Problème d'infection trojans

Fermé
antho - 8 mai 2009 à 10:58
 Utilisateur anonyme - 11 mai 2009 à 12:49
Bonjour,

J'ai un gros problème avec mon ordi depuis hier soir. (pas celui là mais un autre!)

J'ai attrapé les trojans TR/crypt.XPACK.gen; Tr/alureon.14848J et TR/Dropper.gen, que j'ai tenté de supprimer avec Antivir, en vain.
Il m'était aussi impossible d'ouvrir des programmes comme Malwarebytes, ni Mozilla, ni Internet Explorer, etc.
Je me suis donc dit que je verrai le problème ce matin.

Ce matin donc, toujours les mêmes problèmes, mais j'ai finalement réussi à supprimer directement un fichier infecté (C:\Users\alain\AppData\Local\Temp\tmp1BCD.tmp), et depuis Antivir ne m'a encore rien indiqué.

Seulement, toujours les mêmes problèmes, je ne peux toujours pas ouvrir ces programmes.
De plus; il m'est aussi impossible de démarrer en mode sans échec pour lancer Malwarebytes, aussi bien en appuyant que F8 qu'en le faisant a partir de msconfig.
Je ne sais donc pas si mon problème est toujours lié aux trojans où à autre chose.

J'ai lu quelques forums pour chercher une réponse à mon problème, mais j'ai pas trouvé grand chose sur le problème des programmes.

J'ai lancé CCleaner, où j'ai du m'y prendre 3 fois pour supprimer tous les problèmes rencontrés, mais il n'y a plus rien (j'ai gardé les 3 comptes rendus au cas où).

J'ai lancé Hijackthis, donc voici le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:24, on 08/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Users\alain\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1008&m=aspire_6930g
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1008&m=aspire_6930g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1008&m=aspire_6930g
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate1c9b181bfc42490) (gupdate1c9b181bfc42490) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

62 réponses

OTListIt Extras logfile created on: 10/05/2009 18:56:45 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Users\alain\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 76,97% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 80,18 Gb Free Space | 55,66% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 62,66 Gb Free Space | 44,60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3,78 Gb Total Space | 3,75 Gb Free Space | 99,41% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-ANTHONY
Current User Name: alain
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

[color=orange]========== File Associations ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe File not found

[color=orange]========== Security Center Settings ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
File not found -- Reg Error: Unknown registry data type
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List

[color=orange]========== Authorized Applications List ==========/color

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/05/14 17:05:22 | 00,650,800 | ---- | M] (Egis Incorporated.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
[2008/05/14 17:05:36 | 00,926,256 | ---- | M] ( Egis Incorporated.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption????????
[2008/05/14 17:05:16 | 00,932,400 | ---- | M] ( Egis Incorporated.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
File not found -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
[2008/05/14 17:05:32 | 00,485,936 | ---- | M] (Egis Incorporated.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
[2008/05/14 17:06:28 | 00,752,176 | ---- | M] (Egis Incorporated.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
File not found -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
File not found -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
File not found -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
[2008/05/14 17:06:30 | 00,512,048 | ---- | M] (Egis Incorporated.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]

[color=orange]========== Vista Active Open Ports Exception List ==========/color

{098791A1-E4BD-4E63-8825-DA1710FAACEE} = LPORT=48113 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MACONFIG_TCP |
{1A59BA56-7EA7-4EF6-91CA-69979A11DF2E} = LPORT=RPC | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28535 | APP=%SYSTEMROOT%\SYSTEM32\SPOOLSV.EXE | SVC=SPOOLER |
{3486DC19-9D0F-4218-AD93-828894473B1A} = LPORT=48113 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MACONFIG_UDP |
{437F3D07-F827-4897-A44F-11AC1E6EC433} = LPORT=137 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28519 | APP=SYSTEM |
{57E809DA-5B43-4AD8-B51C-58453DE9FC79} = RPORT=137 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28523 | APP=SYSTEM |
{5F0D9ED0-51A9-46B3-BD0F-C7E9E83FEFF6} = LPORT=RPC-EPMAP | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28539 | SVC=RPCSS |
{6DC21704-3E30-44AD-8045-14B4BD4DA0DD} = LPORT=1900 | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS LIVE MESSENGER (SSDP-IN) | APP=SVCHOST.EXE | SVC=SSDPSRV |
{6EF9C4FA-DA41-4754-9F16-73309F436259} = RPORT=139 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28507 | APP=SYSTEM |
{721E28FC-DBF4-42BA-BD36-AC2DF83181E0} = LPORT=445 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28511 | APP=SYSTEM |
{99513783-BFE3-46BE-88A8-5B6C2B15DCE2} = LPORT=5353 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ADOBE CSI CS4 |
{9BF62190-063E-47A8-9EDB-05CEE151DC37} = LPORT=86 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=BROADCAM WEB SERVER |
{A1523DE8-8DA1-45CF-AA80-F25BF01DCDA0} = LPORT=139 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28503 | APP=SYSTEM |
{B73B7AB4-DE03-4E26-8071-E29DB329C2D8} = LPORT=6004 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE OUTLOOK | APP=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\OUTLOOK.EXE |
{C81D9884-69E3-4A9B-B568-25EF31A69EED} = LPORT=138 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28527 | APP=SYSTEM |
{D54BED02-484E-4DF1-B044-609AEF104267} = RPORT=445 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28515 | APP=SYSTEM |
{EB10CAF4-8350-49A5-83A4-49FC388F115F} = LPORT=2869 | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS LIVE MESSENGER (UPNP-IN) | APP=SYSTEM |
{ED7AF074-4B42-4328-A7B0-D19DCA6F2B79} = RPORT=138 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28531 | APP=SYSTEM |

[color=orange]========== Vista Active Application Exception List ==========/color

{07B2E198-C926-4F28-BABC-7116C00B1CE2} = PROFILE=PUBLIC | PROTOCOL=58 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28545 |
{0BBEAF06-0ECA-4FB6-B541-AD218F471DB1} = DIR=IN | ACTION=ALLOW | NAME=ACER PLAY MOVIE RESIDENT PROGRAM | APP=C:\PROGRAM FILES\ACER ARCADE DELUXE\PLAYMOVIE\PMVSERVICE.EXE |
{1221B880-AB91-4265-8EFD-E80243F3CC72} = DIR=IN | ACTION=ALLOW | NAME=ACER ARCADE DELUXE | APP=C:\PROGRAM FILES\ACER ARCADE DELUXE\ACER ARCADE DELUXE\ACER ARCADE DELUXE.EXE |
{1F5B8C03-1C65-4B57-80FC-4A81C39A5A0B} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=TOURNAMENT INDICATOR | APP=C:\PROGRAM FILES\TOURNAMENT INDICATOR\INDICATOR.EXE |
{22071643-7222-4164-8D62-786F5DD6C504} = DIR=IN | ACTION=ALLOW | NAME=WINDOWS LIVE MESSENGER | APP=C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE |
{2FCDE318-182E-4D8F-9169-FE74FBB301CE} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{30A1F990-1B0B-408D-9385-E83FF29BE07F} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{44132C7C-6906-4ED8-ABA6-2596681E8633} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=BACKUPSVC.EXE | APP=C:\PROGRAM FILES\NEWTECH INFOSYSTEMS\NTI BACKUP NOW 5\BACKUPSVC.EXE |
{55BCBF63-E742-4AE7-B721-889A3FB29EB1} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=TOURNAMENT INDICATOR | APP=C:\PROGRAM FILES\TOURNAMENT INDICATOR\INDICATOR.EXE |
{57BDCF60-2235-4679-8101-B9BD26C60ED2} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SCHEDULERSVC.EXE | APP=C:\PROGRAM FILES\NEWTECH INFOSYSTEMS\NTI BACKUP NOW 5\SCHEDULERSVC.EXE |
{5F218593-E308-411F-936E-3736EA9FF807} = PROFILE=PUBLIC | PROTOCOL=1 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28544 |
{630FD7A8-1246-44C3-9B80-659EF9EC2963} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=FOOTBALL MANAGER 2009 | APP=C:\PROGRAM FILES\SPORTS INTERACTIVE\FOOTBALL MANAGER 2009\FM.EXE |
{71E00646-63EC-47AC-B284-2EA545130FD0} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AGENTSVC.EXE | APP=C:\PROGRAM FILES\NEWTECH INFOSYSTEMS\NTI BACKUP NOW 5\CLIENT\AGENTSVC.EXE |
{7217FC4C-A890-4DDB-8291-CCF107CF1488} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ADOBE CSI CS4 | APP=C:\PROGRAM FILES\COMMON FILES\ADOBE\CS4SERVICEMANAGER\CS4SERVICEMANAGER.EXE |
{7429786E-1F75-409B-A752-107E5811C9E7} = PROFILE=PUBLIC | PROTOCOL=1 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28543 |
{74C84B0A-D181-47CC-AF69-43027E0C4755} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=FOOTBALL MANAGER 2009 | APP=C:\PROGRAM FILES\SPORTS INTERACTIVE\FOOTBALL MANAGER 2009\FM.EXE |
{89799D38-6725-4CE5-9D1E-6E30415FE623} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SCHEDULERSVC.EXE | APP=C:\PROGRAM FILES\NEWTECH INFOSYSTEMS\NTI BACKUP NOW 5\SCHEDULERSVC.EXE |
{8DE9F673-7690-4989-9B3C-B65027B99241} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ADOBE CSI CS4 | APP=C:\PROGRAM FILES\COMMON FILES\ADOBE\CS4SERVICEMANAGER\CS4SERVICEMANAGER.EXE |
{9DF0DBA6-E231-457F-9315-6B94D114952A} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ΜTORRENT (UDP-IN) | APP=C:\PROGRAM FILES\UTORRENT\UTORRENT.EXE |
{A2129374-20B0-44A0-B2AF-91AEC55500E3} = DIR=IN | ACTION=ALLOW | NAME=WINDOWS LIVE CALL | APP=C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\WLCSDK.EXE |
{A23BC454-822F-4BA2-B932-147886B2E0BB} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=HOLDEM INDICATOR | APP=C:\PROGRAM FILES\HOLDEM INDICATOR\HOLDEMINDICATOR.EXE |
{A5463B11-BEAF-45EA-83BA-4DF7CBA988E9} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AGENTSVC.EXE | APP=C:\PROGRAM FILES\NEWTECH INFOSYSTEMS\NTI BACKUP NOW 5\CLIENT\AGENTSVC.EXE |
{AEE54740-0DD3-43CF-81FC-5F8DC5277A27} = DIR=IN | ACTION=ALLOW | NAME=ACER HOMEMEDIA | APP=C:\PROGRAM FILES\ACER ARCADE DELUXE\HOMEMEDIA\HOMEMEDIA.EXE |
{BAB9A079-04E4-4518-8B47-2B2DE2187FF6} = DIR=IN | ACTION=ALLOW | NAME=ACER VCM | APP=C:\PROGRAM FILES\ACER\ACER VCM\VC.EXE |
{BBEA36F6-49D1-4E9A-A131-902B1FDD0F68} = PROFILE=PUBLIC | PROTOCOL=58 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28546 |
{BC207AFB-E6AB-4574-8B58-C8622DC2A12E} = DIR=IN | ACTION=ALLOW | NAME=ACER PLAY MOVIE | APP=C:\PROGRAM FILES\ACER ARCADE DELUXE\PLAYMOVIE\PLAYMOVIE.EXE |
{C1B783D7-0801-4E6A-A89B-5B384BAA745B} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MACONFSERVICE | APP=C:\PROGRAM FILES\MA-CONFIG.COM\MACONFSERVICE.EXE |
{C76A6ED9-3620-48E2-9B8C-9C651369F2E5} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=HOLDEM INDICATOR | APP=C:\PROGRAM FILES\HOLDEM INDICATOR\HOLDEMINDICATOR.EXE |
{D44F326E-3D01-4696-9E32-3ED5D49B0E4B} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=BACKUPSVC.EXE | APP=C:\PROGRAM FILES\NEWTECH INFOSYSTEMS\NTI BACKUP NOW 5\BACKUPSVC.EXE |
{D6E7CB35-16B8-4D90-875F-D8C1F2C41942} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ΜTORRENT (TCP-IN) | APP=C:\PROGRAM FILES\UTORRENT\UTORRENT.EXE |
{EAF513E9-F992-420A-9DF2-A1029CFD4735} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MACONFSERVICE | APP=C:\PROGRAM FILES\MA-CONFIG.COM\MACONFSERVICE.EXE |
TCP Query User{085A3010-B5D2-440B-8997-E8122054AD9B}C:\program files\tvants\tvants.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=TVANTS | APP=C:\PROGRAM FILES\TVANTS\TVANTS.EXE |
TCP Query User{198F1CC6-629B-460F-9B6C-F170836D021E}C:\program files\mozilla firefox\firefox.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=FIREFOX | APP=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE |
TCP Query User{3F7F242C-7B85-415A-961D-2758DBA1ED46}C:\program files\utorrent\utorrent.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ΜTORRENT | APP=C:\PROGRAM FILES\UTORRENT\UTORRENT.EXE |
TCP Query User{710DF5B8-D3E3-4F6A-A339-FCC5C3D913B4}C:\program files\sopcast\adv\sopadver.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SOPCAST ADVER | APP=C:\PROGRAM FILES\SOPCAST\ADV\SOPADVER.EXE |
TCP Query User{9D5D0207-860A-4D30-A466-C0D55C02BBDE}C:\program files\sopcast\sopcast.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SOPCAST MAIN APPLICATION | APP=C:\PROGRAM FILES\SOPCAST\SOPCAST.EXE |
TCP Query User{CB9526F3-DA4C-40B2-8E85-A2DB01955518}C:\program files\emule\emule.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=EMULE | APP=C:\PROGRAM FILES\EMULE\EMULE.EXE |
UDP Query User{1E939EF3-C8F7-4B0C-9806-7F3B545964B3}C:\program files\tvants\tvants.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=TVANTS | APP=C:\PROGRAM FILES\TVANTS\TVANTS.EXE |
UDP Query User{40B0A649-2DD5-4F7F-9DB3-78C61E36DF6C}C:\program files\emule\emule.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=EMULE | APP=C:\PROGRAM FILES\EMULE\EMULE.EXE |
UDP Query User{425F005E-D4DF-4322-AF75-8CB89F021F82}C:\program files\sopcast\adv\sopadver.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SOPCAST ADVER | APP=C:\PROGRAM FILES\SOPCAST\ADV\SOPADVER.EXE |
UDP Query User{5820F490-0A6B-4ECA-9D6D-399683A07FD1}C:\program files\sopcast\sopcast.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SOPCAST MAIN APPLICATION | APP=C:\PROGRAM FILES\SOPCAST\SOPCAST.EXE |
UDP Query User{B034B367-3342-4F35-8CD6-E8CD891CE0BB}C:\program files\mozilla firefox\firefox.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=FIREFOX | APP=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE |
UDP Query User{E0A0A98F-39CF-4CAC-BF50-D4D7A1745DC7}C:\program files\utorrent\utorrent.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ΜTORRENT | APP=C:\PROGRAM FILES\UTORRENT\UTORRENT.EXE |

