Bonjour, je suis infecté par le Virus Bagen Win 32 (vista recherche de solution aux problème due a un Bsod). HijackThis : fonctionne pas Eglibagla: ne supprime rien mais indique la présence d'un Srosa.sys et de hldrrr.exe Norton : fonctionne pas Avast : fonctionne pas Combo Fix: où est le rapport svp ? Gmer : trouve Srosa (HIDDEN), mais impossible de désactiver ou de supprimer le service. Merci de vos prochaines réponses

slt a tous pour voir: * Téléchargez ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp * Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau. * Double-cliquez dessus pour l'ouvrir * Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\ * Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée * Cliquez sur le bouton Explorar pour lancer l'analyse (colle le rapport) ________________ colle le rapport d'un scan en ligne avec un des suivants: bitdefender en ligne : http://www.bitdefender.fr/scan_fr/scan8/ie.html Panda en ligne : http://pandasoftware.fr Kaspersky en ligne https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

Virus Srosa.Sys Bagle Gen Win 32

Réponse 201 / 247

sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
21 août 2008 à 20:23

Ok ...et C:\Infosat.txt stp ...

Réponse 202 / 247

maxouxd Messages postés 122 Date d'inscription lundi 18 août 2008 Statut Membre Dernière intervention 22 août 2008
21 août 2008 à 20:28

Ya pas. Il marche vraiment pas bien ce logiciel sur mon PC

Réponse 203 / 247

maxouxd Messages postés 122 Date d'inscription lundi 18 août 2008 Statut Membre Dernière intervention 22 août 2008
21 août 2008 à 20:29

Tout tes fichiers sont introuvables avec OAD !!

Réponse 204 / 247

sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
21 août 2008 à 20:30

passes directement à ce qui suit :

Télécharges ComboFix (par sUBs) sur ton Bureau (et pas ailleur !):
http://download.bleepingcomputer.com/sUBs/ComboFix.exe <--- clik droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix et valide .

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnectes toi,fermes tes applications en cours et DESACTIVES TOUTES TES DEFENSES (anti-virus, guardes anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :
double-cliques C-Fix.exe ( = combofix.exe ) .

Appuyes sur la touche Y (Yes) pour démarrer le scan .

Attention :
--> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
--> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisses le faire .
--> si un message d'erreur windows apparait à un momment : clik sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )

Le rapport sera crée dans: C:\Combofix.txt

Postes le rapport Combofix pour analyse et attends la suite ...

Réponse 205 / 247

maxouxd Messages postés 122 Date d'inscription lundi 18 août 2008 Statut Membre Dernière intervention 22 août 2008
21 août 2008 à 20:44

ComboFix 08-08-19.06 - Max 2008-08-21 20:32:37.9 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.993 [GMT 2:00]
Endroit: C:\Users\Max\Desktop\Jeanmi.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\drivers\downld
C:\Windows\system32\drivers\downld\134129.exe
C:\Windows\system32\drivers\downld\142241.exe
C:\Windows\system32\drivers\downld\146126.exe
C:\Windows\system32\drivers\downld\238291.exe
C:\Windows\system32\drivers\downld\259492.exe
C:\Windows\system32\drivers\downld\77204.exe
C:\Windows\system32\drivers\mdelk.exe
G:\autorun.inf
L:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-21 to 2008-08-21 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 17:34 --------- d-----w C:\Program Files\Trend Micro
2008-08-21 16:54 --------- d-----w C:\Program Files\Avira
2008-08-21 16:54 --------- d-----w C:\PROGRA~2\Avira
2008-08-21 10:41 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-20 15:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-18 11:32 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-18 07:34 --------- d-----w C:\Program Files\Sophos
2008-08-18 01:08 --------- d-----w C:\Program Files\Windows Mail
2008-08-17 23:18 --------- d-----w C:\Program Files\Microsoft Works
2008-08-17 13:01 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-08-17 13:01 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-08-16 19:51 --------- d-----w C:\Users\Max\AppData\Roaming\Malwarebytes
2008-08-16 19:51 --------- d-----w C:\PROGRA~2\Malwarebytes
2008-08-16 16:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-06 11:27 --------- d-----w C:\Program Files\Common Files\Steam
2008-08-06 08:54 --------- d-----w C:\Program Files\Microsoft Money 2005
2008-08-04 16:22 --------- d-----w C:\Users\Max\AppData\Roaming\Real Desktop
2008-07-22 09:51 --------- d-----w C:\Users\Max\AppData\Roaming\GetRightToGo
2008-07-22 09:07 --------- d-----w C:\Users\Max\AppData\Roaming\Apple Computer
2008-07-22 09:06 --------- d-----w C:\Program Files\iTunes
2008-07-22 09:06 --------- d-----w C:\Program Files\iPod
2008-07-22 09:06 --------- d-----w C:\PROGRA~2\Apple Computer
2008-07-21 19:27 --------- d-----w C:\Program Files\QuickTime
2008-07-21 19:25 --------- d-----w C:\Program Files\Apple Software Update
2008-07-21 19:24 --------- d-----w C:\Program Files\Common Files\Apple
2008-07-21 19:24 --------- d-----w C:\PROGRA~2\Apple
2008-07-10 15:05 174 --sha-w C:\Program Files\desktop.ini
2008-07-03 11:33 --------- d-----w C:\Program Files\Trials 2 Second Edition
2008-07-03 11:33 --------- d-----w C:\Program Files\OpenAL
2008-06-28 17:28 --------- d-----w C:\Program Files\Google
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:00 1232896]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-12-02 17:42 3739672]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-04-01 17:17 1271032]
"Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe" [2006-11-02 11:45 49664]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 12:39 151552]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 11:56 423424]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"V0230Mon.exe"="C:\Windows\V0230Mon.exe" [2006-09-07 02:01 32768]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 14:35 176128]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-12-02 17:42 3739672]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-03 19:07:23 528384]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3006126301-1578542936-2715256611-1001]
"EnableNotificationsRef"=dword:00000003

