HEEEEELP : plus moyen de rédémarrer Vista !!

Question

Bonjour,

Je désespère depuis ce matin de trouver une solution à mon problème.
J'ai un soucis avec mon PC tout neuf : il ne veut plus démarrer. Enfin si, il démarre physiquement mais je n'obtiens pas l'écran VISTA avec le choix des sessions, à la place j'ai un bel écran noir.
Je croyais m'être débarrassé en fin de semaine dernière du virus BAGGLE, mais visiblement il a du laisser des traces qui se manifestent aujourd'hui... à moins que ça n'ait aucun rapport.
Du coup je suis obligé de démarrer en "mode sans échec" (qui en passant est beaucoup plus rapide que mon VISTA de ces derniers jours mais ça n'a peut-être rien à voir). Et il n'y a que le "mode sans échec" qui fonctionne.

Ci-dessous le rapport Hijackthis que j'ai pu obtenir :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:16:49, on 04/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\Pierre-Lau\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\PIERRE~1\LOCALS~1\APPLIC~1\MICROS~1svp.exe
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
O4 - HKLM\..\Run: [HP KEYBOARD] "C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray
O4 - HKLM\..\Run: [Buttons & OSDs control application gen2] "C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe"
O4 - HKLM\..\Run: [UCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ANT Agent] C:\Garmin\ANT Agent\ANT Agent.exe
O4 - HKCU\..\Run: [HPSmartCenterBoot] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: PyGrenouille.lnk = C:\Program Files (x86)\PyGrenouille\pygrenouille.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&#8465; au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Envoyer à Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Envoyer au périphérique &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files (x86)\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files (x86)\Messenger\MSMSGS.EXE
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2DF3F56-9576-4AC9-8A9C-CE83E4885169}: NameServer = 212.27.40.240,212.27.40.241
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Free\a2service.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Touch Screen Enhance - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32
etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32
vvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) 


J'ai également scanné mon PC (toujours en mode "sans échec") avec mon antivirus AVIRA qui n'a rien trouvé non et avec MALWAREBYTE qui me donne le rapport suivant : 


Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1725
Windows 6.0.6001 Service Pack 1

04/02/2009 10:44:39
mbam-log-2009-02-04 (10-44-34).txt

Type de recherche: Examen complet (C:\|D:\|G:\|H:\|J:\|)
Eléments examinés: 234720
Temps écoulé: 46 minute(s), 5 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion­\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files (x86)\eMule\Uninstall.exe (Trojan.Downloader) -> No action taken.
C:\Windows\System32egedit.exe (Trojan.Agent) -> No action taken.

Finalement via MALWAREBYTES j'ai effacé et mis en quarantaine les trois éléments infecté, mais ça ne change rien mon PC refuse de lancer Vista en mode "normal" (même le mode "débogage" ne fonctionne pas).

J'ai également fait tourner KASPERSKY online qui ne m'a rien détecté, sauf un paquet de fichier verrouillés.

Donc là je suis à cours de solution. Si quelqu'un peut m'aider à résoudre ce problème ce serait génial.
Merci d'avance.

El Barto

bn057 · Answer

dit en un peu plus.est ce que tu a quand meme le logo de la marque de ta tour qui s'affiche quand tu demmarre ou est-ce que l'ordi lui meme ne demarre pas?

Lyonnais92 · Answer

Bonjour,

rien de visible dans ce rapport HJT, mais c'est assez normal.

Si tu peux démarrer en mode sans échec avec prise enncharge réseau, fais ceci :

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
 .

NB : Les rapports sont sauvegardés dans le dossier C:\rsit 

===========================

Ajoute un nouveau compte utilisateur.

Est ce que l'ordi démarrerait sur ce nouveau compte en mode normal ?

Lyonnais92 · Answer

Re,

supprime le compte.

32 ou 64 bits ton Windows ?

Lyonnais92 · Answer

Re,

tu supprimes le compte que tu viens de créer.

Tu te mets en mode sans échec avec prise en charge réseau.

Tu regardes ce que tu as comme points de restauration.

Il y a les 2 versions de Vista (32 et 64).

Si j'ai bien compris, tu as un 32 bits (x86).

================

Ton problème date de quand ?

Tu as fait quoi juste avant ? (donc hier soir)

=================

On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


* Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse afin que je l'examine.

Lyonnais92 · Answer

Re,

qu'est ce que tu as comme point de restauration ?

ElBarto · Answer

Ayé j'ai trouvé les points de restauration. Le premier proposé remonte à ce matin 7h56 (juste avant un Windows Udpate) sinon j'ai plusieurs points de restauration jusqu'au 1er janvier...

Lyonnais92 · Answer

Re,

tu restaures avec le point immédiatement antérieur aux alertes de Ad Aware.

Tu me dis le résultat.

Lyonnais92 · Answer

Re,

parfait.

Si cela fonctionne, je préfererai (à Hiajckthis) que tu fasses ceci :

Télécharge OTViewIt.exe depuis http://oldtimer.geekstogo.com/OTViewIt.exe

Enregistre ce fichier sur le Bureau.

Ferme toutes les fenêtres de programme ouvertes.

Fais un double clic sur OTViewIt.exe pour lancer l'outil.

Clique sur le bouton Run Scan et laisser l'outil travailler sans l'interrompre.

Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant l'un des deux rapports.

Ferme le Bloc-notes.

Le second rapport est visible dans la Barre des tâches. Le fermer également.

Ferme la fenêtre de OTViewIt.

Copie le contenu de OTViewIt.txt qui est sur ton Bureau dans ta réponse

ElBarto · Answer

Merci de ton aide.
Je viens de lancer OTViewIt. Le problème c'est qu'il s'arrête de façon bizarre. Alors qu'il en est à l'étape "Scanning Application Event Log", une fenêtre s'affiche avec ce texte : "Access violation at address 770F10B0 in module 'nfdll.dll'. Read of address 0000001E". C'est normal ?

Je te poste quand même le rapport ci-dessous.

Sinon j'ai une autre question. Un peu échaudé par les problèmes qui me sont arrivés hier, j'ai installé LOOK 'N' STOP à la place du firewall de Windows. Seulement voilà il "buzze" sans arrêt comme s'il interceptait constamment des tentatives d'entrées UDP/TCP (alors que e-mule ne tourne pas, mais ça n'a peut-être rien à voir). C'est normal ?
Merci d'avance pour ton aide.

Le rapport OTViewIt : 

OTViewIt logfile created on: 05/02/2009 11:27:27 - Run 3
OTViewIt by OldTimer - Version 1.0.21.0     Folder = C:\Users\Pierre-Lau\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
4,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 51,01% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys;
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 241,00 Gb Total Space | 143,68 Gb Free Space | 59,62% Space Free | Partition Type: NTFS
Drive D: | 11,98 Gb Total Space | 1,61 Gb Free Space | 13,47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931,51 Gb Total Space | 671,23 Gb Free Space | 72,06% Space Free | Partition Type: NTFS
Drive H: | 212,78 Gb Total Space | 40,61 Gb Free Space | 19,09% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
 
Computer Name: FAURE-MARGERIE
Current User Name: Pierre-Lau
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
 
[color=orange]========== Processes ==========/color
 
[2009/01/01 11:42:03 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
[2008/10/15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
[2008/12/17 08:32:06 | 00,419,448 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\a-squared Free\a2service.exe
[2008/10/15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2008/08/01 20:47:00 | 00,021,296 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
[2008/05/03 13:15:42 | 00,101,376 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE
[2007/07/24 11:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
[2008/08/01 20:47:00 | 00,026,416 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
[2008/01/21 03:47:33 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
[2007/09/02 13:58:52 | 00,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
[2006/11/02 16:04:16 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
[2008/09/02 13:42:04 | 08,203,352 | ---- | M] (GARMIN Corp.) -- C:\Garmin\ANT Agent\ANT Agent.exe
[2008/07/23 17:39:18 | 03,658,032 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe
[2007/04/18 16:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
[2008/12/25 19:50:04 | 00,091,136 | ---- | M] (grenouille.com) -- C:\Program Files (x86)\PyGrenouille\pygrenouille.exe
[2008/05/24 10:40:24 | 00,463,360 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE
[2007/12/19 09:19:48 | 01,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
[2008/01/18 07:04:56 | 03,641,344 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
[2008/04/18 15:32:22 | 02,199,552 | ---- | M] () -- C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe
[2007/04/07 01:56:47 | 00,132,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe
[2008/04/09 16:01:46 | 00,102,400 | ---- | M] () -- C:\Windows\SysWOW64\OSDForm.exe
[2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
[2008/06/12 13:28:40 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2005/07/15 22:48:33 | 00,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
[2008/08/18 16:53:42 | 00,532,808 | R--- | M] (Corel, Inc.) -- C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
[2008/08/18 16:53:48 | 00,016,712 | R--- | M] () -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
[2006/10/11 12:45:12 | 00,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
[2008/09/03 22:05:28 | 01,144,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
[2008/09/03 22:05:38 | 00,210,216 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
[2008/01/21 03:49:12 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
[2008/01/21 03:47:33 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
[2007/10/30 10:45:00 | 00,014,376 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
[2008/08/01 20:46:48 | 03,448,112 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\LifeCenterCalendar.exe
[2008/09/03 22:05:28 | 00,324,904 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
[2008/05/03 13:15:46 | 00,065,536 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnProxy.exe
[2008/09/03 22:05:26 | 00,324,904 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
[2007/01/09 11:25:30 | 00,272,024 | ---- | M] () -- c:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
[2008/09/03 22:05:26 | 00,324,904 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
[2008/07/23 17:40:58 | 00,368,432 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Clock\Clock.exe
[2008/07/23 17:38:10 | 00,080,176 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Messages\Messages.exe
[2008/07/23 17:44:58 | 00,080,176 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Controls\Controls.exe
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe
[2009/02/05 10:33:15 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Pierre-Lau\Desktop\OTViewIt.exe
 