[color=orange]========== HKEY_LOCAL_MACHINE Uninstall List ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C8262DE-8C1C-4486-B611-FA867B53D7E5}_is1" = VerySoft WebCamSplitter Pro
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.1.5.5c
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7370DF47-B4F9-4279-BFC3-3F09919F720D}" = Installation Windows Live
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{5A2F65A4-808F-4A1E-973E-92E17824982D}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{EC50B538-CBE1-42E6-B7FE-87AA540AADFB}" = Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-A90000000001}" = Adobe Reader 9 - Français
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Acer Acer Bio Protection 6.0.00.17" = Acer Bio Protection

AAU 6.0.00.17
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Audacity_is1" = Audacity 1.2.6
"CamStudio 2.02 Fr_is1" = CamStudio 2.02 Fr
"Capture NX 2" = Capture NX 2
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"eMule" = eMule
"FileZilla Client" = FileZilla Client 3.1.5
"Football Manager 2009" = Football Manager 2009
"Google Desktop" = Google Desktop
"Google Updater" = Outil de mise à jour Google
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"Internet Download Manager" = Internet Download Manager
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21)
"NVIDIA Drivers" = NVIDIA Drivers
"OutilsCI" = Outils Club Internet
"Pokerbility_is1" = Pokerbility 1.10.25
"PokerStars" = PokerStars
"PROPLUS" = Microsoft Office Professional Plus 2007
"Recover My Files_is1" = Recover My Files
"SFR_Kit" = SFR - Kit de connexion
"SopCast" = SopCast 2.0.4
"SPX Instant Screen Capture_is1" = SPX Instant Screen Capture
"SUPER ©" = SUPER © Version 2008.bld.33 (Sep 2, 2008)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVAnts 1.0" = TVAnts 1.0
"UDPixel" = UDPixel.exe
"Veetle TV" = Veetle TV 0.9.14
"VLC media player" = VLC media player 0.9.8a
"Web Acappella_is1" = Web Acappella
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate

[color=orange]========== HKEY_CURRENT_USER Uninstall List ==========/color

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

[color=orange]========== Last 10 Event Log Errors ==========/color

[ Application Events ]
Error - 07/05/2009 21:15:10 | Computer Name = PC-de-Anthony | Source = Application Error | ID = 1000
Description = Application défaillante vlc.exe, version 0.9.8.1, horodatage 0x493a8cbd,
module défaillant libavcodec_plugin.dll, version 0.0.0.0, horodatage 0x493a92d3,
code d’exception 0xc0000005, décalage d’erreur 0x00021464, ID du processus 0xe1c,
heure de début de l’application 0x01c9cf7a6dd47650.

Error - 07/05/2009 21:15:20 | Computer Name = PC-de-Anthony | Source = Application Error | ID = 1000
Description = Application défaillante vlc.exe, version 0.9.8.1, horodatage 0x493a8cbd,
module défaillant libavcodec_plugin.dll, version 0.0.0.0, horodatage 0x493a92d3,
code d’exception 0xc0000005, décalage d’erreur 0x00021464, ID du processus 0x17d4,
heure de début de l’application 0x01c9cf7a6ffe8240.

Error - 07/05/2009 21:40:28 | Computer Name = PC-de-Anthony | Source = Windows Search Service | ID = 3013
Description =

Error - 07/05/2009 21:40:28 | Computer Name = PC-de-Anthony | Source = Windows Search Service | ID = 3013
Description =

Error - 07/05/2009 21:40:28 | Computer Name = PC-de-Anthony | Source = Windows Search Service | ID = 3013
Description =

Error - 07/05/2009 21:40:28 | Computer Name = PC-de-Anthony | Source = Windows Search Service | ID = 3013
Description =

Error - 07/05/2009 21:40:29 | Computer Name = PC-de-Anthony | Source = Windows Search Service | ID = 3013
Description =

Error - 07/05/2009 21:40:29 | Computer Name = PC-de-Anthony | Source = Windows Search Service | ID = 3013
Description =

Error - 07/05/2009 21:40:29 | Computer Name = PC-de-Anthony | Source = Windows Search Service | ID = 3013
Description =

Error - 07/05/2009 21:40:29 | Computer Name = PC-de-Anthony | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 10/04/2009 08:16:43 | Computer Name = PC-de-Anthony | Source = bowser | ID = 8003
Description =

Error - 10/04/2009 13:40:45 | Computer Name = PC-de-Anthony | Source = bowser | ID = 8003
Description =

Error - 10/04/2009 15:55:26 | Computer Name = PC-de-Anthony | Source = DCOM | ID = 10000
Description =

Error - 11/04/2009 04:42:31 | Computer Name = PC-de-Anthony | Source = bowser | ID = 8003
Description =

Error - 11/04/2009 04:57:35 | Computer Name = PC-de-Anthony | Source = bowser | ID = 8003
Description =

Error - 11/04/2009 07:43:26 | Computer Name = PC-de-Anthony | Source = bowser | ID = 8003
Description =

Error - 11/04/2009 14:04:50 | Computer Name = PC-de-Anthony | Source = bowser | ID = 8003
Description =

Error - 11/04/2009 17:08:47 | Computer Name = PC-de-Anthony | Source = bowser | ID = 8003
Description =

Error - 12/04/2009 04:41:07 | Computer Name = PC-de-Anthony | Source = bowser | ID = 8003
Description =

Error - 13/04/2009 06:58:08 | Computer Name = PC-de-Anthony | Source = HTTP | ID = 15016
Description =


< End of report >
0
Non je me suis planté, celui la c'etait "extra.txt"!
Là c'est le bon!


OTListIt logfile created on: 10/05/2009 18:56:44 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Users\alain\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 76,97% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 80,18 Gb Free Space | 55,66% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 62,66 Gb Free Space | 44,60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3,78 Gb Total Space | 3,75 Gb Free Space | 99,41% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-ANTHONY
Current User Name: alain
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

[color=orange]========== Processes (SafeList) ==========[/color]

PRC - [2008/07/18 18:23:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe
PRC - [2008/10/15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/03/25 15:25:06 | 00,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\SPBA\upeksvr.exe
PRC - [2008/10/11 02:49:45 | 03,520,512 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
PRC - [2008/03/03 13:11:14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008/01/16 18:35:02 | 00,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008/05/14 17:05:30 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/10/29 08:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/06/02 09:25:40 | 00,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/07/20 11:45:06 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/03/30 23:51:31 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2008/07/20 11:45:06 | 00,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/05/07 10:19:26 | 06,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/04/25 04:08:40 | 01,049,896 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/05/14 17:05:22 | 00,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/10/11 02:49:37 | 03,602,432 | ---- | M] () -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
PRC - [2008/05/30 12:24:30 | 00,544,768 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2007/01/17 11:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/12/06 16:15:28 | 00,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2008/04/25 21:36:20 | 00,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/04/25 21:36:02 | 00,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2007/05/28 18:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007/10/19 00:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\xaudio.exe
PRC - [2009/03/03 04:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\wmiprvse.exe
PRC - [2008/01/21 04:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFHost.exe
PRC - [2008/06/04 14:03:36 | 00,817,672 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2008/08/01 09:51:42 | 00,405,504 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/10/11 02:49:30 | 03,676,160 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
PRC - [2008/07/24 15:54:10 | 00,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008/07/24 15:54:18 | 00,167,936 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008/07/18 16:04:36 | 00,167,936 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009/03/09 06:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/09/30 14:06:50 | 00,485,208 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/01/21 04:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/01/22 23:04:23 | 02,745,776 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2008/01/21 04:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008/12/04 18:02:32 | 00,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\alain\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008/10/11 02:49:50 | 03,837,736 | ---- | M] () -- C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
PRC - [2008/01/21 04:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\unsecapp.exe
PRC - [2008/02/18 15:01:01 | 00,251,312 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2008/04/25 04:08:48 | 00,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2009/02/06 18:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/04/29 11:03:26 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefo.exe
PRC - [2008/06/12 13:28:40 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008/01/21 04:24:13 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\conime.exe
PRC - [2009/03/03 06:21:28 | 08,500,328 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2009/01/04 18:12:49 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/05/10 18:55:19 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\alain\Desktop\OTListIt2.exe

[color=orange]========== Win32 Services (SafeList) ==========[/color]

SRV - [2008/10/15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
SRV - [2008/10/15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Stopped])
SRV - [2008/03/03 13:11:14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc [Auto | Running])
SRV - [2008/01/16 18:35:02 | 00,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService [Auto | Running])
SRV - [2008/01/21 04:24:55 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/05/14 17:05:30 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service [Auto | Running])
SRV - [2008/01/21 04:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 14:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 14:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/06/02 09:25:40 | 00,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService [Auto | Running])
SRV - [2009/01/01 20:49:03 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/01/21 04:25:20 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/12/01 11:59:52 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper [On_Demand | Stopped])
SRV - [2008/12/25 16:38:27 | 00,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-092308-165331 [On_Demand | Stopped])
SRV - [2009/03/30 23:51:31 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9b181bfc42490 [Auto | Stopped])
SRV - [2009/03/30 23:50:29 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/07/20 11:45:06 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/01/21 04:25:20 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/10/11 02:49:37 | 03,602,432 | ---- | M] () -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC [Auto | Running])
SRV - [2007/01/17 11:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007/12/06 16:15:28 | 00,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService [Auto | Running])
SRV - [2008/01/21 04:25:21 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/04/25 21:36:20 | 00,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc [Auto | Running])
SRV - [2008/04/25 21:36:02 | 00,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc [Auto | Running])
SRV - [2008/07/18 18:23:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/05/28 18:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
SRV - [2008/01/21 04:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/21 04:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2007/10/19 00:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])

[color=orange]========== Driver Services (SafeList) ==========[/color]

DRV - [2008/01/21 04:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2008/01/21 04:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2008/01/21 04:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2008/01/21 04:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 11:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2008/10/11 02:49:33 | 00,042,608 | ---- | M] (Alfa Corporation) -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF [Boot | Running])
DRV - [2008/01/21 04:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2008/01/21 04:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2008/01/21 04:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2008/05/19 13:42:56 | 00,912,384 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\system32\DRIVERS\athr.sys -- (athr [On_Demand | Stopped])
DRV - [2007/02/27 14:24:55 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
DRV - [2008/05/20 15:29:43 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
DRV - [2008/10/30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\Windows\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2006/11/02 10:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 10:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 10:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 10:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 10:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 10:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2008/01/21 04:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006/11/02 15:29:38 | 00,021,264 | ---- | M] (Dritek System Inc.) -- C:\Windows\system32\DRIVERS\DKbFltr.sys -- (DKbFltr [On_Demand | Running])
DRV - [2008/01/21 04:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2008/01/21 04:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2008/01/21 04:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2008/01/21 04:23:22 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\VSTAZL3.SYS -- (HSFHWAZL [On_Demand | Stopped])
DRV - [2008/03/26 00:41:30 | 00,980,992 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2008/03/26 00:39:20 | 00,207,872 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
DRV - [2008/07/20 17:44:44 | 00,324,120 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2008/01/21 04:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 11:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2007/01/26 08:32:18 | 00,069,632 | ---- | M] () -- C:\Windows\system32\drivers\int15.sys -- (int15 [Auto | Running])
DRV - [2008/05/07 13:22:50 | 02,134,424 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006/11/02 11:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 11:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2008/05/19 18:23:00 | 00,047,104 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\system32\DRIVERS\L1E60x86.sys -- (L1E [On_Demand | Running])
DRV - [2008/01/21 04:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2008/01/21 04:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2008/01/21 04:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2006/06/19 07:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2008/01/21 04:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2008/01/21 04:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped])
DRV - [2006/11/02 11:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2009/02/02 19:38:23 | 00,027,136 | ---- | M] (NCH Swift Sound) -- C:\Windows\system32\drivers\nchssvad.sys -- (NCHSSVAD [On_Demand | Stopped])
DRV - [2008/05/05 03:05:00 | 03,658,752 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\NETw5v32.sys -- (NETw5v32 [On_Demand | Running])
DRV - [2006/11/02 11:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2008/01/30 11:52:06 | 00,014,848 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\system32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
DRV - [2008/01/16 18:35:08 | 00,122,368 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel [Auto | Running])
DRV - [2006/11/02 09:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2008/06/25 07:05:06 | 00,044,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvhda32v.sys -- (NVHDA [On_Demand | Running])
DRV - [2008/07/18 18:23:00 | 07,545,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2008/01/21 04:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2008/01/21 04:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2008/05/14 17:05:42 | 00,018,992 | ---- | M] (Egis Incorporated) -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter [Boot | Running])
DRV - [2008/05/14 17:05:42 | 00,016,944 | ---- | M] (Egis Incorporated) -- C:\Windows\system32\DRIVERS\PSDNServ.sys -- (PSDNServ [Auto | Running])
DRV - [2008/05/14 17:05:44 | 00,060,464 | ---- | M] (Egis Incorporated) -- C:\Windows\system32\DRIVERS\PSDVdisk.sys -- (psdvdisk [Auto | Running])
DRV - [2008/01/21 04:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 11:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2008/03/26 10:59:12 | 00,061,440 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\drivers\RTSTOR.SYS -- (RTSTOR [On_Demand | Running])
DRV - [2006/11/02 08:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2008/01/21 04:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2008/12/26 23:08:00 | 00,717,296 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2007/11/08 18:03:26 | 00,021,248 | ---- | M] (AVIRA GmbH) -- C:\Windows\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2006/11/02 11:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 11:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 11:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2008/04/25 04:08:42 | 00,199,472 | ---- | M] (Synaptics, Inc.) -- C:\Windows\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008/04/28 13:56:16 | 00,050,576 | ---- | M] (UPEK Inc.) -- C:\Windows\System32\Drivers\tcusb.sys -- (TcUsb [On_Demand | Running])
DRV - [2008/01/30 11:51:50 | 00,013,824 | ---- | M] (NewTech Infosystems Corporation) -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper [Boot | Running])
DRV - [2008/01/21 04:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 11:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2008/01/21 04:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008/01/21 04:24:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\usb8023.sys -- (USB_RNDIS_51 [On_Demand | Stopped])
DRV - [2006/06/26 12:27:14 | 00,037,120 | ---- | M] (VerySoft LLC) -- C:\Windows\system32\DRIVERS\verysplit.sys -- (VERYSPLIT [On_Demand | Stopped])
DRV - [2006/03/07 18:07:48 | 00,035,840 | -HS- | M] (VerySoft LLC) -- C:\Windows\system32\DRIVERS\verysplitpro.sys -- (VERYSPLITPRO [On_Demand | Running])
DRV - [2008/01/21 04:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/06/08 17:10:18 | 00,016,896 | ---- | M] (VerySoft LLC) -- C:\Windows\system32\drivers\vsaudio.sys -- (VSAudio [On_Demand | Stopped])
DRV - [2008/01/21 04:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2008/03/26 00:38:32 | 00,661,504 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2007/03/28 07:51:40 | 00,043,008 | ---- | M] (Winbond Electronics Corporation) -- C:\Windows\system32\DRIVERS\winbondcir.sys -- (winbondcir [On_Demand | Running])
DRV - [2007/10/19 00:36:54 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\xaudio.sys -- (XAudio [Auto | Running])
DRV - [2008/07/18 16:05:10 | 00,061,424 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796} [Auto | Running])