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3006126301-1578542936-2715256611-1003]
"EnableNotificationsRef"=dword:00000007

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{722D1D9F-5885-4D78-9DA5-2079562B23C7}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BE342372-9CEB-4827-80F2-75D04B42BCD6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E6316576-679F-4665-9D38-E34D3DFC70A6}"= C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{34B087DC-CD9D-44C6-B626-3F79DC528461}"= C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{AE078BE2-6F15-4D46-9C88-57063ADCD039}"= C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{A0645421-8520-4699-BD1C-254AAC4ACF0C}"= C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{A267EABF-3BE8-45D5-97BE-20BDC6E94454}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{B65BD99F-0C27-4848-9D05-2EF76839A98F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{63ED5734-C34C-4108-B30E-7A68A4E37CF7}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{5C9100D0-6E96-4D13-A069-91D6253E974F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{1FEA4046-16A6-4104-BBA3-4A52AC6058CA}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F21B0008-368B-464F-B72B-32C2ED450D31}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{72E5566D-93F1-447B-B55F-36D91E7CE801}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{CBB98356-FEB1-4F1D-AD20-328376C01391}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{4EA560A4-A1AD-490E-B7DC-8A5CA26B32F3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{13FCDB65-9605-496A-9376-EE958E7CE785}"= Disabled:UDP:C:\Users\Sophie\Desktop\incredimail_install.exe:IncrediMail Installer
"{06B24F33-CCFA-4591-8C2A-43D8780ED991}"= Disabled:TCP:C:\Users\Sophie\Desktop\incredimail_install.exe:IncrediMail Installer
"{3EAFD950-B855-4343-B5E6-D4EE1C5CFE80}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{0DAD94A7-6615-4A29-8E0E-5C5B489A60F8}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{0BA2B1EF-2E95-4136-9A26-66CCE3C4F8DD}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{9BD7D90E-C2C5-48D6-A0A6-B1D24AC6D299}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{C976A610-71D2-4138-9C3D-3D13A03BDDC8}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{ED7352BB-FCAF-42B9-A79B-37BBEF79A40C}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{23972178-9F29-4C36-9836-81AB27CB1B4A}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{69F65F90-AE40-409B-84D8-E82490A5C3CF}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{4B2B9988-801D-46A7-B7F7-2B5B772D2D33}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{9BC49054-781C-4BCD-B99E-2F39D931C498}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{C25FCB01-05AD-4438-8D7D-33F9F851B9E2}"= UDP:C:\Users\Max\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{1BE80DFF-11FE-4C2A-BD20-317488140744}"= TCP:C:\Users\Max\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{045C99CF-81E6-4F27-8D3E-2CE8A4C1FD42}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{70D07A8C-0B5D-49B9-9307-4A3B7AC694D9}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"TCP Query User{C3305525-5063-4753-9991-26A4E629A15F}C:\\program files\\valve\\steam\\steamapps\\cococerise\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe:hl2
"UDP Query User{7120ECFE-090D-4255-8008-E2A3FD5EDEA8}C:\\program files\\valve\\steam\\steamapps\\cococerise\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe:hl2
"{834019A6-1007-4639-AD21-2C2390734716}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{7C515A61-FD49-401B-836A-0ED2C3D00E27}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{3E5FF350-6E17-49BB-9CBD-ACF024C7B720}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7E4081CB-839A-450E-8507-B20123812CF9}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{4D7503EF-EA76-48EF-8853-F9972D9EDF5C}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{4CD403E8-C83E-41B8-A895-FCEE1A4D6CCB}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8151E3B8-D46D-4564-BEA6-6557386D5320}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{B0406940-8CA9-4E6F-9CF3-E4C13EC133EC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E14E56EE-22BE-48C4-8FE1-DD4F0B378052}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 10:03]
R2 nmsgopro;GoProto Protocol Driver for NMS;C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 17:37]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 16:49]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-11-04 03:24]
R3 V0230Vfx;V0230Vfx;C:\Windows\system32\DRIVERS\V0230Vfx.sys [2006-03-24 02:00]
R3 V0230VID;Live! Cam Video IM Pro;C:\Windows\system32\DRIVERS\V0230VID.sys [2007-08-07 02:03]
S3 IntelDHSvcConf;IntelDHSvcConf;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-11-18 07:59]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-08-04 18:28]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Acer Empowering Technology Monitor - C:\Acer\Empowering Technology\SysMonitor.exe
HKLM-Run-eDataSecurity Loader - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\1iof34ro.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 20:36:59
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\System32\PnkBstrA.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-21 20:41:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-21 18:41:48
ComboFix2.txt 2008-08-21 16:59:09