[color=orange]========== (O23) Win32 Services ==========/color
 
[2008/12/17 08:32:06 | 00,419,448 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\a-squared Free\a2service.exe -- (a2free [Auto | Running])
[2009/01/01 11:42:03 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
File not found --  -- (AEADIFilters [Auto | Running])
[2008/10/15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/10/15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2008/08/01 20:47:00 | 00,021,296 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService [Auto | Running])
File not found --  -- (CertPropSvc [Unknown | Stopped])
[2008/01/21 03:50:58 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/01/21 03:50:38 | 00,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
File not found --  -- (DcomLaunch [Unknown | Running])
File not found --  -- (DPS [Unknown | Running])
[2008/01/21 03:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2008/01/21 03:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2008/01/21 03:51:57 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
[2007/07/24 00:33:06 | 00,181,800 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
File not found --  -- (gpsvc [Unknown | Running])
[2008/07/31 23:16:28 | 00,136,120 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2008/03/14 17:31:38 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe -- (HP Health Check Service [Auto | Running])
[2008/05/03 13:15:42 | 00,101,376 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE -- (HP Touch Screen Enhance [Auto | Running])
[2006/11/02 10:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\keyiso.dll -- (KeyIso [On_Demand | Running])
File not found --  -- (lnssvcVista [Auto | Running])
[2006/11/02 14:34:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2008/01/21 03:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32
etlogon.dll -- (Netlogon [On_Demand | Stopped])
[2008/01/21 03:51:53 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
File not found --  -- (nvsvc [Auto | Running])
[2008/01/21 03:51:00 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\perfhost.exe -- (PerfHost [On_Demand | Stopped])
[2007/07/24 11:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2 [Auto | Running])
File not found --  -- (RpcSs [Unknown | Running])
[2008/01/21 03:49:11 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found --  -- (Schedule [Unknown | Running])
File not found --  -- (SCPolicySvc [Unknown | Stopped])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2006/11/02 07:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\System32\wbem\vds.mof -- (vds [On_Demand | Stopped])
[2006/11/02 07:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\System32\wbem\vss.mof -- (VSS [On_Demand | Stopped])
File not found --  -- (WdiServiceHost [Unknown | Stopped])
File not found --  -- (WdiSystemHost [Unknown | Running])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2008/05/27 06:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
 
[color=orange]========== Driver Services ==========/color
 
File not found --  -- (ACPIService [On_Demand | Running])
File not found --  -- (ADIHdAudAddService [On_Demand | Running])
[2008/01/21 03:46:53 | 00,486,456 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adp94xx.inf_31bf3856ad364e35_6.0.6001.18000_none_5e0fcb9b69814f7b\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2008/01/21 03:46:54 | 00,342,584 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpahci.inf_31bf3856ad364e35_6.0.6001.18000_none_c05c13aa3dfbc961\adpahci.sys -- (adpahci [Disabled | Stopped])
[2008/01/21 03:46:54 | 00,126,520 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpu160m.inf_31bf3856ad364e35_6.0.6001.18000_none_f2feed0b63bf261d\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2008/01/21 03:47:27 | 00,185,912 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpu320.inf_31bf3856ad364e35_6.0.6001.18000_none_f4cbbad1148c6b4a\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2008/01/21 03:46:50 | 00,015,976 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\aliide.sys -- (aliide [Disabled | Stopped])
[2008/01/21 03:46:52 | 00,090,680 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_arc.inf_31bf3856ad364e35_6.0.6001.18000_none_7bfed8c7803713cf\arc.sys -- (arc [Disabled | Stopped])
[2008/01/21 03:47:00 | 00,091,192 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_arcsas.inf_31bf3856ad364e35_6.0.6001.18000_none_771684264153c2d4\arcsas.sys -- (arcsas [Disabled | Stopped])
File not found --  -- (AVerBDA6x_x64 [On_Demand | Running])
File not found --  -- (avgntflt [Auto | Running])
[2008/01/21 03:46:56 | 00,018,432 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\WinSxS\amd64_brmfcsto.inf_31bf3856ad364e35_6.0.6001.18000_none_800ff95700142785\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2008/01/21 03:46:56 | 00,008,704 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\WinSxS\amd64_brmfcsto.inf_31bf3856ad364e35_6.0.6001.18000_none_800ff95700142785\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
File not found --  -- (btwaudio [On_Demand | Running])
File not found --  -- (btwavdt [On_Demand | Running])
File not found --  -- (btwl2cap [On_Demand | Running])
File not found --  -- (btwrchid [On_Demand | Running])
[2008/01/21 03:46:50 | 00,018,024 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\cmdide.sys -- (cmdide [Disabled | Stopped])
[2008/01/21 03:46:56 | 00,146,176 | ---- | M] (Intel Corporation) -- C:\Windows\WinSxS\amd64_nete1g3e.inf_31bf3856ad364e35_6.0.6001.18000_none_04b0c96be9c034d3\E1G6032E.sys -- (E1G60 [On_Demand | Stopped])
[2008/01/21 03:46:59 | 00,397,368 | ---- | M] (Emulex) -- C:\Windows\WinSxS\amd64_elxstor.inf_31bf3856ad364e35_6.0.6001.18000_none_08ac13ff69b034ee\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008/01/21 03:46:59 | 00,047,672 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\WinSxS\amd64_hpcisss.inf_31bf3856ad364e35_6.0.6001.18000_none_d59c6600292b9522\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
File not found --  -- (iaStor [Boot | Running])
[2008/01/21 03:46:59 | 00,290,872 | ---- | M] (Intel Corporation) -- C:\Windows\WinSxS\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys -- (iaStorV [Disabled | Stopped])
File not found --  -- (lnsfw [On_Demand | Running])
File not found --  -- (lnsfw1 [System | Running])
[2008/01/21 03:46:51 | 00,113,720 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_fc.inf_31bf3856ad364e35_6.0.6001.18000_none_c59b4ac1fa719137\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2008/01/21 03:46:56 | 00,105,016 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_sas.inf_31bf3856ad364e35_6.0.6001.18000_none_5b86b7f9e8ff0dc5\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2008/01/21 03:47:01 | 00,113,720 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_scsi.inf_31bf3856ad364e35_6.0.6001.18000_none_f883c787da42af0c\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
File not found --  -- (ManyCam [On_Demand | Running])
[2008/01/21 03:46:59 | 00,035,896 | ---- | M] (LSI Corporation) -- C:\Windows\WinSxS\amd64_megasas.inf_31bf3856ad364e35_6.0.6001.18000_none_8c5ef0c0070fb814\megasas.sys -- (megasas [Disabled | Stopped])
[2008/01/21 03:46:56 | 00,438,328 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\WinSxS\amd64_megasr.inf_31bf3856ad364e35_6.0.6001.18000_none_44b889fdb37f3d14\MegaSR.sys -- (MegaSR [Disabled | Stopped])
[2006/09/18 22:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\System32\wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
File not found --  -- (netr28x [On_Demand | Running])
[2008/01/21 03:47:26 | 05,942,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nv_lh.inf_31bf3856ad364e35_6.0.6001.18000_none_4a8627558332bbba
vlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2008/01/21 03:46:54 | 00,128,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d
vraid.sys -- (nvraid [Disabled | Stopped])
[2008/01/21 03:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d
vstor.sys -- (nvstor [Disabled | Stopped])
[2008/01/21 03:46:52 | 01,221,176 | ---- | M] (QLogic Corporation) -- C:\Windows\WinSxS\amd64_ql2300.inf_31bf3856ad364e35_6.0.6001.18000_none_90b29e0f5eb4b0a1\ql2300.sys -- (ql2300 [Disabled | Stopped])
File not found --  -- (RTL8169 [On_Demand | Running])
[2006/09/30 00:51:44 | 00,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\WinSxS\amd64_macrovision-protection-safedisc_31bf3856ad364e35_6.0.6000.16386_none_b794b0d578b7ec2e\secdrv.sys -- (secdrv [Auto | Running])
[2008/01/21 03:47:26 | 00,078,392 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\WinSxS\amd64_sisraid4.inf_31bf3856ad364e35_6.0.6001.18000_none_8460e59f708bb476\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2006/09/18 22:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\System32\wbem	cpip.mof -- (Tcpip [Boot | Running])
[2008/01/21 03:46:56 | 00,284,728 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\WinSxS\amd64_uliahci.inf_31bf3856ad364e35_6.0.6001.18000_none_a21b1cbb80e47096\uliahci.sys -- (uliahci [Disabled | Stopped])
[2008/01/21 03:46:52 | 00,174,696 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\WinSxS\amd64_ulsata2.inf_31bf3856ad364e35_6.0.6001.18000_none_9ce1027f4768b389\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008/01/21 03:46:50 | 00,018,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\viaide.sys -- (viaide [Disabled | Stopped])
[2008/01/21 03:47:25 | 00,149,048 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\WinSxS\amd64_vsmraid.inf_31bf3856ad364e35_6.0.6001.18000_none_508698a452d25e17\vsmraid.sys -- (vsmraid [Disabled | Stopped])
 
