Ltd)
DRV - (CT20XUT.DLL [On_Demand | Stopped]) -- E:\Windows\System32\CT20XUT.DLL (Creative Technology Ltd.)
DRV - (ctac32k [On_Demand | Stopped]) -- E:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctaud2k [On_Demand | Running]) -- E:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (CTAUDFX.DLL [On_Demand | Running]) -- E:\Windows\System32\CTAUDFX.DLL (Creative Technology Ltd)
DRV - (ctdvda2k [On_Demand | Stopped]) -- E:\Windows\System32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL [On_Demand | Stopped]) -- E:\Windows\System32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL [On_Demand | Stopped]) -- E:\Windows\System32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL [On_Demand | Stopped]) -- E:\Windows\System32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CTEDSPSY.DLL [On_Demand | Stopped]) -- E:\Windows\System32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTERFXFX.DLL [On_Demand | Stopped]) -- E:\Windows\System32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTEXFIFX.DLL [On_Demand | Stopped]) -- E:\Windows\System32\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV - (CTHWIUT.DLL [On_Demand | Stopped]) -- E:\Windows\System32\CTHWIUT.DLL (Creative Technology Ltd.)
DRV - (ctprxy2k [On_Demand | Running]) -- E:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (CTSBLFX.DLL [On_Demand | Running]) -- E:\Windows\System32\CTSBLFX.DLL (Creative Technology Ltd)
DRV - (ctsfm2k [On_Demand | Running]) -- E:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (DgiVecp [Auto | Stopped]) -- E:\Windows\System32\Drivers\DgiVecp.sys (Samsung Electronics Co., Ltd.)
DRV - (DIBLOAD2 [On_Demand | Stopped]) -- E:\Windows\System32\DRIVERS\dgtvload2.sys (Ultima S.A)
DRV - (E1G60 [On_Demand | Stopped]) -- E:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- E:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (emupia [On_Demand | Running]) -- E:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (GEARAspiWDM [On_Demand | Running]) -- E:\Windows\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (guillflt [On_Demand | Stopped]) -- E:\Windows\System32\DRIVERS\guillflt.sys (Guillemot Corp S.A.)
DRV - (ha10kx2k [On_Demand | Running]) -- E:\Windows\System32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap16v2k [On_Demand | Running]) -- E:\Windows\System32\drivers\hap16v2k.sys (Creative Technology Ltd)
DRV - (hap17v2k [On_Demand | Stopped]) -- E:\Windows\System32\drivers\hap17v2k.sys (Creative Technology Ltd)
DRV - (hcwhdpvr [On_Demand | Stopped]) -- E:\Windows\System32\DRIVERS\hcwhdpvr.sys (Hauppauge, Inc.)
DRV - (hcwPP2 [On_Demand | Running]) -- E:\Windows\System32\DRIVERS\hcwPP2.sys (Hauppauge Computer Works, Inc.)
DRV - (hotcore3 [Boot | Running]) -- E:\Windows\system32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (HpCISSs [Disabled | Stopped]) -- E:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaStorV [Disabled | Stopped]) -- E:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- E:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- E:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- E:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- E:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (Iviaspi [On_Demand | Running]) -- E:\Windows\System32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- E:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- E:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- E:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (MarvinBus [On_Demand | Running]) -- E:\Windows\System32\DRIVERS\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (megasas [Disabled | Stopped]) -- E:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (mfeavfk [On_Demand | Running]) -- E:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- E:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- E:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Running]) -- E:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Stopped]) -- E:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MODUSB [On_Demand | Stopped]) -- E:\Windows\System32\Drivers\dgtvcap.sys (DiBcom SA)
DRV - (MPFP [System | Running]) -- E:\Windows\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- E:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- E:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- E:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvlddmkm [On_Demand | Running]) -- E:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- E:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- E:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ossrv [On_Demand | Running]) -- E:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (PxHelp20 [Boot | Running]) -- E:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- E:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- E:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RTL8169 [On_Demand | Running]) -- E:\Windows\System32\DRIVERS\Rtlh86.sys (Realtek Corporation )
DRV - (RxFilter [Disabled | Stopped]) -- E:\Windows\System32\DRIVERS\RxFilter.sys (Sonic Solutions)
DRV - (SCDEmu [System | Running]) -- E:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (secdrv [Auto | Running]) -- E:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sfdrv01 [Boot | Running]) -- E:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02 [Boot | Running]) -- E:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (sfvfs02 [Boot | Running]) -- E:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (SiSRaid2 [Disabled | Stopped]) -- E:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- E:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (snapman [Boot | Running]) -- E:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (SNP2UVC [On_Demand | Stopped]) -- E:\Windows\System32\DRIVERS\snp2uvc.sys ()
DRV - (sptd [Boot | Running]) -- E:\Windows\System32\Drivers\sptd.sys ()
DRV - (SSPORT [Auto | Running]) -- E:\Windows\System32\Drivers\SSPORT.sys (Samsung Electronics)
DRV - (Symc8xx [Disabled | Stopped]) -- E:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- E:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- E:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- E:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- E:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- E:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- E:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- E:\Windows\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaide [Disabled | Stopped]) -- E:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- E:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winusb [On_Demand | Stopped]) -- E:\Windows\System32\DRIVERS\winusb.sys (Microsoft Corporation)
DRV - (X4HSX32Ex [Auto | Running]) -- E:\Program Files\Player Metaboli\X4HSX32Ex.Sys (Exent Technologies Ltd.)
DRV - ({95808DC4-FA4A-4C74-92FE-5B863F82066B} [Auto | Running]) -- E:\Program Files\CyberLink\PowerDVD\000.fcl (Cyberlink Corp.)
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} [Auto | Running]) -- E:\Program Files\CyberLink\PowerDVD8\000.fcl (Cyberlink Corp.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1644491937-1085031214-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKU\S-1-5-21-1644491937-1085031214-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_search_url = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1644491937-1085031214-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1644491937-1085031214-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1644491937-1085031214-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKU\S-1-5-21-1644491937-1085031214-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1644491937-1085031214-839522115-1004\S-1-5-21-1644491937-1085031214-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1644491937-1085031214-839522115-1004\S-1-5-21-1644491937-1085031214-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://jeancdg.aceboard.fr/index.php"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.1
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.6.0623
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}:6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {cdbbb3f6-a50e-4b20-a154-5fcbb3bbf43d}:1.2.6
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {E6C1199F-E687-42da-8C24-E7770CC3AE66}:0.4.2.1
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:3.0.3
FF - prefs.js..extensions.enabledItems: {2012933F-5996-499F-8FD1-E90828C3393A}:1.0
FF - prefs.js..extensions.enabledItems: YPlayer@yummy.net:1.0.0.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.0.9
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20090630
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: E:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 13:22:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: E:\Program Files\McAfee\SiteAdvisor [2009/07/19 04:44:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2009/08/14 02:01:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2009/08/14 02:02:34 | 00,000,000 | ---D | M]