[color=orange]========== Standard Registry (SafeList) ==========[/color]
0
Et la suite et fin:

[color=orange]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1008&m=aspire_6930g
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1008&m=aspire_6930g
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1008&m=aspire_6930g
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/29 11:03:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/29 11:03:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2009/05/04 13:52:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS

[2008/12/25 04:01:54 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\mozilla\Extensions
[2008/12/25 04:01:54 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/23 19:14:38 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\mozilla\Firefox\Profiles\uv0kql7v.default\extensions
[2008/12/25 03:13:12 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\mozilla\Firefox\Profiles\wild4yxe.default\extensions
[2009/05/09 23:47:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/29 11:03:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/29 23:07:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/28 12:35:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/29 11:03:26 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/29 11:03:26 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/07 18:36:47 | 00,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2009/02/07 18:36:47 | 00,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2009/02/07 18:36:47 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/07 18:36:47 | 00,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2009/02/07 18:36:47 | 00,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2009/02/07 18:36:47 | 00,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (769 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" (CyberLink)
O4 - HKLM..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE File not found
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" (Acer Corp.)
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show (Arachnoid Biometrics Identification Group Corp.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot (Tonec Inc.)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmes\Microsoft Office\Office12\REFIEBAR.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Intranet local)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} https://www.touslesdrivers.com/index.php?v_page=29 (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmes\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmes\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll File not found
O18 - Protocol\Filter: - text/xml - C:\Programmes\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programmes\Google\Google Desktop Search\GoogleDesktopNetwork3.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O20 - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/05/08 03:46:09 | 00,000,313 | RHS- | M] () - C:\autorun(646).inf -- [ NTFS ]
O32 - AutoRun File - [2009/05/08 11:28:44 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/05/08 11:28:44 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/05/08 11:28:46 | 00,000,000 | RHSD | M] - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{1c584961-f85f-11dd-b877-00238b055027}\Shell - "" = AutoRun
O33 - MountPoints2\{1c584961-f85f-11dd-b877-00238b055027}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{426e8f24-dcd1-11dd-944d-00238b055027}\Shell - "" = AutoRun
O33 - MountPoints2\{426e8f24-dcd1-11dd-944d-00238b055027}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{c2bf36c1-e0bb-11dd-9f2a-00238b055027}\Shell - "" = AutoRun
O33 - MountPoints2\{c2bf36c1-e0bb-11dd-9f2a-00238b055027}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{c7f2b0b2-db0c-11dd-9132-00238b055027}\Shell - "" = Autorun
O33 - MountPoints2\{c7f2b0b2-db0c-11dd-9132-00238b055027}\Shell\Open\command - "" = H:\RECYCLER\S-3-5-79-100008499-100013170-100031679-7558.com -- File not found
O33 - MountPoints2\{eb673e70-f1e4-11dd-aa11-00238b055027}\Shell\Auto\command - "" = G:\Start.exe -- File not found
O33 - MountPoints2\{f5c41698-d278-11dd-a674-00238b055027}\Shell - "" = AutoRun
O33 - MountPoints2\{f5c41698-d278-11dd-a674-00238b055027}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

[color=orange]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009/05/10 18:55:16 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Users\alain\Desktop\OTListIt2.exe
[2009/05/10 18:08:33 | 00,160,256 | ---- | C] () -- C:\Users\alain\Desktop\SYS_List.exe
[2009/05/10 10:03:42 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/08 14:10:09 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/05/08 13:11:03 | 00,000,000 | ---D | C] -- C:\rsit
[2009/05/08 11:28:44 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/05/08 11:09:43 | 00,000,000 | ---D | C] -- C:\UsbFix
[2009/05/08 10:33:57 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/08 09:29:59 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/05/08 09:29:59 | 00,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/08 09:29:56 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/07 22:20:05 | 00,037,120 | ---- | C] (VerySoft LLC) -- C:\Windows\System32\drivers\verysplit.sys
[2009/05/07 22:20:05 | 00,016,896 | ---- | C] (VerySoft LLC) -- C:\Windows\System32\drivers\vsaudio.sys
[2009/05/07 22:04:58 | 00,000,313 | RHS- | C] () -- C:\autorun(646).inf
[2009/05/07 22:04:58 | 00,000,000 | ---D | C] -- C:\RECYCLER
[2009/05/05 17:28:37 | 00,001,899 | ---- | C] () -- C:\Users\Public\Desktop\Nikon Transfer.lnk
[2009/05/05 17:28:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2009/05/05 17:28:32 | 00,000,000 | ---D | C] -- C:\ProgramData\Nikon
[2009/05/05 17:27:09 | 00,000,268 | RH-- | C] () -- C:\Users\alain\AppData\Roaming\Plug-Ins
[2009/05/05 17:27:09 | 00,000,268 | RH-- | C] () -- C:\ProgramData\Pop Kit
[2009/05/05 17:27:09 | 00,000,012 | RH-- | C] () -- C:\ProgramData\Profiles
[2009/05/05 17:27:08 | 00,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/05/05 17:19:27 | 00,000,268 | RH-- | C] () -- C:\Users\alain\AppData\Roaming\Utilities
[2009/05/05 17:19:27 | 00,000,268 | RH-- | C] () -- C:\ProgramData\Widgets
[2009/05/05 17:19:27 | 00,000,000 | ---D | C] -- C:\ProgramData\Sync Services
[2009/05/05 17:18:34 | 00,000,986 | ---- | C] () -- C:\Users\Public\Desktop\Capture NX 2.lnk
[2009/05/05 17:14:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2009/05/05 17:14:35 | 00,000,000 | ---D | C] -- C:\Users\alain\AppData\Roaming\Nikon
[2009/05/05 17:14:27 | 00,000,000 | ---D | C] -- C:\Program Files\Nikon
[2009/05/05 17:14:17 | 00,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2009/05/05 17:14:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Ultima_T15
[2009/05/05 17:14:17 | 00,000,000 | ---D | C] -- C:\ProgramData\EnterNHelp
[2009/05/04 13:52:37 | 00,001,794 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2009/05/04 13:52:29 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2009/05/03 19:06:46 | 00,000,000 | ---D | C] -- C:\Users\alain\AppData\Roaming\Thunderbird
[2009/05/03 18:09:44 | 00,000,000 | ---D | C] -- C:\ProgramData\IM
[2009/05/03 18:09:41 | 00,000,000 | ---D | C] -- C:\ProgramData\IncrediMail
[2009/05/03 18:09:41 | 00,000,000 | ---D | C] -- C:\Program Files\IncrediMail
[2009/04/29 16:24:21 | 00,000,786 | ---- | C] () -- C:\Users\alain\Desktop\Pokerbility.lnk
[2009/04/29 16:24:17 | 00,000,000 | ---D | C] -- C:\Program Files\Pokerbility
[2009/04/29 16:24:16 | 00,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\richtx32.ocx
[2009/04/29 16:15:39 | 00,000,000 | ---D | C] -- C:\Program Files\Tournament Indicator
[2009/04/29 16:15:10 | 00,000,000 | ---D | C] -- C:\Program Files\Holdem Indicator
[2009/04/27 15:54:07 | 00,001,995 | ---- | C] () -- C:\Users\Public\Desktop\AntiVir PE Classic.lnk
[2009/04/27 15:54:00 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2009/04/27 15:54:00 | 00,021,248 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2009/04/27 15:53:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2009/04/27 15:53:58 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/04/27 14:23:14 | 00,000,000 | ---D | C] -- C:\Users\alain\AppData\Roaming\Malwarebytes
[2009/04/27 14:23:06 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/04/27 14:23:06 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/23 18:07:16 | 00,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2009/04/23 16:59:18 | 00,000,512 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/04/23 16:59:04 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/04/23 16:57:04 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/04/23 16:57:04 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/04/22 17:54:03 | 00,000,958 | ---- | C] () -- C:\Users\alain\Desktop\Corbeille.lnk
[2009/04/19 04:30:06 | 00,000,756 | ---- | C] () -- C:\Users\alain\Desktop\Audacity.lnk
[2009/04/16 18:46:05 | 00,000,573 | ---- | C] () -- C:\Users\alain\Desktop\SopCast.lnk
[2009/04/16 18:46:05 | 00,000,000 | ---D | C] -- C:\Program Files\SopCast
[2009/04/15 12:20:36 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/04/15 12:20:33 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/04/15 12:20:32 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/04/15 12:20:22 | 03,599,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/04/15 12:20:22 | 00,551,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/04/15 12:20:21 | 03,547,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/04/15 12:20:19 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/04/15 12:20:19 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/04/15 12:20:19 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/04/15 12:20:19 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/04/15 12:20:19 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/04/15 12:20:19 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/04/15 12:20:19 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2009/04/15 12:20:12 | 01,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/04/15 12:20:12 | 00,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/04/15 12:20:11 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/04/15 12:20:11 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/04/15 12:20:11 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/04/15 12:19:56 | 03,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/04/15 12:19:54 | 06,068,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/04/15 12:19:52 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/04/15 12:19:51 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/04/15 12:19:51 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/04/15 12:19:51 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/04/15 12:19:51 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/04/15 12:19:50 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/04/15 12:19:50 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/04/15 12:19:50 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/04/15 12:19:50 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/04/15 12:19:49 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/04/15 12:19:49 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/04/15 12:19:49 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/04/15 12:19:48 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/03/29 15:33:07 | 00,000,872 | ---- | C] () -- C:\Windows\wininit.ini
[2008/12/31 14:26:49 | 02,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/12/26 23:07:59 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/12/25 20:08:33 | 00,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008/12/25 16:36:18 | 00,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2008/11/21 23:47:52 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/21 23:45:16 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/11/21 23:45:16 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/11/21 23:44:16 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/10/11 02:49:58 | 00,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008/10/11 02:35:56 | 00,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/10/11 02:35:56 | 00,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/07/25 23:57:40 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/07/25 15:16:27 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/07/25 15:16:27 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/07/25 14:55:07 | 00,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/07/25 14:51:22 | 00,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/07/25 14:40:52 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/07/22 10:01:25 | 00,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2007/01/26 08:32:18 | 00,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006/11/02 14:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 12:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 09:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/26 16:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

[color=orange]========== Files - Modified Within 30 Days ==========[/color]

[2009/05/10 18:55:19 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\alain\Desktop\OTListIt2.exe
[2009/05/10 18:25:54 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/05/10 18:25:54 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/05/10 18:08:34 | 00,160,256 | ---- | M] () -- C:\Users\alain\Desktop\SYS_List.exe
[2009/05/10 16:33:29 | 01,470,810 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/05/10 16:33:29 | 00,669,566 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2009/05/10 16:33:29 | 00,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/05/10 16:33:29 | 00,123,556 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2009/05/10 16:33:29 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/05/10 16:31:18 | 00,001,000 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/05/10 16:29:13 | 00,077,029 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/05/10 16:28:54 | 00,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachine.job
[2009/05/10 16:28:33 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/10 16:28:28 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/10 16:28:12 | 32,158,47424 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/09 23:31:27 | 00,077,029 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/05/08 08:50:20 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2009/05/08 03:46:09 | 00,000,313 | RHS- | M] () -- C:\autorun(646).inf
[2009/05/07 18:31:12 | 00,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT
[2009/05/07 18:06:39 | 00,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/05/07 16:58:59 | 00,000,512 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/05/06 17:00:24 | 00,002,687 | ---- | M] () -- C:\Users\alain\Desktop\Microsoft Office Word 2007.lnk
[2009/05/05 17:28:37 | 00,001,899 | ---- | M] () -- C:\Users\Public\Desktop\Nikon Transfer.lnk
[2009/05/05 17:27:09 | 00,000,268 | RH-- | M] () -- C:\Users\alain\AppData\Roaming\Plug-Ins
[2009/05/05 17:27:09 | 00,000,268 | RH-- | M] () -- C:\ProgramData\Pop Kit
[2009/05/05 17:27:09 | 00,000,012 | RH-- | M] () -- C:\ProgramData\Profiles
[2009/05/05 17:27:02 | 00,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ATL71.DLL
[2009/05/05 17:19:27 | 00,000,268 | RH-- | M] () -- C:\Users\alain\AppData\Roaming\Utilities
[2009/05/05 17:19:27 | 00,000,268 | RH-- | M] () -- C:\ProgramData\Widgets
[2009/05/05 17:18:34 | 00,000,986 | ---- | M] () -- C:\Users\Public\Desktop\Capture NX 2.lnk
[2009/05/04 13:52:37 | 00,001,794 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2009/04/29 16:59:51 | 00,000,786 | ---- | M] () -- C:\Users\alain\Desktop\Pokerbility.lnk
[2009/04/29 16:24:17 | 00,212,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\richtx32.ocx
[2009/04/27 15:54:07 | 00,001,995 | ---- | M] () -- C:\Users\Public\Desktop\AntiVir PE Classic.lnk
[2009/04/27 14:43:10 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/04/27 14:23:11 | 00,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/25 14:31:06 | 00,000,872 | ---- | M] () -- C:\Windows\wininit.ini
[2009/04/25 04:47:53 | 43,115,2328 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/04/22 17:54:35 | 00,000,958 | ---- | M] () -- C:\Users\alain\Desktop\Corbeille.lnk
[2009/04/19 04:30:06 | 00,000,756 | ---- | M] () -- C:\Users\alain\Desktop\Audacity.lnk
[2009/04/16 18:46:05 | 00,000,573 | ---- | M] () -- C:\Users\alain\Desktop\SopCast.lnk