[color=orange]========== (R ) Internet Explorer ==========/color
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=crossfire&pf=cndt
"Default_Search_URL"=https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=crossfire&pf=cndt
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=crossfire&pf=cndt
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=crossfire&pf=cndt
"StartPageCache"=
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
 
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-107450602-193270753-2793107953-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=crossfire&pf=cndt
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=crossfire&pf=cndt
"StartPageCache"=
 
[HKEY_USERS\S-1-5-21-107450602-193270753-2793107953-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-107450602-193270753-2793107953-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
 
[color=orange]========== (O1) Hosts File ==========/color
 
HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1       localhost
::1             localhost
 
[color=orange]========== (O2) BHO's ==========/color
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
 
[color=orange]========== (O4) Run Keys ==========/color
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe" (Google Inc.)
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"avgnt"="C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"Buttons & OSDs control application gen2"="C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe" ()
"CLMLServer for HP TouchSmart"="c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" (CyberLink)
"Corel File Shell Monitor"=C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
"Corel Photo Downloader"="C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup (Corel, Inc.)
"HP KEYBOARD"="C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE" (Hewlett-Packard)
"HP Software Update"=c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
"hpsysdrv"=c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
"OpwareSE4"="C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" (ScanSoft, Inc.)
"OsdMaestro"=c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe File not found
"SoundMAX"="C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray (Analog Devices, Inc.)
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
"SSBkgdUpdate"="C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
"SunJavaUpdateSched"="C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe" (Sun Microsystems, Inc.)
"TSMAgent"="c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" (CyberLink Corp.)
"UCam_Menu"="c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" (CyberLink Corp.)
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANT Agent"=C:\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
"HPSmartCenterBoot"="C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe" (Hewlett-Packard)
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"RocketDock"="C:\Program Files (x86)\RocketDock\RocketDock.exe" ()
"Sidebar"=C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-107450602-193270753-2793107953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANT Agent"=C:\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
"HPSmartCenterBoot"="C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe" (Hewlett-Packard)
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"RocketDock"="C:\Program Files (x86)\RocketDock\RocketDock.exe" ()
"Sidebar"=C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
 
[color=orange]========== (O6 & O7) Current Version Policies ==========/color
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"EnableUIADesktopToggle"=0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17
 
[color=orange]========== (O8) IE Context Menu Extensions ==========/color
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2008/12/12 22:47:18 | 03,751,995 | ---- | M] (Google Inc.)
Envoyer au périphérique &Bluetooth...: c:\Programmes\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
Envoyer l'&image au périphérique Bluetooth...: c:\Programmes\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2008/12/12 22:47:18 | 03,751,995 | ---- | M] (Google Inc.)
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2008/12/12 22:47:18 | 03,751,995 | ---- | M] (Google Inc.)
 
[HKEY_USERS\S-1-5-21-107450602-193270753-2793107953-1000\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2008/12/12 22:47:18 | 03,751,995 | ---- | M] (Google Inc.)
Envoyer au périphérique &Bluetooth...: c:\Programmes\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
Envoyer l'&image au périphérique Bluetooth...: c:\Programmes\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
 
[color=orange]========== (O9) IE Extensions ==========/color
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Console Java (Sun) -- %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [2007/04/07 01:56:44 | 00,501,400 | ---- | M] (Sun Microsystems, Inc.)
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: Envoyer à Bluetooth -- %SystemDrive%\Programmes\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: Envoyer au périphérique &Bluetooth... -- %SystemDrive%\Programmes\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2003/04/14 20:05:50 | 01,498,032 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2003/04/14 20:05:50 | 01,498,032 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] ->  [Envoyer à Bluetooth] -> File not found
 
[HKEY_USERS\S-1-5-21-107450602-193270753-2793107953-1000\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] ->  [Envoyer à Bluetooth] -> File not found
 
[color=orange]========== (O12) Internet Explorer Plugins ==========/color
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" =  Microsoft ActiveX Gallery
 
[color=orange]========== (O13) Default Prefixes ==========/color
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
 
[color=orange]========== (O15) Trusted Sites ==========/color
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet | 
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet | 
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet | 
 
[HKEY_USERS\S-1-5-21-107450602-193270753-2793107953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet | 
 
[color=orange]========== (O16) DPF ==========/color
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab -- Java Plug-in 1.6.0_01
 
[color=orange]========== (O17) DNS Name Servers ==========/color
 
{7D135330-7CC8-4C4E-9B57-D33F20090AC4} (Servers:  | Description: )
{A2DF3F56-9576-4AC9-8A9C-CE83E4885169} (Servers: 212.27.40.240,212.27.40.241 | Description: 802.11n Wireless LAN Card)
{BDCD3392-725B-4956-A61F-BB5FB9B97AE6} (Servers:  | Description: Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0))
 
[color=orange]========== (O20) HKLM Winlogon Settings ==========/color
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=explorer.exe
>[2008/10/29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\explorer.exe
 
 
[color=orange]========== (O21) SSODL Settings ==========/color
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} (HKLM) -- C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
 
[color=orange]========== HKLM *SecurityProviders* ==========/color
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/21 03:50:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll
 
[color=orange]========== LSA *Security Packages* ==========/color
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/21 03:50:00 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll
 
[color=orange]========== Safeboot Options ==========/color
 
"AlternateShell"=cmd.exe
 
[color=orange]========== CDRom AutoRun Settings ==========/color
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
 
 
[color=orange]========== MountPoints2 ==========/color
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10df5478-d814-11dd-8dc8-0021868db911}\Shell\AutoRun\command]
""=G:\Launch.exe -- File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e1ba830-88a7-11dd-8197-806e6f6e6963}\Shell]
""=AutoRun
 
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e1ba830-88a7-11dd-8197-806e6f6e6963}\Shell\AutoRun\command]
""=E:\install.EXE -- File not found
 
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e1ba830-88a7-11dd-8197-806e6f6e6963}\Shell\configure\command]
""=E:\install.EXE -- File not found
 
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e1ba830-88a7-11dd-8197-806e6f6e6963}\Shell\install\command]
""=E:\install.EXE -- File not found
 