[2009/03/09 04:18:33 | 00,000,000 | ---D | M] -- E:\Users\jean\AppData\Roaming\mozilla\Extensions
[2009/03/09 04:18:33 | 00,000,000 | ---D | M] -- E:\Users\jean\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/14 17:03:09 | 00,000,000 | ---D | M] -- E:\Users\jean\AppData\Roaming\mozilla\Firefox\Profiles\hdr7utgp.default\extensions
[2009/07/10 23:20:27 | 00,000,000 | ---D | M] -- E:\Users\jean\AppData\Roaming\mozilla\Firefox\Profiles\hdr7utgp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/18 13:10:14 | 00,000,000 | ---D | M] -- E:\Users\jean\AppData\Roaming\mozilla\Firefox\Profiles\hdr7utgp.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2009/07/22 11:09:10 | 00,000,000 | ---D | M] -- E:\Users\jean\AppData\Roaming\mozilla\Firefox\Profiles\hdr7utgp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/04/01 18:27:52 | 00,000,000 | ---D | M] -- E:\Users\jean\AppData\Roaming\mozilla\Firefox\Profiles\hdr7utgp.default\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2009/04/01 19:28:05 | 00,000,000 | ---D | M] -- E:\Users\jean\AppData\Roaming\mozilla\Firefox\Profiles\hdr7utgp.default\extensions\{cdbbb3f6-a50e-4b20-a154-5fcbb3bbf43d}
[2009/07/11 00:23:41 | 00,000,000 | ---D | M] -- E:\Users\jean\AppData\Roaming\mozilla\Firefox\Profiles\hdr7utgp.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2009/07/11 00:17:02 | 00,000,000 | ---D | M] -- E:\Users\jean\AppData\Roaming\mozilla\Firefox\Profiles\hdr7utgp.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2009/04/01 19:28:05 | 00,000,000 | ---D | M] -- E:\Users\jean\AppData\Roaming\mozilla\Firefox\Profiles\hdr7utgp.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}
[2009/03/27 15:56:15 | 00,000,000 | ---D | M] -- E:\Users\jean\AppData\Roaming\mozilla\Firefox\Profiles\hdr7utgp.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009/03/27 15:56:15 | 00,000,000 | ---D | M] -- E:\Users\jean\AppData\Roaming\mozilla\Firefox\Profiles\hdr7utgp.default\extensions\en-US@dictionaries.addons.mozilla.org
[2009/07/11 00:16:20 | 00,000,000 | ---D | M] -- E:\Users\jean\AppData\Roaming\mozilla\Firefox\Profiles\hdr7utgp.default\extensions\nasanightlaunch@example.com
[2009/07/11 00:23:27 | 00,000,000 | ---D | M] -- E:\Users\jean\AppData\Roaming\mozilla\Firefox\Profiles\hdr7utgp.default\extensions\piclens@cooliris.com
[2009/07/19 04:09:48 | 00,001,775 | ---- | M] () -- E:\Users\jean\AppData\Roaming\Mozilla\FireFox\Profiles\hdr7utgp.default\searchplugins\live-search.xml
[2009/08/14 17:03:09 | 00,000,000 | ---D | M] -- E:\Program Files\mozilla firefox\extensions
[2009/04/18 15:23:14 | 00,000,000 | ---D | M] -- E:\Program Files\mozilla firefox\extensions\{2012933F-5996-499F-8FD1-E90828C3393A}
[2009/08/04 12:40:55 | 00,000,000 | ---D | M] -- E:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/01 19:25:08 | 00,000,000 | ---D | M] -- E:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/01 20:47:46 | 00,000,000 | ---D | M] -- E:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/07/15 00:48:56 | 00,000,000 | ---D | M] -- E:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/07/20 22:56:16 | 00,000,000 | ---D | M] -- E:\Program Files\mozilla firefox\extensions\YPlayer@yummy.net
[2009/08/04 12:40:52 | 00,023,544 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 12:40:52 | 00,137,208 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 23:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- E:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- E:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/01/16 20:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- E:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 20:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- E:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/19 00:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- E:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2006/09/21 18:29:00 | 00,135,227 | ---- | M] (Exent Technologies Ltd.) -- E:\Program Files\mozilla firefox\plugins\npExentCtl.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- E:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/08/04 12:40:54 | 00,065,016 | ---- | M] (mozilla.org) -- E:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- E:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- E:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/07 13:52:20 | 00,143,360 | ---- | M] (Apple Inc.) -- E:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/07 13:52:20 | 00,143,360 | ---- | M] (Apple Inc.) -- E:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/07 13:52:21 | 00,143,360 | ---- | M] (Apple Inc.) -- E:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/07 13:52:21 | 00,143,360 | ---- | M] (Apple Inc.) -- E:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/07 13:52:21 | 00,143,360 | ---- | M] (Apple Inc.) -- E:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/07 13:52:21 | 00,143,360 | ---- | M] (Apple Inc.) -- E:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/07 13:52:21 | 00,143,360 | ---- | M] (Apple Inc.) -- E:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/05/01 23:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- E:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/07/18 00:15:41 | 00,001,516 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2009/07/18 00:15:41 | 00,001,822 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/07/18 00:15:41 | 00,000,757 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2009/07/18 00:15:41 | 00,002,371 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\google.xml
[2006/09/10 13:35:08 | 00,000,748 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2009/07/18 00:15:41 | 00,001,426 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2009/07/18 00:15:41 | 00,000,652 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml
[2009/06/07 16:14:31 | 00,000,710 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (1249 bytes) - E:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {27B47AD3-2380-361D-83E3-A008F592F141} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - e:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Smart-Shopper) - {4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} - E:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll (SmartShopper Networks)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - E:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - Reg Error: Value error. File not found
O2 - BHO: (CoolIrisIEHelperObject.CoolIrisIEBHO) - {AD0BAB4B-212D-45D7-9E5B-CB1579132715} - E:\Program Files\CoolIris\CoolIrisIEHelperObject.dll (Cooliris)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - e:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - E:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (no name) - {E9FF1CAC-D44E-4A35-A6CA-76FF9DE396AB} - No CLSID value found.
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - E:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-1644491937-1085031214-839522115-1004\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No CLSID value found.
O3 - HKU\S-1-5-21-1644491937-1085031214-839522115-1004\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-1644491937-1085031214-839522115-1004\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8287-79A187E26987} - No CLSID value found.
O3 - HKU\S-1-5-21-1644491937-1085031214-839522115-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [mcagent_exe] E:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSServer] E:\Windows\System32\rqRHyWMF.DLL ()
O4 - HKLM..\Run: [OODefragTray] E:\Windows\System32\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [RtHDVCpl] E:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WinSys2] E:\Windows\System32\startup.exe ()
O4 - HKU\.DEFAULT..\Run: [DevconDefaultDB] E:\Windows\System32\READREG.exe (Creative Technology Limited)
O4 - HKU\S-1-5-18..\Run: [DevconDefaultDB] E:\Windows\System32\READREG.exe (Creative Technology Limited)
O4 - HKU\S-1-5-19..\Run: [Sidebar] E:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] E:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] E:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] E:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-1644491937-1085031214-839522115-1004..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-1644491937-1085031214-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - E:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - E:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @E:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @E:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - E:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra Button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - E:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll (SmartShopper Networks)
O9 - Extra Button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - E:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll (SmartShopper Networks)
O9 - Extra Button: CoolIris Preferences - {449DB14A-F988-4fd8-9361-F212D7B6414B} - E:\Program Files\CoolIris\CoolIrisPreferences.exe (Cooliris)
O9 - Extra 'Tools' menuitem : CoolIris Preferences - {449DB14A-F988-4fd8-9361-F212D7B6414B} - E:\Program Files\CoolIris\CoolIrisPreferences.exe (Cooliris)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1644491937-1085031214-839522115-1004\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1644491937-1085031214-839522115-1004\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1644491937-1085031214-839522115-1004\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.ca(...) (DLM Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - E:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - E:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - E:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - E:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - E:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - E:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\Windows\Explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - E:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O28 - HKLM ShellExecuteHooks: {235B90D6-CB93-40A6-8F1A-AF422ADA9637} - E:\Windows\System32\rqRHyWMF.dll ()
O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (E:\Windows\system32\cbXOGVnL) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/08 00:01:25 | 00,000,256 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 23:43:36 | 00,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5922cd68-6cb2-11de-bdc8-0019dbf52e28}\Shell\AutoRun\command - "" = SYSTEM\S-3-7-89-2225458569-9856321456-454423558-8896\explorer.exe
O33 - MountPoints2\{5922cd68-6cb2-11de-bdc8-0019dbf52e28}\Shell\open\command - "" = SYSTEM\S-3-7-89-2225458569-9856321456-454423558-8896\explorer.exe
O33 - MountPoints2\{9ceef390-343c-11de-bced-0019dbf52e28}\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\O\Shell - "" = AutoRun
O33 - MountPoints2\Q\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - E:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (OODBS) - E:\Windows\System32\OODBS.exe (O&O Software GmbH)