[color=orange]========== LOP Check ==========[/color]

[2009/05/05 17:27:09 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming
[2008/12/25 01:41:03 | 00,000,000 | -HSD | M] -- C:\Users\alain\AppData\Roaming\.#
[2008/12/25 01:29:44 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\Acer
[2008/07/25 15:14:52 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\Acer GameZone Console
[2009/02/20 15:33:00 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\Adobe
[2008/12/25 14:10:30 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\CoSoSys
[2008/12/25 01:41:38 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\CyberLink
[2009/03/17 16:09:52 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\DivX
[2009/05/10 16:29:11 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\DMCache
[2009/05/11 02:20:34 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\dvdcss
[2008/12/25 01:50:40 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\eSobi
[2009/02/07 19:15:18 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\FileZilla
[2008/12/04 18:29:22 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\Google
[2009/05/11 02:20:34 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\gtk-2.0
[2008/12/04 18:02:06 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\Identities
[2009/02/26 21:35:49 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\IDM
[2008/12/04 18:02:43 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\Macromedia
[2009/04/27 14:23:14 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\Malwarebytes
[2006/11/02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\Media Center Programs
[2009/05/05 17:16:03 | 00,000,000 | --SD | M] -- C:\Users\alain\AppData\Roaming\Microsoft
[2009/05/03 19:06:50 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\Mozilla
[2009/02/02 19:44:13 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\NCH Swift Sound
[2009/05/06 02:43:08 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\Nikon
[2009/05/06 17:36:18 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\NwDocx
[2008/12/25 01:21:31 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\PeerNetworking
[2009/01/03 15:15:37 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\Sports Interactive
[2009/03/20 21:51:35 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\Template
[2009/05/11 02:20:37 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\Thunderbird
[2009/05/10 19:01:17 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\uTorrent
[2009/05/11 02:20:37 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\vlc
[2009/05/11 02:20:37 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\VSO
[2008/12/25 03:48:15 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\WinRAR
[2009/03/31 23:30:56 | 00,000,000 | ---D | M] -- C:\Users\alain\AppData\Roaming\Xilisoft Corporation
[2009/05/07 16:58:59 | 00,000,512 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/05/10 16:31:18 | 00,001,000 | ---- | M] () -- C:\Windows\Tasks\Google Software Updater.job
[2009/05/10 16:28:54 | 00,001,050 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachine.job
[2009/05/10 16:28:33 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/05/08 09:01:49 | 00,032,476 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=orange]========== Purity Check ==========[/color]

< End of report >
0
Utilisateur anonyme
10 mai 2009 à 19:28
C:\autorun(646).inf

que contient ce dossier ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Ca:

[autorun]
;njjhuivrboast
shellexecute="RECYCLER\S-3-5-79-100008499-100013170-100031679-7558.com c:\"
;lquxgysxrbfdcttmnzsxlbnxsjbasofwqedfvovrjdjdcnarazsnsswhhbkdtqmsekjklfmlbwkspyjugqumbwnxhvxvkbkc
shell\Open\command="RECYCLER\S-3-5-79-100008499-100013170-100031679-7558.com c:\"
;ihfctxlmgwto
shell=Open
0
Utilisateur anonyme
10 mai 2009 à 19:44
Télécharge HostXpert sur ton Bureau :

---> Décompresse-le (Clic droit >> Extraire ici)

---> Double-clique sur HostsXpert pour le lancer

---> clique sur le bouton "Restore MS Hosts File" puis ferme le programme

PS : Avant de cliquer sur le bouton "Restore MS Hosts File", vérifie que le cadenas en haut à gauche est ouvert sinon tu vas avoir un message d'erreur.

s'il est fermé , clique dessus :)

ensuite :


essaie de faire ceci :

Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
- Coche Afficher les fichiers et dossiers cachés
- Décoche Masquer les extensions des fichiers dont le type est connu
- Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
clique sur Appliquer, puis OK.

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

* Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier :

C:\Windows\system32\Drivers\AlfaFF.sys
C:\Windows\system32\drivers\int15.sys


* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
0
Fichier AlfaFF.sys reçu le 2009.05.10 19:57:57 (CET)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.10 -
AhnLab-V3 5.0.0.2 2009.05.09 -
AntiVir 7.9.0.166 2009.05.10 -
Antiy-AVL 2.0.3.1 2009.05.08 -
Authentium 5.1.2.4 2009.05.09 -
Avast 4.8.1335.0 2009.05.09 -
AVG 8.5.0.327 2009.05.10 -
BitDefender 7.2 2009.05.10 -
CAT-QuickHeal 10.00 2009.05.09 -
ClamAV 0.94.1 2009.05.10 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.10 -
eSafe 7.0.17.0 2009.05.10 -
eTrust-Vet 31.6.6497 2009.05.08 -
F-Prot 4.4.4.56 2009.05.09 -
F-Secure 8.0.14470.0 2009.05.09 -
Fortinet 3.117.0.0 2009.05.10 -
GData 19 2009.05.10 -
Ikarus T3.1.1.49.0 2009.05.10 -
K7AntiVirus 7.10.729 2009.05.08 -
Kaspersky 7.0.0.125 2009.05.10 -
McAfee 5611 2009.05.10 -
McAfee+Artemis 5611 2009.05.10 -
McAfee-GW-Edition 6.7.6 2009.05.10 -
Microsoft 1.4602 2009.05.10 -
NOD32 4063 2009.05.08 -
Norman 6.01.05 2009.05.08 -
nProtect 2009.1.8.0 2009.05.10 -
Panda 10.0.0.14 2009.05.10 -
PCTools 4.4.2.0 2009.05.07 -
Prevx 3.0 2009.05.10 -
Rising 21.28.62.00 2009.05.10 -
Sophos 4.41.0 2009.05.10 -
Sunbelt 3.2.1858.2 2009.05.09 -
Symantec 1.4.4.12 2009.05.10 -
TheHacker 6.3.4.1.324 2009.05.09 -
TrendMicro 8.950.0.1092 2009.05.08 -
VBA32 3.12.10.4 2009.05.09 -
ViRobot 2009.5.9.1727 2009.05.09 -
VirusBuster 4.6.5.0 2009.05.10 -
Information additionnelle
File size: 42608 bytes
MD5...: 4490b8bdf38750458eb9b24835fda8fe
SHA1..: 11c5e3a880e3ec17a6c92400c3e79dc71ffe7a40
SHA256: 94c2cefaf97099843169b78d9a4d038674c2bf69816245c49ad0b5218cc03557
SHA512: e58d5f920aba9a2f2c6521d2eafd04b4b8a260e58da345109817d3cf3c2501b6<br>2ca35734972ebf6b6cdf54d7cf7c498ec2c519f7eba96fea18c9f79251b07c9d
ssdeep: 768:hn0aasn9UXMT7/Lw/rbBoaRG4gtgZRIhF0Dc88Ze/NVCwH2s8QkH8LlbFm/:<br>Z0aaM9UXO7/UDbpG46+RIhF0Dc88gVQl<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (58.4%)<br>Clipper DOS Executable (13.8%)<br>Generic Win/DOS Executable (13.7%)<br>DOS Executable Generic (13.7%)<br>VXD Driver (0.2%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x74d3<br>timedatestamp.....: 0x47c82c3a (Fri Feb 29 16:00:58 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x480 0x63e8 0x6400 6.44 2ffa88aa0929ed8f690a96387c724bcc<br>.rdata 0x6880 0x3f4 0x400 3.55 74b442ecef1dd20fb9ffcbdbb6364dd1<br>.data 0x6c80 0x420 0x480 0.21 8e82dcfb8b5d743d8d0a7afdba029b70<br>INIT 0x7100 0xe7c 0xe80 5.77 c884dc28bd64939a64820d52ac07c56d<br>.rsrc 0x7f80 0x618 0x680 3.31 e8481081c8a0e1e774f6afbfbfd6f263<br>.reloc 0x8600 0x680 0x680 6.28 e5a3615b19dc0c93e4c898fc5324ced2<br><br>( 4 imports ) <br>> ntoskrnl.exe: RtlValidSecurityDescriptor, RtlCompareMemory, _allmul, ZwClose, PsGetCurrentProcessId, ZwCreateKey, ZwQueryValueKey, ZwOpenKey, KeBugCheckEx, MmMapLockedPagesSpecifyCache, SeCaptureSubjectContext, SeReleaseSubjectContext, RtlTimeToTimeFields, SeAccessCheck, KeInitializeEvent, KeWaitForSingleObject, SeQueryAuthenticationIdToken, LsaFreeReturnBuffer, KeSetEvent, SeMarkLogonSessionForTerminationNotification, sprintf, RtlAnsiStringToUnicodeString, RtlFreeUnicodeString, RtlUpcaseUnicodeChar, strncmp, KeTickCount, memmove, KeQuerySystemTime, ExSystemTimeToLocalTime, ExInitializeResourceLite, ExInitializeNPagedLookasideList, SeRegisterLogonSessionTerminatedRoutine, ExAllocatePoolWithTag, RtlInitUnicodeString, IoGetCurrentProcess, ExFreePool, ExAcquireResourceSharedLite, InterlockedDecrement, InterlockedIncrement, ExFreePoolWithTag, SeUnregisterLogonSessionTerminatedRoutine, ExDeleteNPagedLookasideList, ExDeleteResourceLite, _except_handler3, DbgPrint, KeEnterCriticalRegion, ExAcquireResourceExclusiveLite, ExReleaseResourceLite, KeLeaveCriticalRegion, ZwSetValueKey, ObfDereferenceObject<br>> HAL.dll: KeGetCurrentIrql<br>> FLTMGR.SYS: FltSetCallbackDataDirty, FltSendMessage, FltReissueSynchronousIo, FltAllocateCallbackData, FltPerformSynchronousIo, FltFreeCallbackData, FltGetFileNameInformationUnsafe, FltReferenceContext, FltGetStreamHandleContext, FltGetStreamContext, FltSetStreamHandleContext, FltSetStreamContext, FltAllocateGenericWorkItem, FltQueueGenericWorkItem, FltFreeGenericWorkItem, FltParseFileNameInformation, FltGetVolumeContext, FltReleaseContext, FltGetDestinationFileNameInformation, FltGetVolumeName, FltCancelFileOpen, FltGetRequestorProcessId, FltGetRequestorProcess, FltGetFileNameInformation, FltReleaseFileNameInformation, FltRegisterFilter, FltBuildDefaultSecurityDescriptor, FltCreateCommunicationPort, FltFreeSecurityDescriptor, FltStartFiltering, FltCloseClientPort, FltCloseCommunicationPort, FltUnregisterFilter, FltAllocateContext, FltGetVolumeProperties, FltGetVolumeGuidName, FltSetVolumeContext<br>> ksecdd.sys: GetSecurityUserInfo<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
packers (Kaspersky): PE_Patch

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.10 -
AhnLab-V3 5.0.0.2 2009.05.09 -
AntiVir 7.9.0.166 2009.05.10 -
Antiy-AVL 2.0.3.1 2009.05.08 -
Authentium 5.1.2.4 2009.05.09 -
Avast 4.8.1335.0 2009.05.09 -
AVG 8.5.0.327 2009.05.10 -
BitDefender 7.2 2009.05.10 -
CAT-QuickHeal 10.00 2009.05.09 -
ClamAV 0.94.1 2009.05.10 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.10 -
eSafe 7.0.17.0 2009.05.10 -
eTrust-Vet 31.6.6497 2009.05.08 -
F-Prot 4.4.4.56 2009.05.09 -
F-Secure 8.0.14470.0 2009.05.09 -
Fortinet 3.117.0.0 2009.05.10 -
GData 19 2009.05.10 -
Ikarus T3.1.1.49.0 2009.05.10 -
K7AntiVirus 7.10.729 2009.05.08 -
Kaspersky 7.0.0.125 2009.05.10 -
McAfee 5611 2009.05.10 -
McAfee+Artemis 5611 2009.05.10 -
McAfee-GW-Edition 6.7.6 2009.05.10 -
Microsoft 1.4602 2009.05.10 -
NOD32 4063 2009.05.08 -
Norman 6.01.05 2009.05.08 -
nProtect 2009.1.8.0 2009.05.10 -
Panda 10.0.0.14 2009.05.10 -
PCTools 4.4.2.0 2009.05.07 -
Prevx 3.0 2009.05.10 -
Rising 21.28.62.00 2009.05.10 -
Sophos 4.41.0 2009.05.10 -
Sunbelt 3.2.1858.2 2009.05.09 -
Symantec 1.4.4.12 2009.05.10 -
TheHacker 6.3.4.1.324 2009.05.09 -
TrendMicro 8.950.0.1092 2009.05.08 -
VBA32 3.12.10.4 2009.05.09 -
ViRobot 2009.5.9.1727 2009.05.09 -
VirusBuster 4.6.5.0 2009.05.10 -