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 59,208,974,336 octets libres

217 --- E O F --- 2008-08-18 01:02:51

Réponse 206 / 247

sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
21 août 2008 à 20:55

Ok ... A ce stade là , tu vas faire 2 choses :

1- refaire un coup de FindB .

2- Double clique sur l'icone OAD pour le lancer

- nom du fichier à rechercher --->tape ou fais un copier coller de : SROSA
- Type de recherche : sélectionne l'option 6 puis valide ["entrée"]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.

Note : suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient ...

- Sauvegardes ce rapport sur ton Bureau et fais un copier / coller de celui-c dans ton prochain post.

Puis recommences avec :
Megadrv3

--> postes bien tous les rapports (même si il sont vierges ) et attends la suite ( ne reboot pas le PC ! ) ...

Réponse 207 / 247

maxouxd Messages postés 122 Date d'inscription lundi 18 août 2008 Statut Membre Dernière intervention 22 août 2008
21 août 2008 à 20:59

+- FindB mis a jours le 21/08/08 par Chiquitine29

+- Recherche de fichier bagle :

+- Recherche dans : C:\Windows\Prefetch :

C:\Windows\Prefetch\WINTEMS.EXE Absent
C:\Windows\Prefetch\MDELK.EXE Absent
C:\Windows\Prefetch\HLDRRR.EXE Absent
C:\Windows\Prefetch\FLEC006.EXE Absent
C:\Windows\Prefetch\KEYGENPATCH.EXE-????????.pf Absent
C:\Windows\Prefetch\WINTEMS.EXE-????????.pf Présent!!
C:\Windows\Prefetch\MDELK.EXE-????????.pf Présent!!
C:\Windows\Prefetch\HLDRRR.EXE-????????.pf Absent
C:\Windows\Prefetch\FLEC006.EXE-????????.pf Absent

+- Recherche dans : C:\Windows\system32 :

C:\Windows\system32\hldrrr.exe Absent
C:\Windows\system32\mdelk.exe Présent!!
C:\Windows\system32\wintems.exe Absent
C:\Windows\system32\ban_list.txt Présent!!

+- Recherche dans : C:\Windows\system32\drivers :

C:\Windows\system32\drivers\mdelk.exe Présent!!
C:\Windows\system32\drivers\srosa.sys Absent
C:\Windows\system32\drivers\hldrrr.exe Absent
C:\Windows\system32\drivers\downld Présent!!