========== Files/Folders - Created Within 30 Days ==========

[2009/08/14 21:08:59 | 00,001,630 | ---- | C] () -- E:\Users\jean\Desktop\Ad-remover.lnk
[2009/08/14 21:08:57 | 00,000,000 | ---D | C] -- E:\Program Files\Ad-remover
[2009/08/14 21:08:11 | 00,514,048 | ---- | C] (OldTimer Tools) -- E:\Users\jean\Desktop\OTL.exe
[2009/08/14 20:25:37 | 03,124,187 | ---- | C] () -- E:\Users\jean\Desktop\ComboFix.exe
[2009/08/14 20:03:59 | 00,026,624 | ---- | C] () -- E:\Windows\System32\rqRHyWMF.dll
[2009/08/14 19:45:52 | 00,001,834 | ---- | C] () -- E:\Users\jean\Desktop\HijackThis.lnk
[2009/08/14 19:45:52 | 00,000,000 | ---D | C] -- E:\Program Files\Trend Micro
[2009/08/14 16:49:19 | 00,000,638 | ---- | C] () -- E:\Users\Public\Desktop\Trojan Killer.lnk
[2009/08/13 15:19:51 | 00,001,147 | -H-- | C] () -- E:\Users\Public\Desktop\Tom Clancy's Rainbow Six Vegas.lnk
[2009/08/12 20:57:58 | 03,122,251 | -H-- | C] () -- E:\Users\jean\AppData\Local\IconCache.db
[2009/08/12 19:53:53 | 00,001,681 | ---- | C] () -- E:\Users\jean\Desktop\Start Download Manager.lnk
[2009/08/11 20:06:51 | 00,071,680 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\atl.dll
[2009/08/11 20:06:46 | 00,499,712 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\kerberos.dll
[2009/08/11 20:06:46 | 00,218,624 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msv1_0.dll
[2009/08/11 20:06:46 | 00,175,104 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wdigest.dll
[2009/08/11 20:06:45 | 01,259,008 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\lsasrv.dll
[2009/08/11 20:06:45 | 00,439,864 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\ksecdd.sys
[2009/08/11 20:06:45 | 00,270,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\schannel.dll
[2009/08/11 20:06:45 | 00,072,704 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\secur32.dll
[2009/08/11 20:06:44 | 00,009,728 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\lsass.exe
[2009/08/11 20:06:39 | 02,066,432 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mstscax.dll
[2009/08/11 20:06:35 | 00,091,136 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\avifil32.dll
[2009/08/11 20:06:31 | 00,160,256 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wkssvc.dll
[2009/08/11 20:06:24 | 00,071,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\telnet.exe
[2009/08/11 20:05:08 | 10,628,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wmp.dll
[2009/08/11 20:05:06 | 00,313,344 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wmpdxm.dll
[2009/08/11 20:05:05 | 00,007,680 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\spwmp.dll
[2009/08/11 20:05:05 | 00,004,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msdxm.ocx
[2009/08/11 20:05:05 | 00,004,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dxmasf.dll
[2009/08/11 20:05:04 | 08,147,456 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wmploc.DLL
[2009/08/11 20:05:04 | 00,043,520 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msdxm.tlb
[2009/08/11 20:05:04 | 00,018,432 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\amcompat.tlb
[2009/08/08 20:42:57 | 00,002,560 | ---- | C] () -- E:\Users\jean\AppData\Roaming\Par défaut.cls
[2009/08/08 13:24:39 | 00,000,882 | ---- | C] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/08/08 13:24:37 | 00,000,878 | ---- | C] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/08 00:47:21 | 00,000,000 | ---D | C] -- E:\Users\jean\Documents\Pinnacle Studio
[2009/08/08 00:44:19 | 00,000,000 | ---- | C] () -- E:\Windows\Graffiti5.2Pin.ini
[2009/08/08 00:37:10 | 00,000,000 | ---D | C] -- E:\Program Files\Common Files\Pinnacle
[2009/08/08 00:33:13 | 00,000,847 | -H-- | C] () -- E:\Users\Public\Desktop\Pinnacle Studio 12.lnk
[2009/08/08 00:30:32 | 00,000,000 | ---D | C] -- E:\Program Files\Common Files\Yahoo!
[2009/08/08 00:30:31 | 00,000,000 | ---D | C] -- E:\ProgramData\Studio 12
[2009/08/08 00:30:31 | 00,000,000 | ---D | C] -- E:\ProgramData\Pinnacle Studio Plus
[2009/08/08 00:17:26 | 00,000,000 | ---D | C] -- E:\Program Files\AdorageI-GfxDatas
[2009/08/08 00:08:59 | 00,000,855 | -H-- | C] () -- E:\Users\Public\Desktop\Studio.lnk
[2009/08/08 00:08:59 | 00,000,737 | -H-- | C] () -- E:\Users\Public\Desktop\Instant DVD Recorder.lnk
[2009/08/08 00:07:50 | 00,401,408 | ---- | C] (Pegasus Imaging Corporation) -- E:\Windows\System32\pvmjpg30.dll
[2009/08/08 00:06:11 | 00,233,472 | ---- | C] (Pinnacle Systems GmbH) -- E:\Windows\System32\DiskIO.dll
[2009/08/08 00:06:11 | 00,184,320 | ---- | C] (Pinnacle Systems GmbH) -- E:\Windows\System32\RALMain.dll
[2009/08/08 00:06:11 | 00,126,976 | ---- | C] (Pinnacle Systems GmbH) -- E:\Windows\System32\AVIPrAx.dll
[2009/08/08 00:06:11 | 00,073,728 | ---- | C] (Pinnacle Systems GmbH) -- E:\Windows\System32\MMAviAx.dll
[2009/08/08 00:06:11 | 00,041,984 | ---- | C] (Pinnacle Systems GmbH) -- E:\Windows\System32\cacheX.dll
[2009/08/08 00:06:11 | 00,032,768 | ---- | C] (Pinnacle Systems GmbH) -- E:\Windows\System32\MLPagAx.dll
[2009/08/08 00:06:06 | 02,079,232 | ---- | C] (LEAD Technologies, Inc.) -- E:\Windows\System32\LTCLR13s.dll
[2009/08/08 00:06:06 | 00,884,736 | ---- | C] (Fellowes, Inc.) -- E:\Windows\System32\LMUIRes.dll
[2009/08/08 00:06:06 | 00,064,512 | ---- | C] (LEAD Technologies, Inc.) -- E:\Windows\System32\lftga13s.dll
[2009/08/08 00:06:06 | 00,024,576 | ---- | C] (LEAD Technologies, Inc.) -- E:\Windows\System32\lftga13n.dll
[2009/08/08 00:06:06 | 00,012,288 | ---- | C] (Fellowes, Inc.) -- E:\Windows\System32\LMLRes.dll
[2009/08/08 00:04:04 | 00,000,000 | ---D | C] -- E:\Users\jean\Documents\My Projects
[2009/08/08 00:01:25 | 00,196,096 | ---- | C] () -- E:\Windows\System32\macd32.dll
[2009/08/08 00:01:25 | 00,138,752 | ---- | C] () -- E:\Windows\System32\mase32.dll
[2009/08/08 00:01:25 | 00,136,192 | ---- | C] () -- E:\Windows\System32\mamc32.dll
[2009/08/08 00:01:25 | 00,057,856 | ---- | C] () -- E:\Windows\System32\masd32.dll
[2009/08/08 00:01:25 | 00,027,648 | ---- | C] () -- E:\Windows\System32\ma32.dll
[2009/08/07 23:56:17 | 00,041,219 | ---- | C] (Pinnacle Systems) -- E:\Windows\RSETPATH.exe
[2009/08/07 23:56:00 | 00,027,807 | ---- | C] () -- E:\Windows\wmprfell.prx
[2009/08/07 23:56:00 | 00,020,481 | ---- | C] () -- E:\Windows\wmprfheb.prx
[2009/08/07 23:56:00 | 00,020,055 | ---- | C] () -- E:\Windows\wmprfsky.prx
[2009/08/07 23:56:00 | 00,019,751 | ---- | C] () -- E:\Windows\wmprfhun.prx
[2009/08/07 23:56:00 | 00,018,878 | ---- | C] () -- E:\Windows\wmprfcsy.prx
[2009/08/07 23:56:00 | 00,018,536 | ---- | C] () -- E:\Windows\wmprfplk.prx
[2009/08/07 23:56:00 | 00,018,422 | ---- | C] () -- E:\Windows\wmprfptg.prx
[2009/08/07 23:56:00 | 00,017,199 | ---- | C] () -- E:\Windows\wmprfptb.prx
[2009/08/07 23:56:00 | 00,017,019 | ---- | C] () -- E:\Windows\wmprfsve.prx
[2009/08/07 23:56:00 | 00,016,822 | ---- | C] () -- E:\Windows\wmprftrk.prx
[2009/08/07 23:56:00 | 00,016,814 | ---- | C] () -- E:\Windows\wmprfslv.prx
[2009/08/07 23:56:00 | 00,016,446 | ---- | C] () -- E:\Windows\wmprfnor.prx
[2009/08/07 23:56:00 | 00,016,398 | ---- | C] () -- E:\Windows\wmprfnld.prx
[2009/08/07 23:56:00 | 00,016,265 | ---- | C] () -- E:\Windows\wmprffin.prx
[2009/08/07 23:56:00 | 00,015,903 | ---- | C] () -- E:\Windows\wmprfdan.prx
[2009/08/07 23:56:00 | 00,000,635 | ---- | C] () -- E:\Windows\wmprfrus.prx
[2009/08/07 23:55:59 | 00,025,269 | ---- | C] () -- E:\Windows\WMPrfAra.prx
[2009/08/07 23:55:57 | 00,049,152 | ---- | C] (Pinnacle Systems) -- E:\Windows\System32\PCLEGetGuid.dll