[color=orange]========== Files/Folders - Created Within 30 Days ==========/color
 
[2009/02/05 10:33:09 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Users\Pierre-Lau\Desktop\OTViewIt.exe
[2009/02/04 23:38:19 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\AppData\Local\looknstop
[2009/02/04 23:35:58 | 02,214,740 | -H-- | C] () -- C:\Users\Pierre-Lau\AppData\Local\IconCache.db
[2009/02/04 23:35:44 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/02/04 23:28:43 | 01,199,616 | ---- | C] (Microsoft Corporation) -- C:\Users\Pierre-Lau\Desktop\Installation_LooknStop_206p3_x64_VC2005.exe
[2009/02/04 20:09:52 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/02/04 18:36:23 | 00,000,000 | ---D | C] -- C:sit
[2009/02/04 09:56:45 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\AppData\Roaming\Malwarebytes
[2009/02/04 09:56:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/02/04 09:56:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/02/04 08:51:38 | 00,000,732 | ---- | C] () -- C:\Users\Pierre-Lau\AppData\Local\d3d9caps64.dat
[2009/02/04 00:00:27 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\AppData\Roaming\Template
[2009/02/04 00:00:23 | 00,000,100 | ---- | C] () -- C:\Users\Pierre-Lau\AppData\Roaming\wklnhst.dat
[2009/02/03 10:12:09 | 00,000,000 | -H-D | C] -- C:\ProgramData\{2BAE6915-8510-4B9F-B498-02DA86258AA0}
[2009/02/03 10:12:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft(86)
[2009/02/02 15:11:46 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\AppData\Roaming\Corel(135)
[2009/02/02 15:07:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Corel(89)
[2009/02/02 15:07:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel(36)
[2009/02/02 14:57:01 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\AppData\Roaming\InstallShield
[2009/02/02 09:47:50 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Undelete
[2009/02/02 09:39:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\NTFS Undelete
[2009/02/02 09:09:06 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\AppData\Roaming\CyberLink
[2009/02/02 09:08:36 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\AppData\Roaming\Macromedia
[2009/02/02 09:08:33 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\AppData\Roaming\Adobe(56)
[2009/02/02 09:07:39 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\AppData\Roaming\drivers
[2009/02/02 09:07:33 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\AppData\Roaming\GARMIN
[2009/02/01 12:20:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Corel(95)
[2009/02/01 12:20:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel(26)
[2009/02/01 10:51:40 | 00,000,000 | -H-D | C] -- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/02/01 10:51:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft(92)
[2009/01/30 23:21:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Freeplayer
[2009/01/29 23:52:04 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\Desktop\OneTouch4-Plus
[2009/01/29 11:38:55 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\Desktop\PACS Party
[2009/01/29 11:35:35 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\NetSurveyor
[2009/01/27 18:10:43 | 00,000,000 | ---D | C] -- C:\ProgramData\DonationCoder
[2009/01/27 18:10:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\URLSnooper2
[2009/01/24 15:19:17 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\Documents\My Music
[2009/01/24 15:14:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\HotzicBurner
[2009/01/22 15:54:20 | 01,316,691 | ---- | C] () -- C:\Users\Pierre-Lau\Documents\PhotoCV2009.png
[2009/01/22 15:46:48 | 00,909,254 | ---- | C] () -- C:\Users\Pierre-Lau\Documents\PhotoCV2009.jpg
[2009/01/22 15:31:35 | 21,071,8330 | ---- | C] () -- C:\Users\Pierre-Lau\Desktop\OneTouch4-Plus.zip
[2009/01/18 22:07:15 | 00,022,528 | ---- | C] () -- C:\Users\Pierre-Lau\Documents\Lettre Spirou.doc
[2009/01/18 21:25:43 | 02,012,730 | ---- | C] () -- C:\Users\Pierre-Lau\Documents\PhotoCV2009.bmp
[2009/01/18 20:15:26 | 00,129,113 | ---- | C] () -- C:\Users\Pierre-Lau\Desktop\CV2009.pdf
[2009/01/18 20:11:53 | 04,372,480 | ---- | C] () -- C:\Users\Pierre-Lau\Documents\CV2009.doc
[2009/01/12 21:57:40 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\AppData\Roaming\dvdcss
[2009/01/12 00:36:35 | 00,402,696 | ---- | C] () -- C:\Users\Pierre-Lau\Documents\pacs1.jpg
[2009/01/10 12:00:08 | 00,000,422 | -H-- | C] () -- C:\Windows	asks\User_Feed_Synchronization-{DE3229FB-8FFC-4513-B46C-1D8F55B93289}.job
[2009/01/08 14:18:10 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\AppData\Local\BuildAGadget Content
[2009/01/06 16:57:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Temp
 
[color=orange]========== Files - Modified Within 30 Days ==========/color
 
[2009/02/05 10:52:29 | 00,000,006 | -H-- | M] () -- C:\Windows	asks\SA.DAT
[2009/02/05 10:52:26 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/02/05 10:51:11 | 00,001,892 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/02/05 10:50:48 | 02,214,740 | -H-- | M] () -- C:\Users\Pierre-Lau\AppData\Local\IconCache.db
[2009/02/05 10:40:14 | 00,000,422 | -H-- | M] () -- C:\Windows	asks\User_Feed_Synchronization-{DE3229FB-8FFC-4513-B46C-1D8F55B93289}.job
[2009/02/05 10:33:15 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Pierre-Lau\Desktop\OTViewIt.exe
[2009/02/04 23:37:52 | 00,008,268 | ---- | M] () -- C:\Users\Pierre-Lau\AppData\Local\d3d9caps.dat
[2009/02/04 23:28:44 | 01,199,616 | ---- | M] (Microsoft Corporation) -- C:\Users\Pierre-Lau\Desktop\Installation_LooknStop_206p3_x64_VC2005.exe
[2009/02/04 23:00:56 | 00,000,428 | -H-- | M] () -- C:\Windows	asks\User_Feed_Synchronization-{C4E0C14B-5A8D-487B-8953-718916220A0D}.job
[2009/02/04 22:37:28 | 00,000,732 | ---- | M] () -- C:\Users\Pierre-Lau\AppData\Local\d3d9caps64.dat
[2009/02/04 00:00:36 | 00,000,100 | ---- | M] () -- C:\Users\Pierre-Lau\AppData\Roaming\wklnhst.dat
[2009/02/02 11:31:20 | 00,161,648 | ---- | M] () -- C:\Users\Pierre-Lau\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/01/22 16:03:48 | 21,071,8330 | ---- | M] () -- C:\Users\Pierre-Lau\Desktop\OneTouch4-Plus.zip
[2009/01/22 15:54:21 | 01,316,691 | ---- | M] () -- C:\Users\Pierre-Lau\Documents\PhotoCV2009.png
[2009/01/22 15:46:49 | 00,909,254 | ---- | M] () -- C:\Users\Pierre-Lau\Documents\PhotoCV2009.jpg
[2009/01/18 22:17:31 | 00,022,528 | ---- | M] () -- C:\Users\Pierre-Lau\Documents\Lettre Spirou.doc
[2009/01/18 21:36:28 | 00,129,113 | ---- | M] () -- C:\Users\Pierre-Lau\Desktop\CV2009.pdf
[2009/01/18 21:36:06 | 04,372,480 | ---- | M] () -- C:\Users\Pierre-Lau\Documents\CV2009.doc
[2009/01/18 21:25:43 | 02,012,730 | ---- | M] () -- C:\Users\Pierre-Lau\Documents\PhotoCV2009.bmp
[2009/01/17 01:15:27 | 00,298,496 | ---- | M] () -- C:\Users\Pierre-Lau\Documents\questionnaire.doc
[2009/01/16 12:43:51 | 00,074,240 | ---- | M] () -- C:\Users\Pierre-Lau\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/16 11:28:29 | 00,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2009/01/16 11:28:27 | 00,000,088 | RHS- | M] () -- C:\ProgramData\CED992118A.sys
[2009/01/11 21:37:23 | 00,402,696 | ---- | M] () -- C:\Users\Pierre-Lau\Documents\pacs1.jpg
< End of report >

Lyonnais92 · Answer

Bonjour,

refais tourner MBAM et poste le rapport (en mode normal et scan rapide).

Scanne ton ordi avec l'antivirus et poste le rapport.

ElBarto · Answer

Alors voilà déjà le rapport de MBAM qui a trouvé un truc (je dois le supprimer ?). Je suis en train de faire tourner le scan de mon antivirus. Et par rapport au scan OTViewIt de ce matin, y'a rien de suspect ou d'inutile ?
A force je me demande si je ne vais pas purement et simplement faire une réinstallation du système. Vista s'est quand même "figé" 3 ou 4 fois dans la journée sans explication...
Merci encore.

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1731
Windows 6.0.6001 Service Pack 1

05/02/2009 18:13:24
mbam-log-2009-02-05 (18-13-19).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 197680
Temps écoulé: 40 minute(s), 21 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Lyonnais92 · Answer

Re,

tu supprimes.

Lyonnais92 · Answer

Re,

fais ceci :

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\Windows\System32\explorer.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse. 

Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant 

==================

Je voudrais aussi que tu vérifies l'existence de C:\Windows\explorer.exe

Lyonnais92 · Answer

Re,

peux faire scanner aussi sur VirusTotal C:\Windows\explorer.exe et poster le rapport.