Information additionnelle
File size: 42608 bytes
MD5...: 4490b8bdf38750458eb9b24835fda8fe
SHA1..: 11c5e3a880e3ec17a6c92400c3e79dc71ffe7a40
SHA256: 94c2cefaf97099843169b78d9a4d038674c2bf69816245c49ad0b5218cc03557
SHA512: e58d5f920aba9a2f2c6521d2eafd04b4b8a260e58da345109817d3cf3c2501b6<br>2ca35734972ebf6b6cdf54d7cf7c498ec2c519f7eba96fea18c9f79251b07c9d
ssdeep: 768:hn0aasn9UXMT7/Lw/rbBoaRG4gtgZRIhF0Dc88Ze/NVCwH2s8QkH8LlbFm/:<br>Z0aaM9UXO7/UDbpG46+RIhF0Dc88gVQl<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (58.4%)<br>Clipper DOS Executable (13.8%)<br>Generic Win/DOS Executable (13.7%)<br>DOS Executable Generic (13.7%)<br>VXD Driver (0.2%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x74d3<br>timedatestamp.....: 0x47c82c3a (Fri Feb 29 16:00:58 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x480 0x63e8 0x6400 6.44 2ffa88aa0929ed8f690a96387c724bcc<br>.rdata 0x6880 0x3f4 0x400 3.55 74b442ecef1dd20fb9ffcbdbb6364dd1<br>.data 0x6c80 0x420 0x480 0.21 8e82dcfb8b5d743d8d0a7afdba029b70<br>INIT 0x7100 0xe7c 0xe80 5.77 c884dc28bd64939a64820d52ac07c56d<br>.rsrc 0x7f80 0x618 0x680 3.31 e8481081c8a0e1e774f6afbfbfd6f263<br>.reloc 0x8600 0x680 0x680 6.28 e5a3615b19dc0c93e4c898fc5324ced2<br><br>( 4 imports ) <br>> ntoskrnl.exe: RtlValidSecurityDescriptor, RtlCompareMemory, _allmul, ZwClose, PsGetCurrentProcessId, ZwCreateKey, ZwQueryValueKey, ZwOpenKey, KeBugCheckEx, MmMapLockedPagesSpecifyCache, SeCaptureSubjectContext, SeReleaseSubjectContext, RtlTimeToTimeFields, SeAccessCheck, KeInitializeEvent, KeWaitForSingleObject, SeQueryAuthenticationIdToken, LsaFreeReturnBuffer, KeSetEvent, SeMarkLogonSessionForTerminationNotification, sprintf, RtlAnsiStringToUnicodeString, RtlFreeUnicodeString, RtlUpcaseUnicodeChar, strncmp, KeTickCount, memmove, KeQuerySystemTime, ExSystemTimeToLocalTime, ExInitializeResourceLite, ExInitializeNPagedLookasideList, SeRegisterLogonSessionTerminatedRoutine, ExAllocatePoolWithTag, RtlInitUnicodeString, IoGetCurrentProcess, ExFreePool, ExAcquireResourceSharedLite, InterlockedDecrement, InterlockedIncrement, ExFreePoolWithTag, SeUnregisterLogonSessionTerminatedRoutine, ExDeleteNPagedLookasideList, ExDeleteResourceLite, _except_handler3, DbgPrint, KeEnterCriticalRegion, ExAcquireResourceExclusiveLite, ExReleaseResourceLite, KeLeaveCriticalRegion, ZwSetValueKey, ObfDereferenceObject<br>> HAL.dll: KeGetCurrentIrql<br>> FLTMGR.SYS: FltSetCallbackDataDirty, FltSendMessage, FltReissueSynchronousIo, FltAllocateCallbackData, FltPerformSynchronousIo, FltFreeCallbackData, FltGetFileNameInformationUnsafe, FltReferenceContext, FltGetStreamHandleContext, FltGetStreamContext, FltSetStreamHandleContext, FltSetStreamContext, FltAllocateGenericWorkItem, FltQueueGenericWorkItem, FltFreeGenericWorkItem, FltParseFileNameInformation, FltGetVolumeContext, FltReleaseContext, FltGetDestinationFileNameInformation, FltGetVolumeName, FltCancelFileOpen, FltGetRequestorProcessId, FltGetRequestorProcess, FltGetFileNameInformation, FltReleaseFileNameInformation, FltRegisterFilter, FltBuildDefaultSecurityDescriptor, FltCreateCommunicationPort, FltFreeSecurityDescriptor, FltStartFiltering, FltCloseClientPort, FltCloseCommunicationPort, FltUnregisterFilter, FltAllocateContext, FltGetVolumeProperties, FltGetVolumeGuidName, FltSetVolumeContext<br>> ksecdd.sys: GetSecurityUserInfo<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
packers (Kaspersky): PE_Patch
0
Fichier int15.sys reçu le 2009.05.10 20:01:12 (CET)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.10 -
AhnLab-V3 5.0.0.2 2009.05.09 -
AntiVir 7.9.0.166 2009.05.10 -
Antiy-AVL 2.0.3.1 2009.05.08 -
Authentium 5.1.2.4 2009.05.09 -
Avast 4.8.1335.0 2009.05.09 -
AVG 8.5.0.327 2009.05.10 -
BitDefender 7.2 2009.05.10 -
CAT-QuickHeal 10.00 2009.05.09 -
ClamAV 0.94.1 2009.05.10 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.10 -
eSafe 7.0.17.0 2009.05.10 -
eTrust-Vet 31.6.6497 2009.05.08 -
F-Prot 4.4.4.56 2009.05.09 -
F-Secure 8.0.14470.0 2009.05.09 -
Fortinet 3.117.0.0 2009.05.10 -
GData 19 2009.05.10 -
Ikarus T3.1.1.49.0 2009.05.10 -
K7AntiVirus 7.10.729 2009.05.08 -
Kaspersky 7.0.0.125 2009.05.10 -
McAfee 5611 2009.05.10 -
McAfee+Artemis 5611 2009.05.10 -
McAfee-GW-Edition 6.7.6 2009.05.10 -
Microsoft 1.4602 2009.05.10 -
NOD32 4063 2009.05.08 -
Norman 6.01.05 2009.05.08 -
nProtect 2009.1.8.0 2009.05.10 -
Panda 10.0.0.14 2009.05.10 -
PCTools 4.4.2.0 2009.05.07 -
Prevx 3.0 2009.05.10 -
Rising 21.28.62.00 2009.05.10 -
Sophos 4.41.0 2009.05.10 -
Sunbelt 3.2.1858.2 2009.05.09 -
Symantec 1.4.4.12 2009.05.10 -
TheHacker 6.3.4.1.324 2009.05.09 -
TrendMicro 8.950.0.1092 2009.05.08 -
VBA32 3.12.10.4 2009.05.09 -
ViRobot 2009.5.9.1727 2009.05.09 -
VirusBuster 4.6.5.0 2009.05.10 -
Information additionnelle
File size: 69632 bytes
MD5...: 4d8d5b1c895ea0f2a721b98a7ce198f1
SHA1..: dd77f613bde9a7319bd43e04512e64344262bcb7
SHA256: a7bb7060b9c5353a5edd18ee5a0950ee94e44b1b686f110f0e5bfa432d743dd1
SHA512: c0dd281450bb9384e2c7cfb12f9df8697cf2308b0b149d09279ec2a04bab41f3<br>24485edc99aaf2a604daa1d651501947871bd9b067bb65e439a92899db092054
ssdeep: 48:iiynX9MIOBjBz21TcJB0a7VK60NlhwclT8p51+ZDb5inGiTVyBwuQVrrSfGBP<br>Rr5:t8dOtlCck4AVM1+DcGTBwuQ461dn<br>
PEiD..: -
TrID..: File type identification<br>Generic Win/DOS Executable (49.9%)<br>DOS Executable Generic (49.8%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x300<br>timedatestamp.....: 0x3f7a664d (Wed Oct 01 05:29:49 2003)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x300 0x87a 0x880 6.18 d1ce012629819b91faf50e6dd74cb29e<br>.rdata 0xb80 0x83 0x100 2.84 1888efe992e0b9db0369ee91c4acc4cc<br>.data 0xc80 0x10068 0x10080 0.01 fd66baf61740aa710e01b21f3d36d627<br>INIT 0x10d00 0x12a 0x180 4.07 eb3e2f28599e24cb291e430770aa3051<br>.reloc 0x10e80 0x156 0x180 2.56 3128fb23b56dd8341d7fd9652dc59ba1<br><br>( 1 imports ) <br>> ntoskrnl.exe: IofCompleteRequest, IoDeleteDevice, IoDeleteSymbolicLink, RtlInitUnicodeString, MmFreeNonCachedMemory, DbgPrint, MmUnmapIoSpace, MmMapIoSpace, IoCreateSymbolicLink, IoCreateDevice<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=4d8d5b1c895ea0f2a721b98a7ce198f1' target='_blank'>http://research.sunbelt-software.com/...

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.10 -
AhnLab-V3 5.0.0.2 2009.05.09 -
AntiVir 7.9.0.166 2009.05.10 -
Antiy-AVL 2.0.3.1 2009.05.08 -
Authentium 5.1.2.4 2009.05.09 -
Avast 4.8.1335.0 2009.05.09 -
AVG 8.5.0.327 2009.05.10 -
BitDefender 7.2 2009.05.10 -
CAT-QuickHeal 10.00 2009.05.09 -
ClamAV 0.94.1 2009.05.10 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.10 -
eSafe 7.0.17.0 2009.05.10 -
eTrust-Vet 31.6.6497 2009.05.08 -
F-Prot 4.4.4.56 2009.05.09 -
F-Secure 8.0.14470.0 2009.05.09 -
Fortinet 3.117.0.0 2009.05.10 -
GData 19 2009.05.10 -
Ikarus T3.1.1.49.0 2009.05.10 -
K7AntiVirus 7.10.729 2009.05.08 -
Kaspersky 7.0.0.125 2009.05.10 -
McAfee 5611 2009.05.10 -
McAfee+Artemis 5611 2009.05.10 -
McAfee-GW-Edition 6.7.6 2009.05.10 -
Microsoft 1.4602 2009.05.10 -
NOD32 4063 2009.05.08 -
Norman 6.01.05 2009.05.08 -
nProtect 2009.1.8.0 2009.05.10 -
Panda 10.0.0.14 2009.05.10 -
PCTools 4.4.2.0 2009.05.07 -
Prevx 3.0 2009.05.10 -
Rising 21.28.62.00 2009.05.10 -
Sophos 4.41.0 2009.05.10 -
Sunbelt 3.2.1858.2 2009.05.09 -
Symantec 1.4.4.12 2009.05.10 -
TheHacker 6.3.4.1.324 2009.05.09 -
TrendMicro 8.950.0.1092 2009.05.08 -
VBA32 3.12.10.4 2009.05.09 -
ViRobot 2009.5.9.1727 2009.05.09 -
VirusBuster 4.6.5.0 2009.05.10 -

Information additionnelle
File size: 69632 bytes
MD5...: 4d8d5b1c895ea0f2a721b98a7ce198f1
SHA1..: dd77f613bde9a7319bd43e04512e64344262bcb7
SHA256: a7bb7060b9c5353a5edd18ee5a0950ee94e44b1b686f110f0e5bfa432d743dd1
SHA512: c0dd281450bb9384e2c7cfb12f9df8697cf2308b0b149d09279ec2a04bab41f3<br>24485edc99aaf2a604daa1d651501947871bd9b067bb65e439a92899db092054
ssdeep: 48:iiynX9MIOBjBz21TcJB0a7VK60NlhwclT8p51+ZDb5inGiTVyBwuQVrrSfGBP<br>Rr5:t8dOtlCck4AVM1+DcGTBwuQ461dn<br>
PEiD..: -
TrID..: File type identification<br>Generic Win/DOS Executable (49.9%)<br>DOS Executable Generic (49.8%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x300<br>timedatestamp.....: 0x3f7a664d (Wed Oct 01 05:29:49 2003)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x300 0x87a 0x880 6.18 d1ce012629819b91faf50e6dd74cb29e<br>.rdata 0xb80 0x83 0x100 2.84 1888efe992e0b9db0369ee91c4acc4cc<br>.data 0xc80 0x10068 0x10080 0.01 fd66baf61740aa710e01b21f3d36d627<br>INIT 0x10d00 0x12a 0x180 4.07 eb3e2f28599e24cb291e430770aa3051<br>.reloc 0x10e80 0x156 0x180 2.56 3128fb23b56dd8341d7fd9652dc59ba1<br><br>( 1 imports ) <br>> ntoskrnl.exe: IofCompleteRequest, IoDeleteDevice, IoDeleteSymbolicLink, RtlInitUnicodeString, MmFreeNonCachedMemory, DbgPrint, MmUnmapIoSpace, MmMapIoSpace, IoCreateSymbolicLink, IoCreateDevice<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=4d8d5b1c895ea0f2a721b98a7ce198f1' target='_blank'>http://research.sunbelt-software.com/...
0
Utilisateur anonyme
10 mai 2009 à 20:52
supprime l autorun(646).inf


tu télécharge LOP S&D sur ton Bureau.


* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
0
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz )
BIOS : ZK2 v0.3121 3A21
USER : alain ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:144 Go (Free:79 Go)
D:\ (Local Disk) - NTFS - Total:140 Go (Free:62 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB) - FAT32 - Total:3868 Mo (Free:3 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 10/05/2009|20:54 )

[ UAC => 0 ]

--------------------\\ Listing des dossiers dans Local

[11/05/2009|02:20] C:\Users\alain\AppData\Local\{02D6B647-B652-4FF2-875E-268CD3382FB2}
[25/12/2008|01:41] C:\Users\alain\AppData\Local\Acer Arcade Deluxe
[12/01/2009|18:56] C:\Users\alain\AppData\Local\Adobe
[04/12/2008|18:00] C:\Users\alain\AppData\Local\Application Data
[25/12/2008|01:41] C:\Users\alain\AppData\Local\CyberLink
[08/04/2009|10:45] C:\Users\alain\AppData\Local\d3d9caps.dat
[07/05/2009|22:22] C:\Users\alain\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[25/12/2008|03:04] C:\Users\alain\AppData\Local\eMule
[06/05/2009|00:34] C:\Users\alain\AppData\Local\Google
[04/12/2008|18:00] C:\Users\alain\AppData\Local\Historique
[10/05/2009|14:27] C:\Users\alain\AppData\Local\IconCache.db
[03/05/2009|18:12] C:\Users\alain\AppData\Local\IM
[07/03/2009|21:47] C:\Users\alain\AppData\Local\Microsoft
[07/01/2009|10:19] C:\Users\alain\AppData\Local\Microsoft Games
[26/12/2008|23:27] C:\Users\alain\AppData\Local\Microsoft Help
[25/12/2008|01:00] C:\Users\alain\AppData\Local\MigWiz
[26/12/2008|02:05] C:\Users\alain\AppData\Local\Moodysoft
[25/12/2008|03:12] C:\Users\alain\AppData\Local\Mozilla
[05/05/2009|17:19] C:\Users\alain\AppData\Local\Nikon
[23/04/2009|18:30] C:\Users\alain\AppData\Local\Pando
[11/05/2009|02:20] C:\Users\alain\AppData\Local\PlayMovie
[11/05/2009|02:20] C:\Users\alain\AppData\Local\PokerStars
[11/05/2009|02:20] C:\Users\alain\AppData\Local\PokerStars.NET
[11/05/2009|02:20] C:\Users\alain\AppData\Local\PowerCinema
[11/05/2009|02:20] C:\Users\alain\AppData\Local\SoftDMA
[10/05/2009|20:53] C:\Users\alain\AppData\Local\Temp
[04/12/2008|18:00] C:\Users\alain\AppData\Local\Temporary Internet Files
[03/05/2009|19:07] C:\Users\alain\AppData\Local\Thunderbird
[25/12/2008|13:43] C:\Users\alain\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[07/05/2009 16:58][--a------] C:\Windows\tasks\Ad-Aware Update (Weekly).job
[10/05/2009 16:28][--a------] C:\Windows\tasks\GoogleUpdateTaskMachine.job
[10/05/2009 16:31][--a------] C:\Windows\tasks\Google Software Updater.job
[10/05/2009 16:28][--ah-----] C:\Windows\tasks\SA.DAT
[08/05/2009 09:01][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[25/07/2008|15:22] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[01/01/2009|22:09] C:\ProgramData\Adobe
[02/11/2006|15:02] C:\ProgramData\Application Data
[11/10/2008|02:54] C:\ProgramData\ArcadeDeluxe2.log
[27/04/2009|15:53] C:\ProgramData\Avira
[04/12/2008|17:56] C:\ProgramData\Bureau
[07/04/2009|10:58] C:\ProgramData\CyberLink
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[25/12/2008|04:35] C:\ProgramData\eMule
[05/05/2009|17:27] C:\ProgramData\EnterNHelp
[25/12/2008|01:49] C:\ProgramData\eSobi
[04/12/2008|17:56] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[11/05/2009|02:20] C:\ProgramData\FLEXnet
[25/07/2008|15:05] C:\ProgramData\FloodLightGames
[25/12/2008|01:17] C:\ProgramData\Google
[10/05/2009|16:31] C:\ProgramData\Google Updater
[03/05/2009|18:11] C:\ProgramData\IM
[03/05/2009|18:09] C:\ProgramData\IncrediMail
[07/01/2009|20:26] C:\ProgramData\KONAMI
[27/04/2009|13:04] C:\ProgramData\Lavasoft
[27/04/2009|14:18] C:\ProgramData\ma-config.com
[27/04/2009|14:23] C:\ProgramData\Malwarebytes
[05/03/2009|11:14] C:\ProgramData\McAfee
[04/12/2008|17:56] C:\ProgramData\Menu D‚marrer
[07/05/2009|03:40] C:\ProgramData\Messenger Plus!
[14/03/2009|00:59] C:\ProgramData\Microsoft
[04/05/2009|03:01] C:\ProgramData\Microsoft Help
[04/12/2008|17:56] C:\ProgramData\ModŠles
[29/03/2009|15:28] C:\ProgramData\Motive
[02/02/2009|19:43] C:\ProgramData\NCH Software
[02/02/2009|19:41] C:\ProgramData\NCH Swift Sound
[05/05/2009|17:28] C:\ProgramData\Nikon
[25/12/2008|16:00] C:\ProgramData\NOS
[25/12/2008|19:52] C:\ProgramData\ntuser.pol
[11/10/2008|03:05] C:\ProgramData\NVIDIA
[10/05/2009|16:29] C:\ProgramData\nvModes.001
[09/05/2009|23:31] C:\ProgramData\nvModes.dat
[07/05/2009|18:31] C:\ProgramData\PKP_DLbx.DAT
[07/05/2009|18:06] C:\ProgramData\PKP_DLdu.DAT
[05/05/2009|17:27] C:\ProgramData\Pop Kit
[05/05/2009|17:27] C:\ProgramData\Profiles
[26/12/2008|11:10] C:\ProgramData\SiteAdvisor
[29/03/2009|17:46] C:\ProgramData\Sports Interactive
[02/11/2006|15:02] C:\ProgramData\Start Menu
[05/05/2009|17:19] C:\ProgramData\Sync Services
[24/03/2009|10:47] C:\ProgramData\Temp
[02/11/2006|15:02] C:\ProgramData\Templates
[11/10/2008|02:48] C:\ProgramData\UIB
[05/05/2009|17:27] C:\ProgramData\Ultima_T15
[05/05/2009|17:19] C:\ProgramData\Widgets
[02/01/2009|18:29] C:\ProgramData\WindowsSearch
[25/12/2008|02:39] C:\ProgramData\WLInstaller

--------------------\\ Listing des dossiers dans C:\Program Files

[25/12/2008|01:35] C:\Program Files\Acer
[11/10/2008|02:54] C:\Program Files\Acer Arcade Deluxe
[25/12/2008|01:52] C:\Program Files\Acer GameZone
[11/10/2008|02:39] C:\Program Files\Acer Inc
[11/10/2008|03:01] C:\Program Files\Acer Incorporated
[25/07/2008|15:22] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[15/02/2009|22:18] C:\Program Files\Adobe
[25/12/2008|02:56] C:\Program Files\Adobe1
[26/12/2008|11:52] C:\Program Files\Alcohol Soft
[14/03/2009|00:50] C:\Program Files\Alwil Software
[19/04/2009|04:30] C:\Program Files\Audacity
[27/04/2009|15:53] C:\Program Files\Avira
[25/12/2008|20:08] C:\Program Files\AviSynth 2.5
[27/12/2008|16:39] C:\Program Files\CamStudio
[29/03/2009|15:27] C:\Program Files\Club-Internet
[05/05/2009|17:28] C:\Program Files\Common Files
[25/07/2008|14:42] C:\Program Files\CONEXANT
[25/07/2008|15:18] C:\Program Files\Convesoft
[25/12/2008|01:59] C:\Program Files\Cyberlink
[27/04/2009|14:17] C:\Program Files\DivX
[25/12/2008|16:37] C:\Program Files\eMule
[09/02/2009|00:27] C:\Program Files\Eraser
[25/12/2008|20:06] C:\Program Files\eRightSoft
[04/12/2008|17:56] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[07/02/2009|19:09] C:\Program Files\FileZilla FTP Client
[29/12/2008|19:03] C:\Program Files\GetData
[30/03/2009|23:52] C:\Program Files\Google
[29/04/2009|17:01] C:\Program Files\Holdem Indicator
[03/05/2009|18:52] C:\Program Files\IncrediMail
[08/05/2009|09:02] C:\Program Files\InstallShield Installation Information
[25/07/2008|14:38] C:\Program Files\Intel
[22/01/2009|23:04] C:\Program Files\Internet Download Manager
[16/04/2009|03:10] C:\Program Files\Internet Explorer
[18/02/2009|14:13] C:\Program Files\Intuisphere
[28/03/2009|12:35] C:\Program Files\Java
[07/01/2009|20:18] C:\Program Files\KONAMI
[25/12/2008|02:18] C:\Program Files\Launch Manager
[27/04/2009|13:04] C:\Program Files\Lavasoft
[27/04/2009|14:18] C:\Program Files\ma-config.com
[10/05/2009|19:28] C:\Program Files\Malwarebytes' Anti-Malware
[05/03/2009|21:16] C:\Program Files\Messenger Plus! Live
[01/03/2009|22:05] C:\Program Files\Microsoft
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[26/12/2008|23:33] C:\Program Files\Microsoft Office
[26/12/2008|23:33] C:\Program Files\Microsoft Visual Studio
[26/12/2008|23:28] C:\Program Files\Microsoft Visual Studio 8
[26/12/2008|23:34] C:\Program Files\Microsoft Works
[26/12/2008|23:32] C:\Program Files\Microsoft.NET
[26/12/2008|02:05] C:\Program Files\Moodysoft
[21/01/2008|04:35] C:\Program Files\Movie Maker
[10/05/2009|16:34] C:\Program Files\Mozilla Firefox
[04/05/2009|18:59] C:\Program Files\Mozilla Thunderbird
[26/12/2008|23:33] C:\Program Files\MSBuild
[25/12/2008|22:59] C:\Program Files\MSXML 4.0
[02/02/2009|19:50] C:\Program Files\NCH Software
[25/07/2008|15:16] C:\Program Files\NewTech Infosystems
[05/05/2009|17:28] C:\Program Files\Nikon
[25/12/2008|04:43] C:\Program Files\NOS
[03/03/2009|01:25] C:\Program Files\Oberon Media
[23/04/2009|18:30] C:\Program Files\Pando Networks
[04/01/2009|18:15] C:\Program Files\Pcsx2_0.9.4
[25/12/2008|16:36] C:\Program Files\PDFCreator
[29/04/2009|16:59] C:\Program Files\Pokerbility
[23/04/2009|23:45] C:\Program Files\PokerStars
[29/12/2008|19:56] C:\Program Files\PSCS2Updater
[25/07/2008|14:40] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[29/03/2009|14:29] C:\Program Files\SFR
[26/12/2008|20:58] C:\Program Files\SiteAdvisor
[16/04/2009|18:48] C:\Program Files\SopCast
[03/01/2009|11:46] C:\Program Files\Sports Interactive
[25/07/2008|14:44] C:\Program Files\Synaptics
[29/04/2009|17:01] C:\Program Files\Tournament Indicator
[08/05/2009|10:33] C:\Program Files\Trend Micro
[31/01/2009|20:37] C:\Program Files\TVAnts
[25/12/2008|19:57] C:\Program Files\UDPixel
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[04/01/2009|18:12] C:\Program Files\uTorrent
[15/03/2009|21:50] C:\Program Files\Veetle
[25/12/2008|03:05] C:\Program Files\VideoLAN
[25/12/2008|19:22] C:\Program Files\VSO
[08/05/2009|19:40] C:\Program Files\WebCamSplitter Pro
[25/07/2008|14:44] C:\Program Files\Winbond Electronics Corporation
[21/01/2008|04:35] C:\Program Files\Windows Calendar
[21/01/2008|04:35] C:\Program Files\Windows Collaboration
[21/01/2008|04:35] C:\Program Files\Windows Defender
[21/01/2008|04:35] C:\Program Files\Windows Journal
[01/03/2009|22:04] C:\Program Files\Windows Live
[11/05/2009|02:20] C:\Program Files\Windows Live Safety Center
[01/03/2009|22:05] C:\Program Files\Windows Live SkyDrive
[16/04/2009|03:10] C:\Program Files\Windows Mail
[12/03/2009|04:06] C:\Program Files\Windows Media Player
[04/12/2008|17:56] C:\Program Files\Windows NT
[21/01/2008|04:35] C:\Program Files\Windows Photo Gallery
[21/01/2008|04:35] C:\Program Files\Windows Sidebar
[25/12/2008|19:47] C:\Program Files\WinRAR
[01/04/2009|00:50] C:\Program Files\Xilisoft
[03/01/2009|11:51] C:\Program Files\Zero G Registry

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[01/01/2009|22:49] C:\Program Files\Common Files\Adobe
[26/12/2008|23:33] C:\Program Files\Common Files\DESIGNER
[05/05/2009|17:15] C:\Program Files\Common Files\InstallShield
[25/07/2008|15:16] C:\Program Files\Common Files\LightScribe
[31/12/2008|14:15] C:\Program Files\Common Files\Macrovision Shared
[01/03/2009|22:05] C:\Program Files\Common Files\microsoft shared
[05/05/2009|17:28] C:\Program Files\Common Files\muvee Technologies
[05/05/2009|17:29] C:\Program Files\Common Files\Nikon
[27/04/2009|14:17] C:\Program Files\Common Files\PX Storage Engine
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[11/10/2008|02:49] C:\Program Files\Common Files\SPBA
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[25/12/2008|01:40] C:\Program Files\Common Files\SWF Studio
[26/12/2008|23:28] C:\Program Files\Common Files\System
[01/03/2009|21:59] C:\Program Files\Common Files\Windows Live
[25/12/2008|02:44] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 85 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Users\alain\AppData\Local\Temp\nsb764.tmp
C:\Users\alain\AppData\Local\Temp\nsfF5E2.tmp
C:\Users\alain\AppData\Local\Temp\nsiC4E3.tmp
C:\Users\alain\AppData\Local\Temp\nsk3741.tmp
C:\Users\alain\AppData\Local\Temp\nslF768.tmp
C:\Users\alain\AppData\Local\Temp\nsm6E19.tmp
C:\Users\alain\AppData\Local\Temp\nsr425C.tmp

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-10 20:56:07
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\Windows\System32\
please note that you need administrator rights to perform deep scan

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:416][D:157]-> C:\Users\alain\AppData\Local\Temp
[F:18][D:1]-> C:\Users\alain\AppData\Roaming\MICROS~1\Windows\Cookies
[F:139][D:9]-> C:\Users\alain\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:347][D:13]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 10/05/2009|20:57 - Option : [1]

--------------------\\ Fin du rapport a 20:57:17
[ UAC => 1 ]
0
Utilisateur anonyme
10 mai 2009 à 21:42
double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option "Suppression + Hosts"
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
0
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz )
BIOS : ZK2 v0.3121 3A21
USER : alain ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:144 Go (Free:78 Go)
D:\ (Local Disk) - NTFS - Total:140 Go (Free:62 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB) - FAT32 - Total:3868 Mo (Free:3 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 10/05/2009|22:02 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\Users\alain\AppData\Local\Temp\nsb764.tmp
Supprime! - C:\Users\alain\AppData\Local\Temp\nsfF5E2.tmp
Supprime! - C:\Users\alain\AppData\Local\Temp\nsiC4E3.tmp
Supprime! - C:\Users\alain\AppData\Local\Temp\nsk3741.tmp
Supprime! - C:\Users\alain\AppData\Local\Temp\nslF768.tmp
Supprime! - C:\Users\alain\AppData\Local\Temp\nsm6E19.tmp
Supprime! - C:\Users\alain\AppData\Local\Temp\nsr425C.tmp
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans Local