[2009/08/07 23:55:13 | 00,000,000 | ---D | C] -- E:\Users\Public\Documents\Pinnacle Studio
[2009/08/06 20:54:52 | 00,000,690 | -H-- | C] () -- E:\Users\jean\Desktop\Lockdown..lnk
[2009/08/06 14:40:18 | 00,000,000 | ---D | C] -- E:\Users\jean\AppData\Roaming\VistaCodecs
[2009/08/06 14:40:02 | 00,000,000 | ---D | C] -- E:\Program Files\VistaCodecPack
[2009/08/05 23:01:10 | 00,000,000 | ---D | C] -- E:\Users\jean\Documents\Ubisoft
[2009/08/05 21:42:53 | 00,285,793 | ---- | C] () -- E:\r1mz5l.jpg
[2009/08/05 21:42:53 | 00,050,969 | ---- | C] () -- E:\lefteye1071.jpg
[2009/08/05 15:50:34 | 00,000,000 | ---D | C] -- E:\Users\jean\AppData\Roaming\TechSmith
[2009/08/05 15:46:19 | 00,000,000 | ---D | C] -- E:\Users\jean\Documents\Snagit Stamps
[2009/08/01 01:43:14 | 00,000,779 | -H-- | C] () -- E:\Users\jean\Desktop\Launch Cooliris.lnk
[2009/08/01 01:41:12 | 02,119,680 | ---- | C] () -- E:\Users\jean\AppData\Local\cooliris-win-ie-release-1.11.2.27471.en-US.msi
[2009/07/28 21:01:05 | 11,067,392 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieframe.dll
[2009/07/28 21:01:05 | 05,937,152 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtml.dll
[2009/07/28 21:01:04 | 01,985,536 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iertutil.dll
[2009/07/28 21:01:04 | 01,208,832 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\urlmon.dll
[2009/07/28 21:01:03 | 01,469,440 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\inetcpl.cpl
[2009/07/28 21:01:03 | 00,915,456 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wininet.dll
[2009/07/28 21:01:03 | 00,594,432 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2009/07/28 21:01:03 | 00,386,048 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iedkcs32.dll
[2009/07/28 21:01:03 | 00,206,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\occache.dll
[2009/07/28 21:01:02 | 00,184,320 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iepeers.dll
[2009/07/28 21:01:02 | 00,173,056 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ie4uinit.exe
[2009/07/28 21:01:02 | 00,164,352 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2009/07/28 21:01:02 | 00,133,632 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieUnatt.exe
[2009/07/28 21:01:02 | 00,109,056 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iesysprep.dll
[2009/07/28 21:01:02 | 00,055,296 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeedsbs.dll
[2009/07/28 21:01:02 | 00,025,600 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jsproxy.dll
[2009/07/28 21:01:01 | 01,638,912 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2009/07/28 21:01:01 | 00,071,680 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iesetup.dll
[2009/07/28 21:01:01 | 00,057,667 | ---- | C] () -- E:\Windows\System32\ieuinit.inf
[2009/07/28 21:01:01 | 00,055,808 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iernonce.dll
[2009/07/28 21:01:01 | 00,013,312 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeedssync.exe
[2009/07/28 19:38:50 | 00,000,000 | ---D | C] -- E:\Users\jean\Documents\LogoMaker
[2009/07/28 14:18:56 | 00,000,000 | ---D | C] -- E:\ProgramData\Media Center Programs
[2009/07/28 01:43:12 | 00,000,000 | ---D | C] -- E:\Users\jean\AppData\Local\GRAW2
[2009/07/28 01:43:12 | 00,000,000 | ---D | C] -- E:\ProgramData\GRAW2
[2009/07/26 16:39:34 | 00,000,000 | ---D | C] -- E:\Users\jean\Documents\Web Creator
[2009/07/26 16:32:19 | 00,000,000 | ---D | C] -- E:\Program Files\LMSOFT Web Creator Pro 4
[2009/07/25 15:26:42 | 00,000,729 | -H-- | C] () -- E:\Users\jean\Desktop\j2Launcher.lnk
[2009/07/25 15:04:17 | 00,000,000 | ---D | C] -- E:\Users\jean\AppData\Roaming\WinRAR
[2009/07/24 22:31:50 | 00,000,000 | ---D | C] -- E:\Users\jean\AppData\Roaming\THQ
[2009/07/24 18:43:24 | 00,000,683 | -H-- | C] () -- E:\Users\jean\Desktop\TmSunrise.lnk
[2009/07/24 14:34:57 | 00,000,000 | ---D | C] -- E:\Users\jean\AppData\Local\Criterion Games
[2009/07/24 13:32:29 | 00,000,940 | -H-- | C] () -- E:\Users\jean\Desktop\BurnoutParadise..lnk
[2009/07/24 01:09:06 | 00,233,472 | ---- | C] (Propellerhead Software AB) -- E:\Windows\System32\REX Shared Library.dll
[2009/07/24 01:09:05 | 00,368,640 | ---- | C] (Propellerhead Software AB) -- E:\Windows\System32\ReWire.dll
[2009/07/24 01:07:44 | 00,000,000 | ---D | C] -- E:\Users\jean\AppData\Roaming\Propellerhead Software
[2009/07/24 01:07:44 | 00,000,000 | ---D | C] -- E:\ProgramData\Propellerhead Software
[2009/07/23 21:36:54 | 00,000,000 | ---D | C] -- E:\Program Files\NVIDIA Corporation
[2009/07/23 21:31:04 | 00,485,920 | ---- | C] (NVIDIA Corporation) -- E:\Windows\System32\nvudisp.exe
[2009/07/23 21:30:53 | 09,557,216 | ---- | C] (NVIDIA Corporation) -- E:\Windows\System32\drivers\nvlddmkm.sys
[2009/07/23 21:30:53 | 00,010,161 | ---- | C] () -- E:\Windows\System32\nvdisp.nvu
[2009/07/23 21:30:53 | 00,004,224 | ---- | C] (NVIDIA Corporation) -- E:\Windows\System32\drivers\nvBridge.kmd
[2009/07/23 21:30:52 | 03,287,040 | ---- | C] (NVIDIA Corporation) -- E:\Windows\System32\nvwgf2um.dll
[2009/07/23 21:30:51 | 10,854,400 | ---- | C] (NVIDIA Corporation) -- E:\Windows\System32\nvoglv32.dll
[2009/07/23 21:30:50 | 02,169,376 | ---- | C] (NVIDIA Corporation) -- E:\Windows\System32\nvcuvid.dll
[2009/07/23 21:30:48 | 01,706,528 | ---- | C] (NVIDIA Corporation) -- E:\Windows\System32\nvcuvenc.dll
[2009/07/23 21:30:47 | 01,983,488 | ---- | C] (NVIDIA Corporation) -- E:\Windows\System32\nvcuda.dll
[2009/07/23 21:30:47 | 00,151,552 | ---- | C] (NVIDIA Corporation) -- E:\Windows\System32\nvcod157.dll
[2009/07/23 21:30:47 | 00,151,552 | ---- | C] (NVIDIA Corporation) -- E:\Windows\System32\nvcod.dll
[2009/07/23 21:30:43 | 00,000,000 | ---D | C] -- E:\NVIDIA
[2009/07/23 21:21:58 | 00,000,708 | -H-- | C] () -- E:\Users\Public\Desktop\aMSN.lnk
[2009/07/23 21:21:30 | 00,000,000 | ---D | C] -- E:\Program Files\aMSN
[2009/07/21 19:08:14 | 00,066,872 | ---- | C] () -- E:\Windows\System32\PnkBstrA.exe
[2009/07/21 19:07:52 | 00,138,184 | ---- | C] () -- E:\Windows\System32\drivers\PnkBstrK.sys
[2009/07/21 19:07:43 | 00,183,112 | ---- | C] () -- E:\Windows\System32\PnkBstrB.exe
[2009/07/21 19:07:32 | 00,000,000 | ---D | C] -- E:\Users\jean\AppData\Local\PunkBuster
[2009/07/21 19:06:42 | 00,000,803 | -H-- | C] () -- E:\Users\jean\Desktop\nfs.exe - Raccourci.lnk
[2009/07/21 19:06:14 | 00,000,000 | ---D | C] -- E:\Users\jean\AppData\Roaming\Leadertech
[2009/07/21 13:43:32 | 00,000,000 | ---D | C] -- E:\Program Files\Microsoft WSE
[2009/07/21 00:37:01 | 00,000,000 | ---D | C] -- E:\Users\jean\AppData\Local\FlatOut Ultimate Carnage
[2009/07/21 00:36:56 | 00,000,899 | -H-- | C] () -- E:\Users\jean\Desktop\Flatout Ultimate Carnage.lnk
[2009/07/20 22:58:03 | 00,000,118 | -H-- | C] () -- E:\Users\Public\Desktop\Metaboli.url
[2009/07/20 22:56:07 | 00,350,312 | ---- | C] () -- E:\Windows\System32\SysCheck2.dll
[2009/07/20 22:56:06 | 00,000,146 | ---- | C] () -- E:\Windows\System32\SysChkVC.dll.manifest
[2009/07/19 19:23:37 | 00,000,847 | -H-- | C] () -- E:\Users\jean\Desktop\Tom Clancy's EndWar.lnk
[2009/07/19 19:17:43 | 00,509,448 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAudio2_2.dll
[2009/07/19 19:17:43 | 00,068,616 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAPOFX1_1.dll
[2009/07/19 19:17:42 | 00,238,088 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine3_2.dll
[2009/07/19 19:17:41 | 01,493,528 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_39.dll
[2009/07/19 19:17:41 | 00,467,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_39.dll
[2009/07/19