ElBarto · Answer

Et voilà (mais c'est grave docteur ??) : Fichier explorer.exe reçu le 2009.02.05 23:24:06 (CET) Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.93 2009.02.05 - AhnLab-V3 5.0.0.2 2009.02.05 - AntiVir 7.9.0.74 2009.02.05 - Authentium 5.1.0.4 2009.02.05 - Avast 4.8.1281.0 2009.02.05 - AVG 8.0.0.229 2009.02.05 - BitDefender 7.2 2009.02.05 - CAT-QuickHeal 10.00 2009.02.05 - ClamAV 0.94.1 2009.02.05 - Comodo 965 2009.02.05 - DrWeb 4.44.0.09170 2009.02.05 - eSafe 7.0.17.0 2009.02.05 - eTrust-Vet 31.6.6343 2009.02.05 - F-Prot 4.4.4.56 2009.02.05 - F-Secure 8.0.14470.0 2009.02.05 - Fortinet 3.117.0.0 2009.02.05 - GData 19 2009.02.05 - Ikarus T3.1.1.45.0 2009.02.05 - K7AntiVirus 7.10.620 2009.02.05 - Kaspersky 7.0.0.125 2009.02.05 - McAfee 5516 2009.02.04 - McAfee+Artemis 5516 2009.02.04 - Microsoft 1.4306 2009.02.05 - NOD32 3831 2009.02.05 - Norman 6.00.02 2009.02.05 - nProtect 2009.1.8.0 2009.02.05 - Panda 9.5.1.2 2009.02.05 - PCTools 4.4.2.0 2009.02.05 - Prevx1 V2 2009.02.05 - Rising 21.15.30.00 2009.02.05 - SecureWeb-Gateway 6.7.6 2009.02.05 - Sophos 4.38.0 2009.02.05 - Sunbelt 3.2.1835.2 2009.01.16 - Symantec 10 2009.02.05 - TheHacker 6.3.1.5.247 2009.02.05 - TrendMicro 8.700.0.1004 2009.02.05 - VBA32 3.12.8.12 2009.02.05 - ViRobot 2009.2.5.1591 2009.02.05 - VirusBuster 4.5.11.0 2009.02.05 - Information additionnelle File size: 3080704 bytes MD5...: bbd8e74f23d7605cb0cdb57a1b25d826 SHA1..: d84af003a6a9dcf6ca9bd68bb66f2b96dcd1fce8 SHA256: 2e5e05f85aa53789a88cccb98dc6a52864492cf92f259ed24f4ffd894e91d096 SHA512: 1ad2a4c92ff062234a42ddb9029a0587c770036c5f1868291494d8b8c695ddc3
dd8ca800fec0b30b8931ca61ca62281e8023f8baab20a2defc1f7cae63dd1642
ssdeep: 24576:F3/xDOesUVC38HDINpGYCW5uXSA7jTeFadRsxKb/g/J/ulZ:FPxDOesUVP
HDIvLC8A7/eFw33l
PEiD..: - TrID..: File type identification
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x23550
timedatestamp.....: 0x4907e791 (Wed Oct 29 04:33:21 2008)
machinetype.......: 0x8664 (AMD64)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x731b9 0x73200 6.29 035ef792c6c677dda650715b324ea77b
.rdata 0x75000 0x19a64 0x19c00 4.63 a948cba1882a42bc64d94d561990b7e3
.data 0x8f000 0x2ffa 0x2e00 0.86 2db36e4ae57f1a7f36ba150aab05b050
.pdata 0x92000 0x858c 0x8600 5.97 5e3de5edca57db3504ae375153bbbfa9
.rsrc 0x9b000 0x2566a0 0x256800 7.04 4c8ed0154caccb7d6d39343edc8c8e27
.reloc 0x2f2000 0x1188 0x1200 5.39 7a0d23ff7ebf06fd655b80e02cb2ae13