[11/05/2009|02:20] C:\Users\alain\AppData\Local\{02D6B647-B652-4FF2-875E-268CD3382FB2}
[25/12/2008|01:41] C:\Users\alain\AppData\Local\Acer Arcade Deluxe
[12/01/2009|18:56] C:\Users\alain\AppData\Local\Adobe
[04/12/2008|18:00] C:\Users\alain\AppData\Local\Application Data
[25/12/2008|01:41] C:\Users\alain\AppData\Local\CyberLink
[08/04/2009|10:45] C:\Users\alain\AppData\Local\d3d9caps.dat
[07/05/2009|22:22] C:\Users\alain\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[25/12/2008|03:04] C:\Users\alain\AppData\Local\eMule
[06/05/2009|00:34] C:\Users\alain\AppData\Local\Google
[04/12/2008|18:00] C:\Users\alain\AppData\Local\Historique
[10/05/2009|14:27] C:\Users\alain\AppData\Local\IconCache.db
[03/05/2009|18:12] C:\Users\alain\AppData\Local\IM
[07/03/2009|21:47] C:\Users\alain\AppData\Local\Microsoft
[07/01/2009|10:19] C:\Users\alain\AppData\Local\Microsoft Games
[26/12/2008|23:27] C:\Users\alain\AppData\Local\Microsoft Help
[25/12/2008|01:00] C:\Users\alain\AppData\Local\MigWiz
[26/12/2008|02:05] C:\Users\alain\AppData\Local\Moodysoft
[25/12/2008|03:12] C:\Users\alain\AppData\Local\Mozilla
[05/05/2009|17:19] C:\Users\alain\AppData\Local\Nikon
[23/04/2009|18:30] C:\Users\alain\AppData\Local\Pando
[11/05/2009|02:20] C:\Users\alain\AppData\Local\PlayMovie
[11/05/2009|02:20] C:\Users\alain\AppData\Local\PokerStars
[11/05/2009|02:20] C:\Users\alain\AppData\Local\PokerStars.NET
[11/05/2009|02:20] C:\Users\alain\AppData\Local\PowerCinema
[11/05/2009|02:20] C:\Users\alain\AppData\Local\SoftDMA
[10/05/2009|22:02] C:\Users\alain\AppData\Local\Temp
[04/12/2008|18:00] C:\Users\alain\AppData\Local\Temporary Internet Files
[03/05/2009|19:07] C:\Users\alain\AppData\Local\Thunderbird
[25/12/2008|13:43] C:\Users\alain\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[07/05/2009 16:58][--a------] C:\Windows\tasks\Ad-Aware Update (Weekly).job
[10/05/2009 16:28][--a------] C:\Windows\tasks\GoogleUpdateTaskMachine.job
[10/05/2009 16:31][--a------] C:\Windows\tasks\Google Software Updater.job
[10/05/2009 16:28][--ah-----] C:\Windows\tasks\SA.DAT
[08/05/2009 09:01][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[25/07/2008|15:22] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[01/01/2009|22:09] C:\ProgramData\Adobe
[02/11/2006|15:02] C:\ProgramData\Application Data
[11/10/2008|02:54] C:\ProgramData\ArcadeDeluxe2.log
[27/04/2009|15:53] C:\ProgramData\Avira
[04/12/2008|17:56] C:\ProgramData\Bureau
[07/04/2009|10:58] C:\ProgramData\CyberLink
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[25/12/2008|04:35] C:\ProgramData\eMule
[05/05/2009|17:27] C:\ProgramData\EnterNHelp
[25/12/2008|01:49] C:\ProgramData\eSobi
[04/12/2008|17:56] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[11/05/2009|02:20] C:\ProgramData\FLEXnet
[25/07/2008|15:05] C:\ProgramData\FloodLightGames
[25/12/2008|01:17] C:\ProgramData\Google
[10/05/2009|16:31] C:\ProgramData\Google Updater
[03/05/2009|18:11] C:\ProgramData\IM
[03/05/2009|18:09] C:\ProgramData\IncrediMail
[07/01/2009|20:26] C:\ProgramData\KONAMI
[27/04/2009|13:04] C:\ProgramData\Lavasoft
[27/04/2009|14:18] C:\ProgramData\ma-config.com
[27/04/2009|14:23] C:\ProgramData\Malwarebytes
[05/03/2009|11:14] C:\ProgramData\McAfee
[04/12/2008|17:56] C:\ProgramData\Menu D‚marrer
[07/05/2009|03:40] C:\ProgramData\Messenger Plus!
[14/03/2009|00:59] C:\ProgramData\Microsoft
[04/05/2009|03:01] C:\ProgramData\Microsoft Help
[04/12/2008|17:56] C:\ProgramData\ModŠles
[29/03/2009|15:28] C:\ProgramData\Motive
[02/02/2009|19:43] C:\ProgramData\NCH Software
[02/02/2009|19:41] C:\ProgramData\NCH Swift Sound
[05/05/2009|17:28] C:\ProgramData\Nikon
[25/12/2008|16:00] C:\ProgramData\NOS
[25/12/2008|19:52] C:\ProgramData\ntuser.pol
[11/10/2008|03:05] C:\ProgramData\NVIDIA
[10/05/2009|16:29] C:\ProgramData\nvModes.001
[09/05/2009|23:31] C:\ProgramData\nvModes.dat
[07/05/2009|18:31] C:\ProgramData\PKP_DLbx.DAT
[07/05/2009|18:06] C:\ProgramData\PKP_DLdu.DAT
[05/05/2009|17:27] C:\ProgramData\Pop Kit
[05/05/2009|17:27] C:\ProgramData\Profiles
[26/12/2008|11:10] C:\ProgramData\SiteAdvisor
[29/03/2009|17:46] C:\ProgramData\Sports Interactive
[02/11/2006|15:02] C:\ProgramData\Start Menu
[05/05/2009|17:19] C:\ProgramData\Sync Services
[24/03/2009|10:47] C:\ProgramData\Temp
[02/11/2006|15:02] C:\ProgramData\Templates
[11/10/2008|02:48] C:\ProgramData\UIB
[05/05/2009|17:27] C:\ProgramData\Ultima_T15
[05/05/2009|17:19] C:\ProgramData\Widgets
[02/01/2009|18:29] C:\ProgramData\WindowsSearch
[25/12/2008|02:39] C:\ProgramData\WLInstaller

--------------------\\ Listing des dossiers dans C:\Program Files

[25/12/2008|01:35] C:\Program Files\Acer
[11/10/2008|02:54] C:\Program Files\Acer Arcade Deluxe
[25/12/2008|01:52] C:\Program Files\Acer GameZone
[11/10/2008|02:39] C:\Program Files\Acer Inc
[11/10/2008|03:01] C:\Program Files\Acer Incorporated
[25/07/2008|15:22] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[15/02/2009|22:18] C:\Program Files\Adobe
[25/12/2008|02:56] C:\Program Files\Adobe1
[26/12/2008|11:52] C:\Program Files\Alcohol Soft
[14/03/2009|00:50] C:\Program Files\Alwil Software
[19/04/2009|04:30] C:\Program Files\Audacity
[27/04/2009|15:53] C:\Program Files\Avira
[25/12/2008|20:08] C:\Program Files\AviSynth 2.5
[27/12/2008|16:39] C:\Program Files\CamStudio
[29/03/2009|15:27] C:\Program Files\Club-Internet
[05/05/2009|17:28] C:\Program Files\Common Files
[25/07/2008|14:42] C:\Program Files\CONEXANT
[25/07/2008|15:18] C:\Program Files\Convesoft
[25/12/2008|01:59] C:\Program Files\Cyberlink
[27/04/2009|14:17] C:\Program Files\DivX
[25/12/2008|16:37] C:\Program Files\eMule
[09/02/2009|00:27] C:\Program Files\Eraser
[25/12/2008|20:06] C:\Program Files\eRightSoft
[04/12/2008|17:56] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[07/02/2009|19:09] C:\Program Files\FileZilla FTP Client
[29/12/2008|19:03] C:\Program Files\GetData
[30/03/2009|23:52] C:\Program Files\Google
[29/04/2009|17:01] C:\Program Files\Holdem Indicator
[03/05/2009|18:52] C:\Program Files\IncrediMail
[08/05/2009|09:02] C:\Program Files\InstallShield Installation Information
[25/07/2008|14:38] C:\Program Files\Intel
[22/01/2009|23:04] C:\Program Files\Internet Download Manager
[16/04/2009|03:10] C:\Program Files\Internet Explorer
[18/02/2009|14:13] C:\Program Files\Intuisphere
[28/03/2009|12:35] C:\Program Files\Java
[07/01/2009|20:18] C:\Program Files\KONAMI
[25/12/2008|02:18] C:\Program Files\Launch Manager
[27/04/2009|13:04] C:\Program Files\Lavasoft
[27/04/2009|14:18] C:\Program Files\ma-config.com
[10/05/2009|19:28] C:\Program Files\Malwarebytes' Anti-Malware
[05/03/2009|21:16] C:\Program Files\Messenger Plus! Live
[01/03/2009|22:05] C:\Program Files\Microsoft
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[26/12/2008|23:33] C:\Program Files\Microsoft Office
[26/12/2008|23:33] C:\Program Files\Microsoft Visual Studio
[26/12/2008|23:28] C:\Program Files\Microsoft Visual Studio 8
[26/12/2008|23:34] C:\Program Files\Microsoft Works
[26/12/2008|23:32] C:\Program Files\Microsoft.NET
[26/12/2008|02:05] C:\Program Files\Moodysoft
[21/01/2008|04:35] C:\Program Files\Movie Maker
[10/05/2009|16:34] C:\Program Files\Mozilla Firefox
[04/05/2009|18:59] C:\Program Files\Mozilla Thunderbird
[26/12/2008|23:33] C:\Program Files\MSBuild
[25/12/2008|22:59] C:\Program Files\MSXML 4.0
[02/02/2009|19:50] C:\Program Files\NCH Software
[25/07/2008|15:16] C:\Program Files\NewTech Infosystems
[05/05/2009|17:28] C:\Program Files\Nikon
[25/12/2008|04:43] C:\Program Files\NOS
[03/03/2009|01:25] C:\Program Files\Oberon Media
[23/04/2009|18:30] C:\Program Files\Pando Networks
[04/01/2009|18:15] C:\Program Files\Pcsx2_0.9.4
[25/12/2008|16:36] C:\Program Files\PDFCreator
[29/04/2009|16:59] C:\Program Files\Pokerbility
[23/04/2009|23:45] C:\Program Files\PokerStars
[29/12/2008|19:56] C:\Program Files\PSCS2Updater
[25/07/2008|14:40] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[29/03/2009|14:29] C:\Program Files\SFR
[26/12/2008|20:58] C:\Program Files\SiteAdvisor
[16/04/2009|18:48] C:\Program Files\SopCast
[03/01/2009|11:46] C:\Program Files\Sports Interactive
[25/07/2008|14:44] C:\Program Files\Synaptics
[29/04/2009|17:01] C:\Program Files\Tournament Indicator
[08/05/2009|10:33] C:\Program Files\Trend Micro
[31/01/2009|20:37] C:\Program Files\TVAnts
[25/12/2008|19:57] C:\Program Files\UDPixel
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[04/01/2009|18:12] C:\Program Files\uTorrent
[15/03/2009|21:50] C:\Program Files\Veetle
[25/12/2008|03:05] C:\Program Files\VideoLAN
[25/12/2008|19:22] C:\Program Files\VSO
[08/05/2009|19:40] C:\Program Files\WebCamSplitter Pro
[25/07/2008|14:44] C:\Program Files\Winbond Electronics Corporation
[21/01/2008|04:35] C:\Program Files\Windows Calendar
[21/01/2008|04:35] C:\Program Files\Windows Collaboration
[21/01/2008|04:35] C:\Program Files\Windows Defender
[21/01/2008|04:35] C:\Program Files\Windows Journal
[01/03/2009|22:04] C:\Program Files\Windows Live
[11/05/2009|02:20] C:\Program Files\Windows Live Safety Center
[01/03/2009|22:05] C:\Program Files\Windows Live SkyDrive
[16/04/2009|03:10] C:\Program Files\Windows Mail
[12/03/2009|04:06] C:\Program Files\Windows Media Player
[04/12/2008|17:56] C:\Program Files\Windows NT
[21/01/2008|04:35] C:\Program Files\Windows Photo Gallery
[21/01/2008|04:35] C:\Program Files\Windows Sidebar
[25/12/2008|19:47] C:\Program Files\WinRAR
[01/04/2009|00:50] C:\Program Files\Xilisoft
[03/01/2009|11:51] C:\Program Files\Zero G Registry

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[01/01/2009|22:49] C:\Program Files\Common Files\Adobe
[26/12/2008|23:33] C:\Program Files\Common Files\DESIGNER
[05/05/2009|17:15] C:\Program Files\Common Files\InstallShield
[25/07/2008|15:16] C:\Program Files\Common Files\LightScribe
[31/12/2008|14:15] C:\Program Files\Common Files\Macrovision Shared
[01/03/2009|22:05] C:\Program Files\Common Files\microsoft shared
[05/05/2009|17:28] C:\Program Files\Common Files\muvee Technologies
[05/05/2009|17:29] C:\Program Files\Common Files\Nikon
[27/04/2009|14:17] C:\Program Files\Common Files\PX Storage Engine
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[11/10/2008|02:49] C:\Program Files\Common Files\SPBA
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[25/12/2008|01:40] C:\Program Files\Common Files\SWF Studio
[26/12/2008|23:28] C:\Program Files\Common Files\System
[01/03/2009|21:59] C:\Program Files\Common Files\Windows Live
[25/12/2008|02:44] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 84 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-10 22:03:22
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\Windows\System32\
please note that you need administrator rights to perform deep scan

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:412][D:151]-> C:\Users\alain\AppData\Local\Temp
[F:18][D:1]-> C:\Users\alain\AppData\Roaming\MICROS~1\Windows\Cookies
[F:140][D:9]-> C:\Users\alain\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:347][D:13]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 10/05/2009|20:57 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 10/05/2009|22:04 - Option : [2]

--------------------\\ Fin du rapport a 22:04:01
[ UAC => 1 ]
0
Utilisateur anonyme
10 mai 2009 à 22:18
-> Scan BitDefender

Fais une analyse antivirus en ligne sur BitDefender on line avec Internet Explorer

* Clique en bas à gauche sur Scan on line.
* Accepte la licence et laisse-le installer l'Active x..
* Laisse-toi guider. Colle son rapport ici.