et Extras.txt

OTL Extras logfile created on: 14/08/2009 21:55:21 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = E:\Users\jean\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 46,94% Memory free
4,00 Gb Paging File | 3,10 Gb Available in Paging File | 77,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 92,23 Gb Total Space | 53,39 Gb Free Space | 57,89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 74,53 Gb Total Space | 19,17 Gb Free Space | 25,73% Space Free | Partition Type: NTFS
Drive F: | 94,64 Gb Total Space | 88,22 Gb Free Space | 93,22% Space Free | Partition Type: NTFS
Drive G: | 92,61 Gb Total Space | 77,27 Gb Free Space | 83,44% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 74,52 Gb Total Space | 24,80 Gb Free Space | 33,27% Space Free | Partition Type: NTFS
Drive M: | 111,79 Gb Total Space | 38,01 Gb Free Space | 34,00% Space Free | Partition Type: NTFS

Computer Name: CDGJEAN
Current User Name: jean
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- E:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- E:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- E:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"E:\Program Files\Microsoft Expression\Media 2\Media.exe" = E:\Program Files\Microsoft Expression\Media 2\Media.exe:*:Enabled:iView Multimedia -- (Microsoft Corporation)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{41FD12A8-C9B4-4315-A364-D4DED53D02B1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{613D43B1-C8C6-4D07-A122-CD038D7B7E5B}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{66525A77-744A-452D-97D6-92B38728D8EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0433B95A-BCDE-47CD-A12B-CF0B7054ACDA}" = protocol=17 | dir=in | app=c:\program files\empire interactive\flatout ultimate carnage\fouc.exe |
"{046F8D31-F37F-4AB8-B17F-929681D92063}" = protocol=6 | dir=in | app=e:\program files\bonjour\mdnsresponder.exe |
"{06215E5F-6F8E-4F73-93A0-CAA5D70F7AF6}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe |
"{091CBB62-D7C3-4E3E-8C82-23E4788CD3F3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0A59CAF1-E0A8-4BE3-ABFA-DF5FE4D38BFB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0AA23044-3541-4CEB-95BB-D5AC88535DF5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0B461E5D-FD1F-4C8E-BAB4-B85299D12AC5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0BB7540E-687E-4CF6-8D96-4F9D02658266}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0C3DAC92-53D9-4EC6-9BF5-70D3CB2D2CE9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{13E7CEA3-018E-4391-8554-C199F593A1D4}" = protocol=17 | dir=in | app=e:\program files\itunes\itunes.exe |
"{146AC864-015B-4F0D-B4C5-B861039D000B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{15729AB7-00B7-4BE6-9D44-74045E30482C}" = protocol=17 | dir=in | app=e:\program files\ipsharkk\ipsharkk.exe |
"{16C160CE-7AF2-497F-8B56-8C6B20D88088}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1D5BC95E-87CA-4655-AC11-B17E8CF06FE6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1F3F00A3-F3C0-46DF-AD8C-AAF202FA76D4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1F63B8F4-5255-4E5E-8371-CE1C5594B962}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1F8B8293-CF2C-4FB8-A00D-6F30DC339602}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1FE7DBD6-5FE1-4E6B-9E0F-9463376868E5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{20210DAB-9FF7-433E-A4AB-C20F1AFA9862}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\umi.exe |
"{20AD7CEF-9CCC-4C6D-BAE1-F1A27506AD06}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{20F66B1A-71AD-46F4-B6E4-882B4CC0EFC8}" = dir=in | app=e:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"{2AD7FB74-735A-426D-981B-846D7C185CA1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2C38F387-5B49-473C-A4E6-2375B8A45185}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2DE98B53-4650-4C23-BA27-0F19B5370B08}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{38483FD2-F4D0-42DE-A1E6-706DD0F2B231}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe |
"{392E3D30-F756-4627-ACCA-72D753AE8C3D}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe |
"{3A02CDAA-23BB-4069-A0B3-BCB80ED74412}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3A0A1B62-F49F-4DB5-B0FA-4480BD614613}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3B35A554-92E3-4BC7-A1ED-AB978CDD524E}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{3E6E5071-4560-4A4A-A3D0-26F598EE5356}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe |
"{3F69EDB7-D108-4AE2-BA9E-EC8C5C0CDD8E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3F7D8F05-8230-46E5-BD6E-93228929CBEF}" = protocol=6 | dir=in | app=e:\program files\pinnacle\studio 11\programs\studio.exe |
"{4055C324-C4A6-4A74-A80B-1EC07D418F2C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{41515818-8E15-4DB4-B8E7-A644C549AC6C}" = protocol=6 | dir=in | app=g:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe |
"{43CFAC81-7C9A-47A0-A2E7-4C627250BD25}" = protocol=6 | dir=in | app=e:\program files\pinnacle\studio 12\programs\umi.exe |
"{451DEF50-192E-4CF5-824B-4F275209AB6A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4B8F0C77-1C19-417C-A7DD-B2261DE3AF30}" = protocol=17 | dir=in | app=e:\program files\pinnacle\studio 12\programs\rm.exe |
"{4CEF96CF-CCDE-4209-BEEC-CC97A8530869}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\umi.exe |
"{4D854185-FE49-42E4-83A5-2507CB3CE4EB}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{4FA9396A-D1D2-4049-A0BC-8FBB4CFF471B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4FEFEAEC-242F-4596-BF5B-8A90D35C24BB}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{50774BAC-ADDA-40C0-A1A2-A58F6BC7E0AA}" = dir=in | app=e:\program files\windows live\sync\windowslivesync.exe |
"{5106A70A-E3C4-4BC9-A9AE-96FE4D38EC8C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{567C0DAF-87C3-4CA5-95D5-FFFA743E5BC9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5920BF17-BC8F-46D3-93E4-FC4F9B0C797F}" = protocol=6 | dir=in | app=g:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_launcher.exe |
"{61618750-9484-4041-8077-8401323A610B}" = protocol=6 | dir=in | app=e:\program files\pinnacle\studio 11\programs\umi.exe |
"{62BB97BF-689F-46DE-B7A7-E1154869CBB8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{63FDD496-493B-4AB8-973C-87A8E56DB3C5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{65109715-5339-44FC-9A5F-E383C501AB3B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{665A809F-9FF5-4AA9-A4D4-407A2ECD3349}" = dir=in | app=e:\program files\cyberlink\powerdvd\powerdvd.exe |
"{6DB07AD9-22DE-4193-A21F-150EA0CE39E8}" = protocol=17 | dir=in | app=e:\program files\bonjour\mdnsresponder.exe |
"{6DBB35AF-445E-45C8-8C15-10AD96791CC5}" = dir=in | app=e:\program files\windows live\messenger\msnmsgr.exe |
"{707040E1-21F7-4449-99EC-7E531F8968DC}" = protocol=17 | dir=in | app=e:\program files\pinnacle\studio 11\programs\studio.exe |
"{718A07FA-6D4A-45B7-B93F-C5AE52886B9B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7271F726-42C4-4D6E-8287-76C46543BEA1}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{74EFAE49-5C80-486B-A7B6-F1FC1C8884EC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{78BDCA05-077F-4E8B-89D2-C5A6CA288163}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7A7FD3D8-9ED8-455D-A758-E1F9B6CF075E}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"{7C2278F3-6401-4963-B3EC-88709E6E15C1}" = protocol=17 | dir=in | app=e:\program files\pinnacle\studio 12\programs\studio.exe |
"{7D25B2B4-269D-46FD-B2A6-215A3598D587}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7DF91B1D-5E8E-4692-B2EC-D9E282B50EEB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7E38FFBF-DD77-4B99-ABF4-6B37F981CE9E}" = dir=in | app=e:\program files\windows live\messenger\wlcsdk.exe |
"{7FEFBD20-7EEE-40DD-8863-AF50661617D0}" = protocol=17 | dir=in | app=g:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe |
"{84900627-3A93-4926-9137-34B3FCF7F14E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{84F9F541-84E1-40C7-9DD8-D7BB10C24450}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\rm.exe |
"{85D10DA7-99BA-4FA0-8396-CF2ED8878C95}" = protocol=17 | dir=in | app=e:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe |
"{8AA1AC48-58B6-41F9-B30D-10FB9E38D036}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8C93662F-D060-417B-B846-DBEF6FB4A434}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{8CF79A58-EF1E-4CC8-BDD1-7C7ABBDB6292}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8EDBB04E-8654-4001-BF09-5E4068293FAB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9338F979-36A1-419F-B2B2-1594596060AF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{95405603-A9FE-4A43-ACC9-CF3C2EE6E5ED}" = protocol=6 | dir=in | app=e:\program files\ipsharkk\ipsharkk.exe |
"{95EF5399-17B9-42F1-9057-CA955C69A90A}" = protocol=6 | dir=in | app=e:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe |
"{9A80BBEF-5AAF-4067-B35F-54FCC6B1EB3B}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{9ACF1A01-DBE4-48C5-9D61-2E4968DC6AC6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9AE36100-6360-458A-A48C-B764A2EE43BE}" = protocol=17 | dir=in | app=e:\program files\pinnacle\studio 12\programs\umi.exe |
"{9D00FA69-B93D-4938-8B80-83BF5C5E2ACF}" = protocol=6 | dir=in | app=e:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{9F6EACC7-99C5-44E7-84DF-25A2A1BEE1E9}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"{9F8EB6A7-F54E-4AD5-82AB-46FBFE2AB5BB}" = protocol=17 | dir=in | app=g:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_launcher.exe |
"{A32F5665-6A9D-4E83-A9CC-A9F0C33511C8}" = protocol=17 | dir=in | app=e:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{A337BA61-63BE-4A64-8C7B-AB350E71DB30}" = dir=in | app=e:\program files\windows live\messenger\wlcsdk.exe |
"{A3EFF0F1-4C74-43B1-BFBA-FAB0A89768FE}" = protocol=6 | dir=in | app=%systemroot%\system32\msra.exe |
"{A6BB27F6-CF6B-44DD-AD94-14380AA530D5}" = protocol=6 | dir=in | app=c:\program files\empire interactive\flatout ultimate carnage\fouc.exe |
"{B4366C24-5220-4081-B545-F2B6FD0B7F2C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B6B1C111-B149-497B-9769-100D409E6F8D}" = protocol=6 | dir=in | app=e:\program files\itunes\itunes.exe |
"{B8FA3F6D-D2D0-4102-BC90-D30A199D4B7E}" = protocol=17 | dir=in | app=e:\program files\pinnacle\studio 11\programs\rm.exe |
"{BA72BECB-24B1-4CF9-93F4-A933C7A27309}" = protocol=6 | dir=in | app=e:\program files\microsoft office\office12\onenote.exe |
"{BA8DB1DC-B906-4B6D-8D85-4038EDD04599}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BE31AD8F-92B9-4CAB-81C3-5550623F4B5C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C28EFF7E-8B65-4B50-85B7-E2FD594018B0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C3A5DDA0-0A3C-4D95-B616-2FE85D27B5DE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C519B905-9BF4-4FA9-802C-A6FC3654B3AE}" = protocol=6 | dir=in | app=e:\program files\pinnacle\studio 12\programs\rm.exe |
"{C9108B34-EFFD-4A20-BACB-B37D93442822}" = protocol=6 | dir=in | app=e:\program files\pinnacle\studio 11\programs\rm.exe |
"{C9422AA7-D2A6-415E-926D-C8357340C4BB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CE8EC7E3-B51F-45D6-8DF5-1514CF21067D}" = protocol=17 | dir=in | app=e:\program files\microsoft office\office12\onenote.exe |
"{CFEEBA41-19FA-46C0-8ECE-8EC66048319D}" = protocol=17 | dir=in | app=e:\program files\pinnacle\studio 11\programs\umi.exe |