( 19 imports )
> ADVAPI32.dll: RegCreateKeyW, RegCloseKey, RegOpenKeyExW, RegGetValueW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegisterTraceGuidsW, UnregisterTraceGuids, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, GetLengthSid, GetTokenInformation, OpenProcessToken, EventEnabled, EventWrite, EventRegister, EventUnregister, GetUserNameW, RegDeleteValueW, RegQueryInfoKeyW, RegEnumKeyExW, TraceMessage, RegOpenKeyW, RegEnumKeyW, RegEnumValueW, CloseServiceHandle, OpenServiceW, OpenSCManagerW, QueryServiceStatus, CheckTokenMembership, ConvertStringSecurityDescriptorToSecurityDescriptorW, OpenThreadToken, ConvertSidToStringSidW, StartServiceW, CreateWellKnownSid
> KERNEL32.dll: GetCurrentProcessId, MultiByteToWideChar, GetLocalTime, GetTimeFormatW, GetDateFormatW, GetLocaleInfoW, GetSystemWindowsDirectoryW, FlushInstructionCache, SetLastError, RaiseException, CreateFileW, GetFileSize, ReadFile, LoadLibraryA, GetModuleHandleW, OpenEventW, FindClose, FindNextFileW, FindFirstFileW, GetFileAttributesW, GlobalGetAtomNameW, ExpandEnvironmentStringsW, GetUserDefaultUILanguage, SystemTimeToFileTime, GetSystemTime, SetEvent, LeaveCriticalSection, EnterCriticalSection, GlobalFree, GetUserDefaultLangID, GetPrivateProfileIntW, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetBinaryTypeW, CompareFileTime, GetSystemTimeAsFileTime, MulDiv, GetTickCount, CompareStringOrdinal, lstrcmpiW, ExitProcess, GetTimeZoneInformation, SetFilePointer, DeleteCriticalSection, HeapDestroy, RegisterApplicationRestart, SetTermsrvAppInstallMode, CreateEventW, GetSystemDirectoryW, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, InitializeCriticalSection, GetCurrentProcess, SetErrorMode, FreeLibrary, GetProcAddress, GetEnvironmentVariableW, QueryPerformanceFrequency, GetFileAttributesExW, GetLongPathNameW, QueueUserWorkItem, GetProcessTimes, GetProcessId, TerminateThread, CreateIoCompletionPort, GetQueuedCompletionStatus, GetModuleHandleA, GetWindowsDirectoryW, FormatMessageW, QueryFullProcessImageNameW, DuplicateHandle, GetCurrentDirectoryW, WideCharToMultiByte, GlobalAlloc, WriteFile, DeactivateActCtx, ActivateActCtx, ReleaseActCtx, CreateActCtxW, LockResource, LoadResource, FindResourceExW, WaitForSingleObject, HeapAlloc, HeapFree, GetProcessHeap, GetPrivateProfileStringW, GetModuleFileNameW, CreateProcessW, lstrlenW, GetCommandLineW, GetStartupInfoW, OpenProcess, LocalFree, LocalAlloc, GetLastError, QueryInformationJobObject, Sleep, CreateThread, SetPriorityClass, GetPriorityClass, ResumeThread, AssignProcessToJobObject, SetInformationJobObject, CreateJobObjectW, CloseHandle, LoadLibraryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, SetUnhandledExceptionFilter, InterlockedPushEntrySList, VirtualAlloc, InterlockedPopEntrySList, VirtualFree, DelayLoadFailureHook
> GDI32.dll: GetStockObject, OffsetViewportOrgEx, GetLayout, CombineRgn, SetWindowOrgEx, GdiAlphaBlend, GetTextExtentPoint32W, ExtTextOutW, CreatePatternBrush, GetTextMetricsW, SelectClipRgn, SetViewportOrgEx, GetViewportOrgEx, IntersectClipRect, GetClipRgn, CreateRectRgn, PatBlt, GetBkColor, SetBkColor, OffsetWindowOrgEx, CreateCompatibleBitmap, GetTextExtentPointW, GetClipBox, CreateDIBSection, CreateRectRgnIndirect, CreateFontIndirectW, CreateSolidBrush, SetBkMode, SetTextColor, GetObjectW, DeleteObject, GetPixel, DeleteDC, BitBlt, SelectObject, CreateCompatibleDC, GetDeviceCaps
> USER32.dll: GetScrollInfo, SetScrollInfo, SendMessageCallbackW, GetWindowLongPtrW, SwitchToThisWindow, EnableMenuItem, IsZoomed, IsIconic, GetSystemMenu, IsWindowVisible, GetWindowInfo, GetMonitorInfoW, MonitorFromWindow, GetWindowThreadProcessId, IsRectEmpty, KillTimer, SetTimer, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, IsWindow, SetFocus, GetFocus, GetMenuItemCount, LoadImageW, TrackPopupMenuEx, GetSubMenu, SetMenuDefaultItem, SetMenuInfo, LoadMenuW, InsertMenuItemW, SetForegroundWindow, DestroyIcon, SetMenuItemInfoW, GetMenuItemInfoW, DeleteMenu, CharUpperBuffW, GetWindowLongPtrA, PostQuitMessage, SetWindowLongPtrW, ShutdownBlockReasonCreate, LoadStringW, UnregisterDeviceNotification, RegisterDeviceNotificationW, RegisterWindowMessageW, SetWindowPos, UnregisterClassW, DestroyWindow, UpdateWindow, GetDesktopWindow, RegisterClassExW, EndPaint, SetLayeredWindowAttributes, LoadBitmapW, BeginPaint, InvalidateRect, DefWindowProcW, ShowWindow, MoveWindow, PostMessageW, PeekMessageW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, ActivateKeyboardLayout, GetKeyboardLayout, IsProcessDPIAware, SetClassLongW, GetDCEx, PrintWindow, SetWindowLongW, GetPropW, GetGUIThreadInfo, GetCapture, GetNextDlgGroupItem, GetDlgCtrlID, GetNextDlgTabItem, ChildWindowFromPointEx, GetWindowDC, CharUpperW, SetWindowLongPtrA, RegisterClipboardFormatW, ReleaseCapture, SetWinEventHook, UnhookWinEvent, GetUserObjectInformationW, GetProcessWindowStation, LoadIconW, GetClassLongPtrW, GetIconInfo, InternalGetWindowText, GetShellWindow, SetProcessDPIAware, ReleaseDC, GetKeyState, GetForegroundWindow, IsWindowEnabled, GetAncestor, ShowWindowAsync, BringWindowToTop, MsgWaitForMultipleObjectsEx, AllowSetForegroundWindow, RemoveMenu, CallWindowProcW, EnableWindow, SetDlgItemInt, GetDlgItemInt, CheckDlgButton, SetParent, CopyIcon, DrawFocusRect, NotifyWinEvent, LockWorkStation, RegisterClassW, LoadCursorW, CascadeWindows, TileWindows, GetClassInfoExW, GetMenuItemID, TrackPopupMenu, FillRect, GetParent, CloseDesktop, OpenInputDesktop, GetThreadDesktop, EndTask, SetThreadDesktop, GetWindowLongW, EnumChildWindows, SendMessageW, MonitorFromRect, MapWindowPoints, AdjustWindowRectEx, SetRectEmpty, SetActiveWindow, DeregisterShellHookWindow, SetScrollPos, GetDlgItem, FlashWindowEx, GetClientRect, SetClassLongPtrW, GetClassLongW, GetClassInfoW, DrawTextW, GetSysColor, ScreenToClient, ClientToScreen, GetWindowRect, PtInRect, GetWindow, GetAsyncKeyState, HungWindowFromGhostWindow, GhostWindowFromHungWindow, IsDlgButtonChecked, EndDialog, GetSysColorBrush, UnionRect, EqualRect, IsHungAppWindow, GetLastActivePopup, AppendMenuW, WindowFromPoint, CheckMenuItem, ExitWindowsEx, DrawEdge, GetMessagePos, SetCursorPos, ChildWindowFromPoint, SendDlgItemMessageW, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, GetActiveWindow, MessageBeep, RemovePropW, GetLastInputInfo, GetWindowPlacement, GetWindowRgnBox, UpdateLayeredWindow, SetWindowRgn, SendMessageTimeoutW, OffsetRect, RedrawWindow, SubtractRect, WaitMessage, TranslateAcceleratorW, GetClassNameW, EnumDisplayMonitors, IntersectRect, LoadAcceleratorsW, SendNotifyMessageW, InflateRect, SetWindowPlacement, GetDoubleClickTime, SetCapture, TrackMouseEvent, LockSetForegroundWindow, CopyRect, SetRect, MonitorFromPoint, SetPropW, ModifyMenuW, InsertMenuW, GetMenuState, GetMessageW, TranslateMessage, DispatchMessageW, CharNextW, CharPrevW, CreatePopupMenu, GetMenuDefaultItem, EnumWindows, RegisterShellHookWindow, IsChild, GetCursorPos, GetDC, FindWindowW, GetSystemMetrics, DestroyMenu, SystemParametersInfoW, SetWindowTextW
> msvcrt.dll: free, _vsnwprintf, memset, memcpy, memcmp, _terminate@@YAXXZ, _onexit, realloc, memmove, malloc, __wgetmainargs, __C_specific_handler, _XcptFilter, _exit, _lock, __dllonexit, _unlock, __set_app_type, _fmode, _cexit, exit, _wcmdln, _initterm, _amsg_exit, __setusermatherr, _commode
> ntdll.dll: NtClose, NtOpenThreadToken, NtQueryInformationToken, RtlGetProductInfo, NtOpenProcessToken, NtQueryInformationProcess, NtSetInformationProcess, WinSqmAddToStream, NtSetSystemInformation
> SHLWAPI.dll: PathGetDriveNumberW, -, StrChrIW, SHRegGetUSValueW, -, StrDupW, PathQuoteSpacesW, -, -, -, PathRemoveFileSpecW, PathIsDirectoryW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, -, AssocQueryStringW, StrCmpW, -, PathParseIconLocationW, AssocQueryKeyW, PathIsPrefixW, -, -, -, -, SHOpenRegStream2W, -, -, PathFileExistsW, PathFindExtensionW, PathRemoveExtensionW, -, -, -, -, -, -, -, -, -, -, SHDeleteKeyW, PathAppendW, SHDeleteValueW, SHSetValueW, -, -, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, SHGetValueW, PathFindFileNameW, -, PathGetArgsW, SHSetThreadRef, SHCreateThreadRef, PathCombineW, -, -, -, -, -, StrChrW, StrToIntW, SHRegGetValueW, -, SHStrDupW, -, -, -, -, -, -, -, -, StrCmpNW, -, -, -, -, -, -, -, PathMatchSpecW, SHQueryValueExW, AssocCreate, StrCmpIW, -, PathIsRootW, PathIsNetworkPathW, -, SHQueryInfoKeyW, StrRetToBufW, -, -, -, -, -, StrStrIW, -, StrPBrkW, -, -, -, -, StrRetToStrW, PathStripToRootW
> SHELL32.dll: SHGetDesktopFolder, -, -, -, -, SHGetIDListFromObject, SHBindToFolderIDListParent, -, -, -, -, -, -, SHGetFolderPathW, -, -, -, SHBindToFolderIDListParentEx, -, -, SHCreateItemFromIDList, SHCreateShellItemArrayFromShellItem, -, -, -, -, -, -, -, SHCreateShellItemArrayFromIDLists, -, -, -, SHChangeNotify, SHAddToRecentDocs, DuplicateIcon, -, -, ShellExecuteW, -, -, -, SHGetPathFromIDListA, -, -, -, SHUpdateRecycleBinIcon, SHGetKnownFolderIDList, SHGetFolderPathEx, SHFileOperationW, -, -, SHGetPathFromIDListW, -, -, -, -, -, -, -, -, -, Shell_NotifyIconW, -, -, -, SHGetFolderPathAndSubDirW, ExtractIconExW, Shell_GetCachedImageIndexW, -, -, SHGetSpecialFolderLocation, -, SHBindToParent, -, -, -, SHEvaluateSystemCommandTemplate, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, SHBindToObject, -, SHGetSpecialFolderPathW, -, SHGetFolderLocation, -, -, SHParseDisplayName, -, -, -
> ole32.dll: CoRegisterClassObject, CoCreateInstance, CoTaskMemFree, CoRevokeClassObject, CoGetClassObject, OleInitialize, OleUninitialize, StringFromGUID2, CoGetObject, RegisterDragDrop, RevokeDragDrop, CoInitialize, CoUninitialize, CoRegisterMessageFilter, CoFreeUnusedLibraries, CoMarshalInterThreadInterfaceInStream, CoGetInterfaceAndReleaseStream, CoTaskMemAlloc, CoCreateFreeThreadedMarshaler, PropVariantClear, DoDragDrop, CoInitializeEx, CreateBindCtx
> OLEAUT32.dll: -, -, -, -, -, -
> SHDOCVW.dll: -, -
> UxTheme.dll: GetThemeColor, DrawThemeTextEx, GetThemeFont, GetThemeBackgroundRegion, GetThemeBool, IsCompositionActive, IsAppThemed, SetWindowTheme, GetThemeTextExtent, DrawThemeText, DrawThemeBackground, GetThemeRect, GetThemeMargins, GetThemeInt, CloseThemeData, OpenThemeData, DrawThemeParentBackground, GetThemeMetric, GetThemePartSize, GetThemeBackgroundContentRect, IsThemePartDefined
> POWRPROF.dll: GetPwrCapabilities
> dwmapi.dll: -, DwmSetWindowAttribute, DwmEnableBlurBehindWindow, DwmQueryThumbnailSourceSize, DwmUpdateThumbnailProperties, DwmGetColorizationColor, DwmIsCompositionEnabled, DwmUnregisterThumbnail, DwmRegisterThumbnail
> gdiplus.dll: GdiplusShutdown, GdiplusStartup, GdipGetImageHeight, GdipGetImageWidth, GdipCloneImage, GdipLoadImageFromFile, GdipDrawImageRectI, GdipSetInterpolationMode, GdipSetCompositingMode, GdipDeleteGraphics, GdipCreateFromHDC, GdipDisposeImage, GdipAlloc, GdipFree, GdipCreateBitmapFromStream
> slc.dll: SLGetWindowsInformationDWORD
> RPCRT4.dll: RpcStringFreeW, RpcBindingSetAuthInfoExW, RpcBindingFree, RpcStringBindingComposeW, I_RpcExceptionFilter, RpcBindingFromStringBindingW, NdrClientCall3
> PROPSYS.dll: VariantToInt32WithDefault, VariantToStringAlloc, PSCreateMemoryPropertyStore, VariantToStringWithDefault, VariantToBooleanWithDefault, PSGetPropertyDescription, PropVariantToStringAlloc, PSPropertyKeyFromString, PSGetNameFromPropertyKey, PSGetPropertyKeyFromName
> BROWSEUI.dll: -, -