Aide
0
Je ne peux toujours pas ouvrir Internet Explorer...
0
Utilisateur anonyme
10 mai 2009 à 22:29
essaie de faire ceci :

Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
- Coche Afficher les fichiers et dossiers cachés
- Décoche Masquer les extensions des fichiers dont le type est connu
- Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
clique sur Appliquer, puis OK.

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

* Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier :

C:\Program Files\Internet Explorer\iexplore.exe

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
0
Fichier iexplore.exe reçu le 2009.05.10 22:34:34 (CET)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.10 -
AhnLab-V3 5.0.0.2 2009.05.09 -
AntiVir 7.9.0.166 2009.05.10 -
Antiy-AVL 2.0.3.1 2009.05.08 -
Authentium 5.1.2.4 2009.05.09 -
Avast 4.8.1335.0 2009.05.10 -
BitDefender 7.2 2009.05.10 -
CAT-QuickHeal 10.00 2009.05.09 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.10 -
eTrust-Vet 31.6.6497 2009.05.08 -
F-Prot 4.4.4.56 2009.05.09 -
GData 19 2009.05.10 -
Ikarus T3.1.1.49.0 2009.05.10 -
K7AntiVirus 7.10.729 2009.05.08 -
Kaspersky 7.0.0.125 2009.05.10 -
McAfee 5611 2009.05.10 -
McAfee+Artemis 5611 2009.05.10 -
Microsoft 1.4602 2009.05.10 -
NOD32 4063 2009.05.08 -
Norman 6.01.05 2009.05.08 -
nProtect 2009.1.8.0 2009.05.10 -
Panda 10.0.0.14 2009.05.10 -
Prevx 3.0 2009.05.10 -
Rising 21.28.62.00 2009.05.10 -
Sophos 4.41.0 2009.05.10 -
Sunbelt 3.2.1858.2 2009.05.09 -
Symantec 1.4.4.12 2009.05.10 -
TheHacker 6.3.4.1.324 2009.05.09 -
TrendMicro 8.950.0.1092 2009.05.08 -
ViRobot 2009.5.9.1727 2009.05.09 -
VirusBuster 4.6.5.0 2009.05.10 -
Information additionnelle
File size: 636072 bytes
MD5...: 9e6c1527d9a2c64bfd780aa23075380f
SHA1..: c4e18a4b7bd9467472951bf405fe75145f781332
SHA256: 42334132c98173002d6d888529811dd0595f26b1e3c1afee998bb9de81bce95f
SHA512: d0ac393a7aeaa6c81f8651aa007afa5f621232ed61e341fcba0f383bbf6c4f5d<br>cd64de480945b825fb1425bb7b3f2866d6256d2d43d22202903475a0f5d0a4c3
ssdeep: 12288:ibX+pd167QhE0s7+jM+M6ugRfMMkIM7tX+pd167QhE0S7+LI:UE6Ehg7mM<br>+M6RkMkIM7tE6Ehm7r<br>
PEiD..: -
TrID..: File type identification<br>Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x30dd<br>timedatestamp.....: 0x49ac95d6 (Tue Mar 03 02:28:38 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xeea5 0xf000 5.87 e22b43517f36340bc1de8605db6019bb<br>.data 0x10000 0x1020 0xe00 1.82 7e1c58dc94b91b164795ed38c51da1d0<br>.rsrc 0x12000 0x883e0 0x88400 6.87 14e29232fdc8378dad2b7403a84d875b<br>.reloc 0x9b000 0xdd0 0xe00 6.47 b2c707685292072544e6aa47ed4f54df<br><br>( 12 imports ) <br>> ADVAPI32.dll: RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegEnumValueW, RegEnumKeyW, RegSetValueExW, RegCreateKeyExW, RegDeleteValueW, RegDeleteKeyW, RegQueryInfoKeyW, RegQueryValueW<br>> KERNEL32.dll: InitializeCriticalSection, SetErrorMode, HeapSetInformation, SetUnhandledExceptionFilter, DeleteCriticalSection, GetCommandLineW, LocalAlloc, ExpandEnvironmentStringsW, LocalFree, CreateMutexW, GetLastError, RaiseException, LoadLibraryA, WaitForSingleObjectEx, CreateFileMappingW, GetLongPathNameW, GetFileAttributesExW, CompareFileTime, lstrcmpW, LoadLibraryW, InitializeCriticalSectionAndSpinCount, GetCurrentDirectoryW, WaitForSingleObject, GetSystemDefaultLCID, GetUserDefaultLCID, EnterCriticalSection, LeaveCriticalSection, SearchPathW, FindResourceW, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, FreeLibrary, GetLocaleInfoW, CreateFileW, LoadLibraryExW, FindResourceExW, LoadResource, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, OutputDebugStringA, GetStartupInfoW, InterlockedCompareExchange, Sleep, InterlockedExchange, MapViewOfFile, GetCurrentProcessId, OpenProcess, CreateEventW, GetCurrentThreadId, CreateProcessW, WaitForMultipleObjects, UnmapViewOfFile, lstrlenW, GetModuleHandleW, GetProcAddress, SetDllDirectoryW, SetLastError, CloseHandle, ReleaseMutex, GetVersionExW, GetModuleFileNameW, CompareStringW<br>> GDI32.dll: CreateFontIndirectW, GetObjectW, DeleteObject<br>> USER32.dll: SendMessageW, CharNextW, CharUpperW, GetUserObjectInformationW, GetThreadDesktop, DialogBoxParamW, IsDlgButtonChecked, EnableWindow, EndDialog, SetDlgItemTextW, GetDlgItem, LoadStringW, MessageBoxW, AllowSetForegroundWindow, SendDlgItemMessageW, GetParent<br>> msvcrt.dll: __wgetmainargs, _cexit, _exit, _XcptFilter, exit, _wcmdln, _initterm, _amsg_exit, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, memcpy, memmove, _terminate@@YAXXZ, _controlfp, _unlock, _lock, _onexit, _errno, __2@YAPAXI@Z, __3@YAXPAX@Z, wcsstr, memset, wcsncmp, _vsnwprintf, _wcsicmp, _wcsnicmp, bsearch, _wtoi, wcschr, __dllonexit<br>> ntdll.dll: RtlUnwind<br>> SHLWAPI.dll: -, -, PathRemoveFileSpecW, PathAppendW, PathQuoteSpacesW, SHGetValueW, StrStrW, UrlApplySchemeW, UrlCreateFromPathW, PathCombineW, UrlCanonicalizeW, -, PathIsURLW, PathAddBackslashW, -, SHEnumValueW, SHQueryValueExW, -, SHRegGetValueW, SHSetValueW, StrToIntExW, SHDeleteKeyW, PathUnquoteSpacesW, PathFindFileNameW<br>> SHELL32.dll: -, CommandLineToArgvW<br>> ole32.dll: CoInitialize, CoTaskMemFree, CoUninitialize, CoTaskMemAlloc, CoCreateInstance, StringFromGUID2, CoGetTreatAsClass<br>> urlmon.dll: -<br>> iertutil.dll: -, -, -, -, -, -, -, -, -, -, -, -<br>> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=9e6c1527d9a2c64bfd780aa23075380f' target='_blank'>http://research.sunbelt-software.com/...

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.10 -
AhnLab-V3 5.0.0.2 2009.05.09 -
AntiVir 7.9.0.166 2009.05.10 -
Antiy-AVL 2.0.3.1 2009.05.08 -
Authentium 5.1.2.4 2009.05.09 -
Avast 4.8.1335.0 2009.05.10 -
BitDefender 7.2 2009.05.10 -
CAT-QuickHeal 10.00 2009.05.09 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.10 -
eTrust-Vet 31.6.6497 2009.05.08 -
F-Prot 4.4.4.56 2009.05.09 -
GData 19 2009.05.10 -
Ikarus T3.1.1.49.0 2009.05.10 -
K7AntiVirus 7.10.729 2009.05.08 -
Kaspersky 7.0.0.125 2009.05.10 -
McAfee 5611 2009.05.10 -
McAfee+Artemis 5611 2009.05.10 -
Microsoft 1.4602 2009.05.10 -
NOD32 4063 2009.05.08 -
Norman 6.01.05 2009.05.08 -
nProtect 2009.1.8.0 2009.05.10 -
Panda 10.0.0.14 2009.05.10 -
Prevx 3.0 2009.05.10 -
Rising 21.28.62.00 2009.05.10 -
Sophos 4.41.0 2009.05.10 -
Sunbelt 3.2.1858.2 2009.05.09 -
Symantec 1.4.4.12 2009.05.10 -
TheHacker 6.3.4.1.324 2009.05.09 -
TrendMicro 8.950.0.1092 2009.05.08 -
ViRobot 2009.5.9.1727 2009.05.09 -
VirusBuster 4.6.5.0 2009.05.10 -

Information additionnelle
File size: 636072 bytes
MD5...: 9e6c1527d9a2c64bfd780aa23075380f
SHA1..: c4e18a4b7bd9467472951bf405fe75145f781332
SHA256: 42334132c98173002d6d888529811dd0595f26b1e3c1afee998bb9de81bce95f
SHA512: d0ac393a7aeaa6c81f8651aa007afa5f621232ed61e341fcba0f383bbf6c4f5d<br>cd64de480945b825fb1425bb7b3f2866d6256d2d43d22202903475a0f5d0a4c3
ssdeep: 12288:ibX+pd167QhE0s7+jM+M6ugRfMMkIM7tX+pd167QhE0S7+LI:UE6Ehg7mM<br>+M6RkMkIM7tE6Ehm7r<br>
PEiD..: -
TrID..: File type identification<br>Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x30dd<br>timedatestamp.....: 0x49ac95d6 (Tue Mar 03 02:28:38 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xeea5 0xf000 5.87 e22b43517f36340bc1de8605db6019bb<br>.data 0x10000 0x1020 0xe00 1.82 7e1c58dc94b91b164795ed38c51da1d0<br>.rsrc 0x12000 0x883e0 0x88400 6.87 14e29232fdc8378dad2b7403a84d875b<br>.reloc 0x9b000 0xdd0 0xe00 6.47 b2c707685292072544e6aa47ed4f54df<br><br>( 12 imports ) <br>> ADVAPI32.dll: RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegEnumValueW, RegEnumKeyW, RegSetValueExW, RegCreateKeyExW, RegDeleteValueW, RegDeleteKeyW, RegQueryInfoKeyW, RegQueryValueW<br>> KERNEL32.dll: InitializeCriticalSection, SetErrorMode, HeapSetInformation, SetUnhandledExceptionFilter, DeleteCriticalSection, GetCommandLineW, LocalAlloc, ExpandEnvironmentStringsW, LocalFree, CreateMutexW, GetLastError, RaiseException, LoadLibraryA, WaitForSingleObjectEx, CreateFileMappingW, GetLongPathNameW, GetFileAttributesExW, CompareFileTime, lstrcmpW, LoadLibraryW, InitializeCriticalSectionAndSpinCount, GetCurrentDirectoryW, WaitForSingleObject, GetSystemDefaultLCID, GetUserDefaultLCID, EnterCriticalSection, LeaveCriticalSection, SearchPathW, FindResourceW, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, FreeLibrary, GetLocaleInfoW, CreateFileW, LoadLibraryExW, FindResourceExW, LoadResource, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, OutputDebugStringA, GetStartupInfoW, InterlockedCompareExchange, Sleep, InterlockedExchange, MapViewOfFile, GetCurrentProcessId, OpenProcess, CreateEventW, GetCurrentThreadId, CreateProcessW, WaitForMultipleObjects, UnmapViewOfFile, lstrlenW, GetModuleHandleW, GetProcAddress, SetDllDirectoryW, SetLastError, CloseHandle, ReleaseMutex, GetVersionExW, GetModuleFileNameW, CompareStringW<br>> GDI32.dll: CreateFontIndirectW, GetObjectW, DeleteObject<br>> USER32.dll: SendMessageW, CharNextW, CharUpperW, GetUserObjectInformationW, GetThreadDesktop, DialogBoxParamW, IsDlgButtonChecked, EnableWindow, EndDialog, SetDlgItemTextW, GetDlgItem, LoadStringW, MessageBoxW, AllowSetForegroundWindow, SendDlgItemMessageW, GetParent<br>> msvcrt.dll: __wgetmainargs, _cexit, _exit, _XcptFilter, exit, _wcmdln, _initterm, _amsg_exit, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, memcpy, memmove, _terminate@@YAXXZ, _controlfp, _unlock, _lock, _onexit, _errno, __2@YAPAXI@Z, __3@YAXPAX@Z, wcsstr, memset, wcsncmp, _vsnwprintf, _wcsicmp, _wcsnicmp, bsearch, _wtoi, wcschr, __dllonexit<br>> ntdll.dll: RtlUnwind<br>> SHLWAPI.dll: -, -, PathRemoveFileSpecW, PathAppendW, PathQuoteSpacesW, SHGetValueW, StrStrW, UrlApplySchemeW, UrlCreateFromPathW, PathCombineW, UrlCanonicalizeW, -, PathIsURLW, PathAddBackslashW, -, SHEnumValueW, SHQueryValueExW, -, SHRegGetValueW, SHSetValueW, StrToIntExW, SHDeleteKeyW, PathUnquoteSpacesW, PathFindFileNameW<br>> SHELL32.dll: -, CommandLineToArgvW<br>> ole32.dll: CoInitialize, CoTaskMemFree, CoUninitialize, CoTaskMemAlloc, CoCreateInstance, StringFromGUID2, CoGetTreatAsClass<br>> urlmon.dll: -<br>> iertutil.dll: -, -, -, -, -, -, -, -, -, -, -, -<br>> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=9e6c1527d9a2c64bfd780aa23075380f' target='_blank'>http://research.sunbelt-software.com/...
0
Utilisateur anonyme
10 mai 2009 à 22:46
dis moi exactement il ne se passe rien du tout ??

quand tu cliques sur IE ?
0
Ca se lance, la fenetre reste une seconde, et ca se ferme immédiatement.
Mozilla, pareil, et ca me met le message d'erreur disant que mozilla a du fermer.
Malwarebytes, il se lance même pas.
...
0
Je pense que je vais carrément réinstaller windows, ca va peut etre résoudre le problème...
0
Utilisateur anonyme
10 mai 2009 à 22:56
relances rsit stp
0