"{D30D2FB8-742D-4A03-964C-7FBF0DF879F0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E22BF19F-DC5C-4347-A68F-674A19FB0E44}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E66C0471-8052-4F54-8745-84FACAAF5DDA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E7D861E2-BDBB-44BC-A7D1-4B982696AC70}" = protocol=17 | dir=in | app=e:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E8E874B2-A0CD-470D-A8FA-F673F4D8B267}" = protocol=6 | dir=in | app=e:\program files\pinnacle\studio 12\programs\studio.exe |
"{E927C8F5-34A0-42CC-9482-CDE7D79B4964}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EBB6EC94-5532-49BF-B21A-DB4E61C883A7}" = protocol=6 | dir=out | app=%systemroot%\system32\msra.exe |
"{ED6A56C6-8C0F-410A-9C6E-987E67FECC51}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F18DB241-8036-4FBC-9118-6D7E9B7F6883}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F1BD1776-806A-4602-93CB-64D7EEA67AE9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F2FE7FDA-00C5-4929-816E-309A2362ACF1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F82E8A87-E81F-4D2C-9634-1344433D8562}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F92EE938-7060-42BA-92AA-44A78185EEDB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F9B36D63-88C7-4E40-9995-F280B741CD11}" = dir=in | app=e:\program files\common files\mcafee\mna\mcnasvc.exe |
"{FAB1E7FD-16D8-4E54-9464-609EEEA09CFD}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\rm.exe |
"{FCA67F6C-0956-4AF6-81C7-9E88DFEADDEF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FEB9F06B-17A1-4056-94F0-E395D86F4F5B}" = protocol=6 | dir=in | app=e:\program files\microsoft office\office12\groove.exe |
"{FEC5E9A4-11ED-470F-9B14-0305BBC359DD}" = protocol=17 | dir=in | app=e:\program files\microsoft office\office12\groove.exe |
"{FF4AF9D1-3D2F-4198-BEE0-8884EB95292A}" = protocol=6 | dir=in | app=e:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04BEFF7A-DF5D-4E49-AB46-BA3D3BE49FCB}" = Hercules Dualpix Infinite Webcam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Sociétés
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Assistant de connexion Windows Live ID
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{19D2B63E-C1F1-4803-BA8B-4AB8FE216952}" = EPSON PRINT Image Framer Tool
"{1B683082-8791-4D00-8ADE-6C8986FCCC68}" = Roxio CinePlayer
"{1BF38C77-E678-49AF-885A-BBD10AED2FF3}" = ACDSee RAW Image Decoder Plug-In Update 4.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Hi-Def Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{21245BC7-F1B8-4694-B4B0-FF0F74333AED}" = TMPGEnc 4.0 XPress
"{2231CE39-B963-4B9D-823A-F412ECA637B1}" = Windows Live Writer
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24BB4836-381F-4FAE-99BF-85C8AC63E149}" = Microsoft Expression Encoder 2
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{262BF2CD-601D-4F43-919C-4B00B1D1F338}" = Boris Graffiti
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28114F32-A828-3B57-802B-1F300B0948C7}" = Cooliris for Internet Explorer
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Player Metaboli
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = BD/HD Advisor 1.0
"{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}" = ACDSee Pro 2.5
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2F952048-3220-4AC7-A206-D01EFC774BB2}" = Studio 11
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Gestionnaire de photos 2009
"{300A470B-681B-449F-82AE-6D19114702CE}" = PhysX Screen Saver
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3E67A8DA-FE7B-4160-8465-F5571EA18753}" = Roxio Disc Gallery
"{44E54A81-9D91-4AA1-9417-80AFF134F5FF}" = Galerie de photos Windows Live
"{45A1BF92-700A-4408-B95E-79F462E3D67D}" = Studio 11 Bonus DVD
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{5058B085-AA79-41E5-A726-681B4C4B846E}" = ACDSee 5.0 PowerPack
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{5158974E-2D28-4018-9335-7694C2974746}" = Boostez votre PC
"{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5731C0A8-B266-451A-8D3F-8066AA21836F}" = Tom Clancy's Rainbow Six Vegas
"{573DFB7F-01D4-4C7A-93B1-0B2E345060C2}" = Microsoft Expression Blend 2
"{587FD9A4-65A2-423E-AB1D-3BE7F1890AD5}" = ArcSoft TotalMedia Theatre
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5B5B1BD4-1450-355C-92AF-2DA0C9DF1A7F}" = PicLens for Internet Explorer
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pilote vidéo Pinnacle
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63DC2DA0-2A6C-4C38-9249-B75395458657}" = Windows Live Mail
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C9FA746-8759-4040-A436-42922CB3492E}" = VistaBootPRO 3.3
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71F17309-007D-43F9-9313-DBFBA5FCB3B3}" = LightScribe Optical Disc Kit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7335976A-73C0-447D-A4A0-554D588C6E09}" = Microsoft Expression Media 2 SP2
"{7370DF47-B4F9-4279-BFC3-3F09919F720D}" = Installation Windows Live
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84FECE59-7E39-4435-B68E-2007FF9DF3C6}" = DP L10 Utility
"{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0
"{8829E394-87E1-41C0-BCED-9B47F7C6DCDD}" = Serif WebPlus X2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{88B05038-C890-468B-A563-0015FD53CDC3}" = ArcSoft TotalMedia Extreme
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{8AA54B0A-59F6-4004-9104-C556DEFB3C83}" = Microsoft Expression Design 2
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C0DF485-DB3E-453C-BFB3-4C47E636ECF9}" = Serif WebPlus 10
"{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}" = SweetIM Toolbar for Internet Explorer 3.4
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9028040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional avec FrontPage
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Gestionnaire pour appareils Windows Mobile
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9578C0CD-8108-4379-9026-4601F59859A0}" = Google Earth Pro
"{96BF9A2A-1835-4DEE-A94F-9EA4F77976BF}" = InterVideo DVDCopy 2
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A9A1828-31D1-4590-A99F-022B7237AFAE}" = Roxio MediaShare
"{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}" = Windows Live Sync
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A869A1DA-9571-4287-B170-4A7246994C84}" = Serif WebPlus 10 Ressources
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-A91000000001}" = Adobe Reader 9.1.2 - Français
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AFADB5F7-5CA7-4F2F-A232-D7B756D907AB}" = Microsoft Expression Studio 2
"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B21BDC7C-49A1-4155-9425-2F9DED3CD5ED}" = Adobe Setup
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B440D659-FECA-4BDD-A12B-5C9F05790FF3}" = Snagit 9.1.2
"{B535B621-5559-11DE-A7A1-005056806466}" = Google Earth Plugin
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B92BF2D4-34BE-41C8-BBF8-435229685B88}" = O&O PartitionManager Professional
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}" = Roxio Easy Media Creator 10 Suite
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C887C75D-2636-41F6-BB7B-FD4B0314C1E1}" = Paragon Partition Manager 9.0 Professional
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1860E6E-520E-4380-8433-E58E8F88B473}" = Pinnacle Studio 12 Ultimate Plugins
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{D5C5D70E-33DC-4A04-92F9-63964ECC30E1}" = Morph Man v.4 Trial
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7044E25-3038-4A76-9064-344AC038043E}" = Mise à jour du pilote du Gestionnaire pour appareils Windows Mobile
"{E848C9C0-E6FF-4A3F-9D67-AE53AC3628FE}" = SweetIM for Messenger 2.7
"{EB041636-9CD5-4D65-9604-37432FCAED91}" = Camera RAW Plug-In for EPSON Creativity Suite
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F062CCDB-4D01-483E-A3A8-39891336CE2F}" = CoolIris
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"{F874DF52-A31F-44C1-A606-EF40F1549261}" = Windows Live Movie Maker Bêta
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FB89456A-8EEE-4357-AAE1-1A5A46A974AD}" = ROUTE 66 Safety Camera Update
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_1f3d5fcc5fe78dc374b6ccbd2d399ba" = Adobe Encore CS4 Library
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Ad-remover" = Ad-remover
"adsl TV" = adsl TV
"aMSN" = aMSN 0.97.2
"Applian FLV Player2.0.24" = Applian FLV Player
"AviSynth" = AviSynth 2.5
"Captain Mobile Tropical Nights (PC version)" = Captain Mobile Tropical Nights (PC version)
"CCleaner" = CCleaner (remove only)
"Civitas3" = Grand Ages Rome 1.01
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Easy GIF Animator Pro_is1" = Easy GIF Animator 4.8 Pro
"Encoder_2.0.1406.0" = Microsoft Expression Encoder 2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EO_Video_1.3" = EO Video 1.36
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"exent_324254" = Age of Empires 2
"exent_521654" = Big Mutha Truckers 2 - Truck me Harder
"FlatOut Ultimate Carnage" = FlatOut Ultimate Carnage
"FreeGo_is1" = FreeGo version 4
"FTP Expert 3" = FTP Expert 3
"GIF Movie Gear_is1" = GIF Movie Gear 4.2
"Google Earth Pro 4.2" = Google Earth Pro 4.2
"Gordian Knot" = Gordian Knot Rip Pack 0.35.0
"GreenBox_is1" = GreenBox 1.0
"HaaliMkx" = Haali Media Splitter
"Hauppauge French Help Files and Resources" = Hauppauge French Help Files and Resources
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV IR Blaster" = Hauppauge WinTV IR Blaster
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"Hauppauge WinTV-PVR 150 Drivers" = Hauppauge WinTV-PVR 150 Drivers
"HijackThis" = HijackThis 2.0.2
"Indeo® Software" = Indeo® Software
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{485775E8-AEB8-46BD-922B-242879E03DD5}" = Age of Empires III
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"InstallShield_{FDAB7995-A14D-48A3-92BE-FC59B5DE12B1}" = ROUTE 66 Sync
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"MAGIX 3D Maker Download version US" = MAGIX 3D Maker Download version 6.0.0.4 (US)
"Matroska Pack" = Matroska Pack
"MediaInfo" = MediaInfo 0.7.17
"MediaInfo.dll" = MediaInfo.dll 0.7.17
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKV TO AVI CONVERTER_is1" = MKV TO AVI CONVERTER version 3.2
"MKV To AVI With Subtitle_is1" = MKV To AVI With Subtitle version 1.0
"MKVtoolnix" = MKVtoolnix 2.7.0
"Morpheus Photo Animation Suite_is1" = Morpheus Photo Animation Suite v3.10
"Morpheus Photo Morpher_is1" = Morpheus Photo Morpher v3.10
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MSC" = McAfee SecurityCenter
"MsCasino 1.0" = Microsoft Casino
"nanoPEG-Editor 2.3 Hauppauge Edition_is1" = nanoPEG-Editor 2.3 Hauppauge Edition
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OJOsoft FLV to AVI Converter1,5,3,0118" = OJOsoft FLV to AVI Converter
"PicaView" = PicaView
"PowerISO" = PowerISO
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"Registry First Aid_is1" = Registry First Aid
"RiseOfNations 1.0" = Microsoft Rise of Nations
"RiseofNationsExpansion 1.0" = Rise of Nations Thrones and Patriots
"Samsung CLX-216x Series" = Samsung CLX-216x Series
"Screen Recorder Pro" = River Past Screen Recorder Pro
"Smart-Shopper" = SmartShopper
"Sniper Elite_is1" = Sniper Elite
"stax-Pinnacle_is1" = SureThing Express Labeler
"SureThing CD Labeler LightScribe_is1" = SureThing CD Labeler LightScribe 5.0.581.0
"TmSunrise_is1" = TrackMania Sunrise Extreme 1.5.0
"TmUnitedForever_is1" = TmUnitedForever
"UltSounds" = Modèles de sons Windows
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"V3.1_is1" = File Scavenger 3.1
"VidMorph PRO_is1" = VidMorph PRO
"VLC media player" = VLC media player 1.0.0-rc2
"Vuze" = Vuze
"WebDesigner" = Microsoft Expression Web
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Yahoo! Messenger" = Yahoo! Messenger
"Zoner Photo Studio 9_is1" = Zoner Photo Studio 9