( 0 exports )
Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.93 2009.02.05 - AhnLab-V3 5.0.0.2 2009.02.05 - AntiVir 7.9.0.74 2009.02.05 - Authentium 5.1.0.4 2009.02.05 - Avast 4.8.1281.0 2009.02.05 - AVG 8.0.0.229 2009.02.05 - BitDefender 7.2 2009.02.05 - CAT-QuickHeal 10.00 2009.02.05 - ClamAV 0.94.1 2009.02.05 - Comodo 965 2009.02.05 - DrWeb 4.44.0.09170 2009.02.05 - eSafe 7.0.17.0 2009.02.05 - eTrust-Vet 31.6.6343 2009.02.05 - F-Prot 4.4.4.56 2009.02.05 - F-Secure 8.0.14470.0 2009.02.05 - Fortinet 3.117.0.0 2009.02.05 - GData 19 2009.02.05 - Ikarus T3.1.1.45.0 2009.02.05 - K7AntiVirus 7.10.620 2009.02.05 - Kaspersky 7.0.0.125 2009.02.05 - McAfee 5516 2009.02.04 - McAfee+Artemis 5516 2009.02.04 - Microsoft 1.4306 2009.02.05 - NOD32 3831 2009.02.05 - Norman 6.00.02 2009.02.05 - nProtect 2009.1.8.0 2009.02.05 - Panda 9.5.1.2 2009.02.05 - PCTools 4.4.2.0 2009.02.05 - Prevx1 V2 2009.02.05 - Rising 21.15.30.00 2009.02.05 - SecureWeb-Gateway 6.7.6 2009.02.05 - Sophos 4.38.0 2009.02.05 - Sunbelt 3.2.1835.2 2009.01.16 - Symantec 10 2009.02.05 - TheHacker 6.3.1.5.247 2009.02.05 - TrendMicro 8.700.0.1004 2009.02.05 - VBA32 3.12.8.12 2009.02.05 - ViRobot 2009.2.5.1591 2009.02.05 - VirusBuster 4.5.11.0 2009.02.05 - Information additionnelle File size: 3080704 bytes MD5...: bbd8e74f23d7605cb0cdb57a1b25d826 SHA1..: d84af003a6a9dcf6ca9bd68bb66f2b96dcd1fce8 SHA256: 2e5e05f85aa53789a88cccb98dc6a52864492cf92f259ed24f4ffd894e91d096 SHA512: 1ad2a4c92ff062234a42ddb9029a0587c770036c5f1868291494d8b8c695ddc3
dd8ca800fec0b30b8931ca61ca62281e8023f8baab20a2defc1f7cae63dd1642
ssdeep: 24576:F3/xDOesUVC38HDINpGYCW5uXSA7jTeFadRsxKb/g/J/ulZ:FPxDOesUVP
HDIvLC8A7/eFw33l
PEiD..: - TrID..: File type identification
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x23550
timedatestamp.....: 0x4907e791 (Wed Oct 29 04:33:21 2008)
machinetype.......: 0x8664 (AMD64)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x731b9 0x73200 6.29 035ef792c6c677dda650715b324ea77b
.rdata 0x75000 0x19a64 0x19c00 4.63 a948cba1882a42bc64d94d561990b7e3
.data 0x8f000 0x2ffa 0x2e00 0.86 2db36e4ae57f1a7f36ba150aab05b050
.pdata 0x92000 0x858c 0x8600 5.97 5e3de5edca57db3504ae375153bbbfa9
.rsrc 0x9b000 0x2566a0 0x256800 7.04 4c8ed0154caccb7d6d39343edc8c8e27
.reloc 0x2f2000 0x1188 0x1200 5.39 7a0d23ff7ebf06fd655b80e02cb2ae13