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/08/2009 21:00:42 | Computer Name = cdgjean | Source = VSS | ID = 12289
Description =

Error - 13/08/2009 21:02:35 | Computer Name = cdgjean | Source = Windows Search Service | ID = 3013
Description =

Error - 13/08/2009 21:04:16 | Computer Name = cdgjean | Source = VSS | ID = 8194
Description =

Error - 13/08/2009 21:36:33 | Computer Name = cdgjean | Source = VSS | ID = 8194
Description =

Error - 13/08/2009 22:48:00 | Computer Name = cdgjean | Source = Windows Search Service | ID = 3038
Description =

Error - 13/08/2009 22:48:50 | Computer Name = cdgjean | Source = Windows Search Service | ID = 3028
Description =

Error - 13/08/2009 22:49:38 | Computer Name = cdgjean | Source = Windows Search Service | ID = 3058
Description =

Error - 14/08/2009 13:52:38 | Computer Name = cdgjean | Source = Windows Search Service | ID = 3013
Description =

Error - 14/08/2009 13:59:45 | Computer Name = cdgjean | Source = Windows Search Service | ID = 3013
Description =

Error - 14/08/2009 13:59:45 | Computer Name = cdgjean | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 11/06/2009 11:21:26 | Computer Name = cdgjean | Source = Recording | ID = 19
Description = La planification d’enregistrements étant endommagée, elle a été automatiquement
supprimée le 06/11/2009 17:21:26. Vous devrez peut-être planifier de nouveau vos
enregistrements.

Error - 16/06/2009 20:05:41 | Computer Name = cdgjean | Source = Recording | ID = 19
Description = La planification d’enregistrements étant endommagée, elle a été automatiquement
supprimée le 06/17/2009 02:05:40. Vous devrez peut-être planifier de nouveau vos
enregistrements.

Error - 14/07/2009 07:29:50 | Computer Name = cdgjean | Source = Recording | ID = 19
Description = La planification d’enregistrements étant endommagée, elle a été automatiquement
supprimée le 07/14/2009 13:29:49. Vous devrez peut-être planifier de nouveau vos
enregistrements.

Error - 15/07/2009 09:40:58 | Computer Name = cdgjean | Source = Recording | ID = 19
Description = La planification d’enregistrements étant endommagée, elle a été automatiquement
supprimée le 07/15/2009 15:40:58. Vous devrez peut-être planifier de nouveau vos
enregistrements.

Error - 15/07/2009 16:19:03 | Computer Name = cdgjean | Source = Recording | ID = 19
Description = La planification d’enregistrements étant endommagée, elle a été automatiquement
supprimée le 07/15/2009 22:19:02. Vous devrez peut-être planifier de nouveau vos
enregistrements.

Error - 16/07/2009 08:26:56 | Computer Name = cdgjean | Source = Recording | ID = 19
Description = La planification d’enregistrements étant endommagée, elle a été automatiquement
supprimée le 07/16/2009 14:26:56. Vous devrez peut-être planifier de nouveau vos
enregistrements.

Error - 17/07/2009 10:42:53 | Computer Name = cdgjean | Source = Recording | ID = 19
Description = La planification d’enregistrements étant endommagée, elle a été automatiquement
supprimée le 07/17/2009 16:42:52. Vous devrez peut-être planifier de nouveau vos
enregistrements.

Error - 17/07/2009 11:53:57 | Computer Name = cdgjean | Source = Recording | ID = 19
Description = La planification d’enregistrements étant endommagée, elle a été automatiquement
supprimée le 07/17/2009 17:53:56. Vous devrez peut-être planifier de nouveau vos
enregistrements.

Error - 28/07/2009 19:50:21 | Computer Name = cdgjean | Source = Recording | ID = 19
Description = La planification d’enregistrements étant endommagée, elle a été automatiquement
supprimée le 07/29/2009 01:50:21. Vous devrez peut-être planifier de nouveau vos
enregistrements.

Error - 29/07/2009 14:01:41 | Computer Name = cdgjean | Source = Recording | ID = 19
Description = La planification d’enregistrements étant endommagée, elle a été automatiquement
supprimée le 07/29/2009 20:01:41. Vous devrez peut-être planifier de nouveau vos
enregistrements.

[ System Events ]
Error - 14/08/2009 12:36:53 | Computer Name = cdgjean | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : anf0100.sys UimBus Uim_IM

Error - 14/08/2009 12:38:37 | Computer Name = cdgjean | Source = WMPNetworkSvc | ID = 866321
Description =

Error - 14/08/2009 14:07:10 | Computer Name = cdgjean | Source = Service Control Manager | ID = 7000
Description = Le service Boostez votre PC Task Manager n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 14/08/2009 14:07:10 | Computer Name = cdgjean | Source = Service Control Manager | ID = 7000
Description = Le service DgiVecp n'a pas pu démarrer en raison de l'erreur : %%20

Error - 14/08/2009 14:07:10 | Computer Name = cdgjean | Source = Service Control Manager | ID = 7000
Description = Le service HDD Information Service n'a pas pu démarrer en raison de
l'erreur : %%2

Error - 14/08/2009 14:07:10 | Computer Name = cdgjean | Source = Service Control Manager | ID = 7000
Description = Le service PLFlash DeviceIoControl Service n'a pas pu démarrer en
raison de l'erreur : %%2

Error - 14/08/2009 14:07:10 | Computer Name = cdgjean | Source = Service Control Manager | ID = 7000
Description = Le service Windows Live ID Sign-in Assistant n'a pas pu démarrer en
raison de l'erreur : %%3

Error - 14/08/2009 14:07:36 | Computer Name = cdgjean | Source = Service Control Manager | ID = 7031
Description = Le service McAfee Real-time Scanner s'est terminé de manière inattendue.
Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans
60000 millisecondes : Redémarrer le service.

Error - 14/08/2009 14:07:36 | Computer Name = cdgjean | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : anf0100.sys UimBus Uim_IM

Error - 14/08/2009 14:08:50 | Computer Name = cdgjean | Source = WMPNetworkSvc | ID = 866321
Description =


< End of report >

Bonsoir,

Désactive tes logiciels de sécurité durant la procédure.

1) Désactive l'UAC. Tutorial.


2) Désinstalle les applications suivantes (si présentes) via ajout/suppression de programmes :

Bonjour
Mega Manager
Trojan Killer
SweetIM Toolbar for Internet Explorer
SweetIM for Messenger
SmartShopper


3) Relance OTL

- Copie-colle l'entièreté de ceci ci dessous dans la partie "Customs Scans/Fixes" :

Clique ensuite sur "Run Fix". L'ordinateur peut demander à redémarrer, accepte.
Une fois l'opération terminée, un fichier texte apparaîtra à l'écran. Copie/colle son contenu ici.

Si tu n'as plus accès à Internet après l'utilisation de ComboFix :
Suis cette procédure : Réparer le protocole TCP/IP de Windows Vista


4) Télécharge et installe UsbFix

- Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) sans les ouvrir
- Double clic sur le raccourci UsbFix présent sur ton bureau .
- Au menu principal choisis l'option " F " pour français et tape sur [entrée].
- Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée].

- Laisse travailler l'outil. Il est normal que ton ordinateur redémarre au cours de l'opération.
- Poste ensuite le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )


5) Télécharge Malwarebytes Anti-Malware.

- Installe-le et fais les mises à jour.


6) Lance MBAM :

- Coche la case "Exécuter un examen complet" puis clique sur Rechercher.
- Sélectionne (coche) toutes tes partitions puis clique sur "Lancer l'examen".
- Lorsque le scan est terminé, un message te prévient. Clique alors sur le bouton "Montrer les résultats".
- Dans la fenêtre suivante clique sur "Supprimer la sélection". Si le programme te propose de redémarrer l'ordinateur, accepte!
- Le rapport de scan va s'afficher. Sauvegarde le puis poste son contenu.


7) Analyse ton système avec le Kaspersky Online Scanner. Tutorial.
Poste le résultat de l'analyse ici.


Comment se comporte le système ?


Cordialement.

desole de ne repondre que si tard, mais je suis en train de m'en occuper, ca prends du temps, je posterai les raports et resultats aussitot fini
merci

Bonsoir,

Il n'y a aucun problème. Prends tout le temps nécessaire.

Cordialement.

desole pour tout ce temps a repondre
j'ai eu un prob, apres avoir desinstalle les progs (demandes) et avoir lance Customs Scans/Fixes" : , je n'avais plus acces a internet (service windows ne pouvant etre lance), et seulement maintenant je lis "Si tu n'as plus accès à Internet après l'utilisation de ComboFix :
Suis cette procédure : Réparer le protocole TCP/IP de Windows Vista "
j'ai essaye de reparer de differentes facons "reparer, reinitialiser, etc..) mais aucun resultas, donc j'ai fait une restauration system, et j'ai pu revenir ici, je ne sais pas ce qui a ete restaure, la restauration date de ma derniere supression de programmes (que tu m'as demande de sup (megaupoloadmanager)) donc avant d'utiliser "Customs Scans/Fixes" :
en esperant etre clair, et encore vraiment desole

Bonsoir,

Il y a manifestement eu un problème avec OTL.
Poursuis directement la procédure au point 4).