( 19 imports )
> ADVAPI32.dll: RegCreateKeyW, RegCloseKey, RegOpenKeyExW, RegGetValueW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegisterTraceGuidsW, UnregisterTraceGuids, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, GetLengthSid, GetTokenInformation, OpenProcessToken, EventEnabled, EventWrite, EventRegister, EventUnregister, GetUserNameW, RegDeleteValueW, RegQueryInfoKeyW, RegEnumKeyExW, TraceMessage, RegOpenKeyW, RegEnumKeyW, RegEnumValueW, CloseServiceHandle, OpenServiceW, OpenSCManagerW, QueryServiceStatus, CheckTokenMembership, ConvertStringSecurityDescriptorToSecurityDescriptorW, OpenThreadToken, ConvertSidToStringSidW, StartServiceW, CreateWellKnownSid
> KERNEL32.dll: GetCurrentProcessId, MultiByteToWideChar, GetLocalTime, GetTimeFormatW, GetDateFormatW, GetLocaleInfoW, GetSystemWindowsDirectoryW, FlushInstructionCache, SetLastError, RaiseException, CreateFileW, GetFileSize, ReadFile, LoadLibraryA, GetModuleHandleW, OpenEventW, FindClose, FindNextFileW, FindFirstFileW, GetFileAttributesW, GlobalGetAtomNameW, ExpandEnvironmentStringsW, GetUserDefaultUILanguage, SystemTimeToFileTime, GetSystemTime, SetEvent, LeaveCriticalSection, EnterCriticalSection, GlobalFree, GetUserDefaultLangID, GetPrivateProfileIntW, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetBinaryTypeW, CompareFileTime, GetSystemTimeAsFileTime, MulDiv, GetTickCount, CompareStringOrdinal, lstrcmpiW, ExitProcess, GetTimeZoneInformation, SetFilePointer, DeleteCriticalSection, HeapDestroy, RegisterApplicationRestart, SetTermsrvAppInstallMode, CreateEventW, GetSystemDirectoryW, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, InitializeCriticalSection, GetCurrentProcess, SetErrorMode, FreeLibrary, GetProcAddress, GetEnvironmentVariableW, QueryPerformanceFrequency, GetFileAttributesExW, GetLongPathNameW, QueueUserWorkItem, GetProcessTimes, GetProcessId, TerminateThread, CreateIoCompletionPort, GetQueuedCompletionStatus, GetModuleHandleA, GetWindowsDirectoryW, FormatMessageW, QueryFullProcessImageNameW, DuplicateHandle, GetCurrentDirectoryW, WideCharToMultiByte, GlobalAlloc, WriteFile, DeactivateActCtx, ActivateActCtx, ReleaseActCtx, CreateActCtxW, LockResource, LoadResource, FindResourceExW, WaitForSingleObject, HeapAlloc, HeapFree, GetProcessHeap, GetPrivateProfileStringW, GetModuleFileNameW, CreateProcessW, lstrlenW, GetCommandLineW, GetStartupInfoW, OpenProcess, LocalFree, LocalAlloc, GetLastError, QueryInformationJobObject, Sleep, CreateThread, SetPriorityClass, GetPriorityClass, ResumeThread, AssignProcessToJobObject, SetInformationJobObject, CreateJobObjectW, CloseHandle, LoadLibraryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, SetUnhandledExceptionFilter, InterlockedPushEntrySList, VirtualAlloc, InterlockedPopEntrySList, VirtualFree, DelayLoadFailureHook
> GDI32.dll: GetStockObject, OffsetViewportOrgEx, GetLayout, CombineRgn, SetWindowOrgEx, GdiAlphaBlend, GetTextExtentPoint32W, ExtTextOutW, CreatePatternBrush, GetTextMetricsW, SelectClipRgn, SetViewportOrgEx, GetViewportOrgEx, IntersectClipRect, GetClipRgn, CreateRectRgn, PatBlt, GetBkColor, SetBkColor, OffsetWindowOrgEx, CreateCompatibleBitmap, GetTextExtentPointW, GetClipBox, CreateDIBSection, CreateRectRgnIndirect, CreateFontIndirectW, CreateSolidBrush, SetBkMode, SetTextColor, GetObjectW, DeleteObject, GetPixel, DeleteDC, BitBlt, SelectObject, CreateCompatibleDC, GetDeviceCaps
> USER32.dll: GetScrollInfo, SetScrollInfo, SendMessageCallbackW, GetWindowLongPtrW, SwitchToThisWindow, EnableMenuItem, IsZoomed, IsIconic, GetSystemMenu, IsWindowVisible, GetWindowInfo, GetMonitorInfoW, MonitorFromWindow, GetWindowThreadProcessId, IsRectEmpty, KillTimer, SetTimer, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, IsWindow, SetFocus, GetFocus, GetMenuItemCount, LoadImageW, TrackPopupMenuEx, GetSubMenu, SetMenuDefaultItem, SetMenuInfo, LoadMenuW, InsertMenuItemW, SetForegroundWindow, DestroyIcon, SetMenuItemInfoW, GetMenuItemInfoW, DeleteMenu, CharUpperBuffW, GetWindowLongPtrA, PostQuitMessage, SetWindowLongPtrW, ShutdownBlockReasonCreate, LoadStringW, UnregisterDeviceNotification, RegisterDeviceNotificationW, RegisterWindowMessageW, SetWindowPos, UnregisterClassW, DestroyWindow, UpdateWindow, GetDesktopWindow, RegisterClassExW, EndPaint, SetLayeredWindowAttributes, LoadBitmapW, BeginPaint, InvalidateRect, DefWindowProcW, ShowWindow, MoveWindow, PostMessageW, PeekMessageW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, ActivateKeyboardLayout, GetKeyboardLayout, IsProcessDPIAware, SetClassLongW, GetDCEx, PrintWindow, SetWindowLongW, GetPropW, GetGUIThreadInfo, GetCapture, GetNextDlgGroupItem, GetDlgCtrlID, GetNextDlgTabItem, ChildWindowFromPointEx, GetWindowDC, CharUpperW, SetWindowLongPtrA, RegisterClipboardFormatW, ReleaseCapture, SetWinEventHook, UnhookWinEvent, GetUserObjectInformationW, GetProcessWindowStation, LoadIconW, GetClassLongPtrW, GetIconInfo, InternalGetWindowText, GetShellWindow, SetProcessDPIAware, ReleaseDC, GetKeyState, GetForegroundWindow, IsWindowEnabled, GetAncestor, ShowWindowAsync, BringWindowToTop, MsgWaitForMultipleObjectsEx, AllowSetForegroundWindow, RemoveMenu, CallWindowProcW, EnableWindow, SetDlgItemInt, GetDlgItemInt, CheckDlgButton, SetParent, CopyIcon, DrawFocusRect, NotifyWinEvent, LockWorkStation, RegisterClassW, LoadCursorW, CascadeWindows, TileWindows, GetClassInfoExW, GetMenuItemID, TrackPopupMenu, FillRect, GetParent, CloseDesktop, OpenInputDesktop, GetThreadDesktop, EndTask, SetThreadDesktop, GetWindowLongW, EnumChildWindows, SendMessageW, MonitorFromRect, MapWindowPoints, AdjustWindowRectEx, SetRectEmpty, SetActiveWindow, DeregisterShellHookWindow, SetScrollPos, GetDlgItem, FlashWindowEx, GetClientRect, SetClassLongPtrW, GetClassLongW, GetClassInfoW, DrawTextW, GetSysColor, ScreenToClient, ClientToScreen, GetWindowRect, PtInRect, GetWindow, GetAsyncKeyState, HungWindowFromGhostWindow, GhostWindowFromHungWindow, IsDlgButtonChecked, EndDialog, GetSysColorBrush, UnionRect, EqualRect, IsHungAppWindow, GetLastActivePopup, AppendMenuW, WindowFromPoint, CheckMenuItem, ExitWindowsEx, DrawEdge, GetMessagePos, SetCursorPos, ChildWindowFromPoint, SendDlgItemMessageW, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, GetActiveWindow, MessageBeep, RemovePropW, GetLastInputInfo, GetWindowPlacement, GetWindowRgnBox, UpdateLayeredWindow, SetWindowRgn, SendMessageTimeoutW, OffsetRect, RedrawWindow, SubtractRect, WaitMessage, TranslateAcceleratorW, GetClassNameW, EnumDisplayMonitors, IntersectRect, LoadAcceleratorsW, SendNotifyMessageW, InflateRect, SetWindowPlacement, GetDoubleClickTime, SetCapture, TrackMouseEvent, LockSetForegroundWindow, CopyRect, SetRect, MonitorFromPoint, SetPropW, ModifyMenuW, InsertMenuW, GetMenuState, GetMessageW, TranslateMessage, DispatchMessageW, CharNextW, CharPrevW, CreatePopupMenu, GetMenuDefaultItem, EnumWindows, RegisterShellHookWindow, IsChild, GetCursorPos, GetDC, FindWindowW, GetSystemMetrics, DestroyMenu, SystemParametersInfoW, SetWindowTextW
> msvcrt.dll: free, _vsnwprintf, memset, memcpy, memcmp, _terminate@@YAXXZ, _onexit, realloc, memmove, malloc, __wgetmainargs, __C_specific_handler, _XcptFilter, _exit, _lock, __dllonexit, _unlock, __set_app_type, _fmode, _cexit, exit, _wcmdln, _initterm, _amsg_exit, __setusermatherr, _commode
> ntdll.dll: NtClose, NtOpenThreadToken, NtQueryInformationToken, RtlGetProductInfo, NtOpenProcessToken, NtQueryInformationProcess, NtSetInformationProcess, WinSqmAddToStream, NtSetSystemInformation
> SHLWAPI.dll: PathGetDriveNumberW, -, StrChrIW, SHRegGetUSValueW, -, StrDupW, PathQuoteSpacesW, -, -, -, PathRemoveFileSpecW, PathIsDirectoryW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, -, AssocQueryStringW, StrCmpW, -, PathParseIconLocationW, AssocQueryKeyW, PathIsPrefixW, -, -, -, -, SHOpenRegStream2W, -, -, PathFileExistsW, PathFindExtensionW, PathRemoveExtensionW, -, -, -, -, -, -, -, -, -, -, SHDeleteKeyW, PathAppendW, SHDeleteValueW, SHSetValueW, -, -, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, SHGetValueW, PathFindFileNameW, -, PathGetArgsW, SHSetThreadRef, SHCreateThreadRef, PathCombineW, -, -, -, -, -, StrChrW, StrToIntW, SHRegGetValueW, -, SHStrDupW, -, -, -, -, -, -, -, -, StrCmpNW, -, -, -, -, -, -, -, PathMatchSpecW, SHQueryValueExW, AssocCreate, StrCmpIW, -, PathIsRootW, PathIsNetworkPathW, -, SHQueryInfoKeyW, StrRetToBufW, -, -, -, -, -, StrStrIW, -, StrPBrkW, -, -, -, -, StrRetToStrW, PathStripToRootW
> SHELL32.dll: SHGetDesktopFolder, -, -, -, -, SHGetIDListFromObject, SHBindToFolderIDListParent, -, -, -, -, -, -, SHGetFolderPathW, -, -, -, SHBindToFolderIDListParentEx, -, -, SHCreateItemFromIDList, SHCreateShellItemArrayFromShellItem, -, -, -, -, -, -, -, SHCreateShellItemArrayFromIDLists, -, -, -, SHChangeNotify, SHAddToRecentDocs, DuplicateIcon, -, -, ShellExecuteW, -, -, -, SHGetPathFromIDListA, -, -, -, SHUpdateRecycleBinIcon, SHGetKnownFolderIDList, SHGetFolderPathEx, SHFileOperationW, -, -, SHGetPathFromIDListW, -, -, -, -, -, -, -, -, -, Shell_NotifyIconW, -, -, -, SHGetFolderPathAndSubDirW, ExtractIconExW, Shell_GetCachedImageIndexW, -, -, SHGetSpecialFolderLocation, -, SHBindToParent, -, -, -, SHEvaluateSystemCommandTemplate, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, SHBindToObject, -, SHGetSpecialFolderPathW, -, SHGetFolderLocation, -, -, SHParseDisplayName, -, -, -
> ole32.dll: CoRegisterClassObject, CoCreateInstance, CoTaskMemFree, CoRevokeClassObject, CoGetClassObject, OleInitialize, OleUninitialize, StringFromGUID2, CoGetObject, RegisterDragDrop, RevokeDragDrop, CoInitialize, CoUninitialize, CoRegisterMessageFilter, CoFreeUnusedLibraries, CoMarshalInterThreadInterfaceInStream, CoGetInterfaceAndReleaseStream, CoTaskMemAlloc, CoCreateFreeThreadedMarshaler, PropVariantClear, DoDragDrop, CoInitializeEx, CreateBindCtx
> OLEAUT32.dll: -, -, -, -, -, -
> SHDOCVW.dll: -, -
> UxTheme.dll: GetThemeColor, DrawThemeTextEx, GetThemeFont, GetThemeBackgroundRegion, GetThemeBool, IsCompositionActive, IsAppThemed, SetWindowTheme, GetThemeTextExtent, DrawThemeText, DrawThemeBackground, GetThemeRect, GetThemeMargins, GetThemeInt, CloseThemeData, OpenThemeData, DrawThemeParentBackground, GetThemeMetric, GetThemePartSize, GetThemeBackgroundContentRect, IsThemePartDefined
> POWRPROF.dll: GetPwrCapabilities
> dwmapi.dll: -, DwmSetWindowAttribute, DwmEnableBlurBehindWindow, DwmQueryThumbnailSourceSize, DwmUpdateThumbnailProperties, DwmGetColorizationColor, DwmIsCompositionEnabled, DwmUnregisterThumbnail, DwmRegisterThumbnail
> gdiplus.dll: GdiplusShutdown, GdiplusStartup, GdipGetImageHeight, GdipGetImageWidth, GdipCloneImage, GdipLoadImageFromFile, GdipDrawImageRectI, GdipSetInterpolationMode, GdipSetCompositingMode, GdipDeleteGraphics, GdipCreateFromHDC, GdipDisposeImage, GdipAlloc, GdipFree, GdipCreateBitmapFromStream
> slc.dll: SLGetWindowsInformationDWORD
> RPCRT4.dll: RpcStringFreeW, RpcBindingSetAuthInfoExW, RpcBindingFree, RpcStringBindingComposeW, I_RpcExceptionFilter, RpcBindingFromStringBindingW, NdrClientCall3
> PROPSYS.dll: VariantToInt32WithDefault, VariantToStringAlloc, PSCreateMemoryPropertyStore, VariantToStringWithDefault, VariantToBooleanWithDefault, PSGetPropertyDescription, PropVariantToStringAlloc, PSPropertyKeyFromString, PSGetNameFromPropertyKey, PSGetPropertyKeyFromName
> BROWSEUI.dll: -, -

( 0 exports )

Lyonnais92 · Answer

Re,

grave pas forcément.

Mais tu as 2 fichiers qui ont le même nom, n'ont pas la même taille, sont localisés dans 2 répertoires différents et sont non infectieux.

Il faut que je regarde.

Je ferai ça au jour.

HEEEEELP : plus moyen de rédémarrer Vista !!

16 réponses

Votre réponse

Newsletters