Cordialement.

ok, donc je passe la procedure 3 et je pousuits direct la 4, mes sources de données externes à mon PC, (clé USB, disque dur externe, etc.., sont branches et non allumes, exception faite d'un disk dur externe qui est allimente par le pc, donc en permanance allume si branche

voici le rapport usbfix


############################## | UsbFix V6.017 |

User : jean (Administrateurs) # CDGJEAN
Update on 12/08/09 by Chiquitine29 & C_XX
Start at: 00:52:13 | 15/08/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz
Microsoft® Windows Vista™ Édition Intégrale (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18813
Windows Firewall Status : Disabled

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 92,23 Go (53,39 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque fixe local # 74,53 Go (17,64 Go free) # NTFS
F:\ -> Disque fixe local # 94,64 Go (88,24 Go free) # NTFS
G:\ -> Disque fixe local # 92,61 Go (77,27 Go free) # NTFS
I:\ -> Disque fixe local # 74,52 Go (24,8 Go free) # NTFS
K:\ -> Disque CD-ROM
L:\ -> Disque CD-ROM
M:\ -> Disque fixe local # 111,79 Go (38,01 Go free) [Advance_120] # NTFS

############################## | Processus actifs |

E:\Windows\System32\smss.exe
E:\Windows\system32\csrss.exe
E:\Windows\system32\wininit.exe
E:\Windows\system32\csrss.exe
E:\Windows\system32\services.exe
E:\Windows\system32\lsass.exe
E:\Windows\system32\lsm.exe
E:\Windows\system32\svchost.exe
E:\Windows\system32\nvvsvc.exe
E:\Windows\system32\svchost.exe
E:\Windows\System32\svchost.exe
E:\Windows\System32\svchost.exe
E:\Windows\system32\svchost.exe
E:\Windows\system32\winlogon.exe
E:\Windows\system32\svchost.exe
E:\Windows\system32\SLsvc.exe
E:\Windows\system32\svchost.exe
E:\Windows\system32\nvvsvc.exe
E:\Windows\system32\svchost.exe
E:\Windows\System32\spoolsv.exe
E:\Windows\system32\svchost.exe
E:\Windows\system32\taskeng.exe
E:\Windows\system32\Dwm.exe
E:\Windows\system32\taskeng.exe
E:\Windows\Explorer.EXE
E:\Windows\system32\runonce.exe
E:\Windows\system32\conime.exe
E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Windows\system32\svchost.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\Program Files\McAfee\SiteAdvisor\McSACore.exe
e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
E:\Windows\system32\rundll32.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\Program Files\McAfee\MSK\MskSrver.exe
E:\Windows\system32\oodag.exe
E:\Windows\system32\svchost.exe
E:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
E:\Windows\system32\svchost.exe
E:\Windows\System32\svchost.exe
E:\Windows\system32\SearchIndexer.exe
E:\Windows\system32\wbem\wmiprvse.exe
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
e:\PROGRA~1\mcafee.com\agent\mcagent.exe

################## | Fichiers # Dossiers infectieux |


################## | Autres |


################## | Suspect ! ... | http://www.virustotal.com |


################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\D\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\H\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\J\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\O\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\Q\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{5922cd68-6cb2-11de-bdc8-0019dbf52e28}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{9ceef390-343c-11de-bced-0019dbf52e28}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[11/03/2009 01:42|--a------|900424] -> C:\adorage-protocol.txt
[08/08/2009 00:01|--a------|256] -> C:\AUTOEXEC.BAT
[03/04/2008 14:31|--ah-----|1024] -> C:\back.bcd.LOG
[15/03/2008 15:51|--ah-----|1024] -> C:\bcdbackup.bcd.LOG
[15/03/2008 15:44|--ah-----|0] -> C:\bcdbackup.bcd.LOG1
[15/03/2008 15:44|--ah-----|0] -> C:\bcdbackup.bcd.LOG2
[15/03/2008 15:54|--ah-----|1024] -> C:\bcdbackupxp.bcd.LOG
[08/03/2009 16:37|--ah-----|360] -> C:\Boot.BAK
[08/03/2009 16:48|-rahs----|360] -> C:\Boot.ini.saved
[05/08/2004 14:00|-rahs----|4952] -> C:\Bootfont.bin
[22/04/2009 07:28|-rahs----|383200] -> C:\bootmgr
[06/05/2009 12:31|-rahs----|8192] -> C:\BOOTSECT.BAK
[08/03/2009 15:51|--a------|0] -> C:\CONFIG.SYS
[10/06/2009 21:10|--a------|657] -> C:\DivXEncSettings.txt
[13/07/2009 21:31|--a------|3532] -> C:\drmHeader.bin
[17/04/2009 14:38|--a------|122688] -> C:\hcwclear.txt
[28/04/2009 15:41|--a------|0] -> C:\HDDVD.txt
[08/03/2009 15:51|-rahs----|0] -> C:\IO.SYS
[09/03/2009 13:36|--a------|177] -> C:\ITB.log
[15/05/2008 12:38|--a------|6228] -> C:\kao2.jpg
[12/04/2009 21:09|--a------|2295] -> C:\lil.pmrh2
[12/04/2009 23:19|--a------|3573] -> C:\lil.pmrh3.pmrh2
[17/07/2009 17:42|--a------|183] -> C:\LogiSetup.log
[21/07/2009 23:39|--a------|458] -> C:\memory.txt
[08/03/2009 15:51|-rahs----|0] -> C:\MSDOS.SYS
[17/07/2009 17:46|--a------|542936] -> C:\MSIInstall.log
[19/06/2007 00:30|--a------|7281] -> C:\neige.jpg
[05/08/2004 14:00|-rahs----|47564] -> C:\NTDETECT.COM
[05/08/2004 14:00|-rahs----|251712] -> C:\ntldr
[19/06/2007 00:29|--a------|6221] -> C:\p7.jpg
[26/04/2009 20:20|--a------|120449] -> C:\PDVD_000.JPG
[13/03/2009 17:05|--a------|8857] -> C:\redirection-404.php
[11/04/2009 16:43|--a------|2118] -> C:\tlc.pmrh2
[14/08/2009 21:43|--a------|6028] -> E:\Ad-Report-CLEAN.log
[18/09/2006 23:43|--a------|24] -> E:\autoexec.bat
[18/09/2006 23:43|--a------|10] -> E:\config.sys
[05/01/2005 02:42|--a------|50969] -> E:\lefteye1071.jpg
[19/06/2007 00:30|--a------|7281] -> E:\neige.jpg
[19/06/2007 00:29|--a------|6221] -> E:\p7.jpg
[?|?|?] -> E:\pagefile.sys
[03/09/2008 15:13|--a------|285793] -> E:\r1mz5l.jpg
[15/08/2009 00:57|--a------|5906] -> E:\UsbFix.txt
[14/02/2008 02:11|---h-----|1048576] -> F:\cache.dmx
[17/09/2002 02:53|--a------|376980] -> F:\Clips Video Nbr.htm
[11/08/2009 15:13|--a------|576297] -> F:\Libcast Web TV.pdf
[22/02/2009 06:05|---hs----|2287] -> I:\AlbumArtSmall.jpg
[22/02/2009 06:05|---hs----|8992] -> I:\AlbumArt_{9DE634C1-CB73-405E-9BBB-055939C58343}_Large.jpg
[22/02/2009 06:05|---hs----|2287] -> I:\AlbumArt_{9DE634C1-CB73-405E-9BBB-055939C58343}_Small.jpg
[01/03/2009 22:40|--a------|12090923] -> I:\concert.intro.gif
[22/02/2009 06:13|---hs----|346] -> I:\desktop.ini
[22/02/2009 06:05|---hs----|8992] -> I:\Folder.jpg
[27/12/2004 04:51|--a------|11454] -> I:\lene_smile.jpg
[07/09/2008 05:09|--a------|31731261] -> M:\80-in-1-best-flash-games_80_in_1_best_flash_games_anglais_253530.exe
[05/08/2009 19:45|--a------|1155807914] -> M:\Microsoft Office 2007 Complete Third Edition + Language Pack.rar
[05/08/2009 20:13|--a------|360217883] -> M:\Microsoft Office Multi-Language Pack 2007 - DE - EN - ES - FR - RU - ISO.rar

################## | Cracks / Keygens / Serials |

resultat du scn MBAM

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2627
Windows 6.0.6002 Service Pack 2

15/08/2009 06:09:25
mbam-log-2009-08-15 (06-09-25).txt

Type de recherche: Examen complet (C:\|E:\|F:\|G:\|I:\|M:\|)
Eléments examinés: 616677
Temps écoulé: 5 hour(s), 2 minute(s), 39 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{235b90d6-cb93-40a6-8f1a-af422ada9637} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{305c6cb1-9d31-4489-881d-5a8e2dc3fe14} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79b1445-dfea-4bef-a786-e0c0f33c863b} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4cf088bd-be95-40a5-be9b-677f8683edea} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6fac4823-815e-4361-836e-46d65ed2550b} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{911f251e-34fd-465e-b6ce-df00ff49a6be} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fe4f1649-8909-49c0-87ba-24d65120db46} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{67450775-3b18-49b1-aa83-0e010f07f4df} (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{69b3ebfa-0015-4914-9312-e7758eacfac1} (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{30de9920-2e84-40a2-88a5-b8d256e15101} (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{235b90d6-cb93-40a6-8f1a-af422ada9637} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\E:\Program Files\Common Files\ACD Systems\Filters\EITCC_LinearBlur.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\w32id (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinSys2 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
E:\Windows\System32\vTlkjkKB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll (Adware.Shoper) -> Quarantined and deleted successfully.
E:\Program Files\Common Files\ACD Systems\Filters\EITCC_LinearBlur.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
E:\Windows\System32\drivers\MSIVXserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
E:\Windows\System32\startup.exe (Trojan.Agent) -> Quarantined and deleted successfully.