+- Recherche dans : C:\Users\Max\AppData\Roaming :

C:\Users\Max\AppData\Roaming\m\flec006.exe Absent
C:\Users\Max\AppData\Roaming\m\list.oct Absent
C:\Users\Max\AppData\Roaming\m\data.oct Absent
C:\Users\Max\AppData\Roaming\m\srvlist.oct Absent
C:\Users\Max\AppData\Roaming\m\ Absent
C:\Users\Max\AppData\Roaming\m\shared\ Absent

+- Registre :

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
IAAnotif REG_SZ "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
Acer Empowering Technology Monitor REG_SZ C:\Acer\Empowering Technology\SysMonitor.exe
eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
CCUTRAYICON REG_SZ FactoryMode
NMSSupport REG_SZ "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
WarReg_PopUp REG_SZ C:\Acer\WR_PopUp\WarReg_PopUp.exe
Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
V0230Mon.exe REG_SZ C:\Windows\V0230Mon.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
NeroFilterCheck REG_SZ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
WPCUMI REG_SZ C:\Windows\system32\WpcUmi.exe
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Steam REG_SZ "c:\program files\valve\steam\steam.exe" -silent
Speech Recognition REG_SZ "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe

+- Recherche terminee !

+- Execute le : 21/08/2008 a 18:46:09,40

Réponse 208 / 247

maxouxd Messages postés 122 Date d'inscription lundi 18 août 2008 Statut Membre Dernière intervention 22 août 2008
21 août 2008 à 21:05

sa m'énerve, OAD marche pas regarde : https://www.casimages.com/i/080821090654247282.jpg.html

Réponse 209 / 247

maxouxd Messages postés 122 Date d'inscription lundi 18 août 2008 Statut Membre Dernière intervention 22 août 2008
21 août 2008 à 21:09

21/08/2008 ---- 21:08:48,76

----------------------------------
§§§§§§ [SROSA] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete

********************
[Registre]
********************

[HKEY_USERS\S-1-5-21-3006126301-1578542936-2715256611-1003\Software\Classes\VirtualStore\MACHINE\SOFTWARE\OTSCANIT\Files]
"C:\\WINDOWS\\SYSTEM32\\DRIVERS\\SROSA.SYS"=""

[HKEY_USERS\S-1-5-21-3006126301-1578542936-2715256611-1003_Classes\VirtualStore\MACHINE\SOFTWARE\OTSCANIT\Files]
"C:\\WINDOWS\\SYSTEM32\\DRIVERS\\SROSA.SYS"=""

*******************
[Fichier]
*******************

*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté

Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------

Réponse 210 / 247

maxouxd Messages postés 122 Date d'inscription lundi 18 août 2008 Statut Membre Dernière intervention 22 août 2008
21 août 2008 à 21:17

21/08/2008 ---- 21:16:38,16

----------------------------------
§§§§§§ [Megadrv3] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete

********************
[Registre]
********************

Aucune entrée détectée

*******************
[Fichier]
*******************

*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté

Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------

Réponse 211 / 247

sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
21 août 2008 à 21:21

Question aux helpers :

ce-ci :
[HKEY_USERS\S-1-5-21-3006126301-1578542936-2715256611-1003\Software\Classes\VirtualStore\MACHINE\SOFTWARE\OTSCANIT\Files]
"C:\\WINDOWS\\SYSTEM32\\DRIVERS\\SROSA.SYS"=""

[HKEY_USERS\S-1-5-21-3006126301-1578542936-2715256611-1003_Classes\VirtualStore\MACHINE\SOFTWARE\OTSCANIT\Files]
"C:\\WINDOWS\\SYSTEM32\\DRIVERS\\SROSA.SYS"=""

--> c'est OTMoveIt non ?

Réponse 212 / 247

Utilisateur anonyme
21 août 2008 à 21:32

je vais te mp

Réponse 213 / 247

sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
21 août 2008 à 21:48

Re,
rapport en analyse .... sois patient .... ;)

Réponse 214 / 247

maxouxd Messages postés 122 Date d'inscription lundi 18 août 2008 Statut Membre Dernière intervention 22 août 2008
21 août 2008 à 21:56

jle suis tkt ;)

Réponse 215 / 247

sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
21 août 2008 à 22:01

Bien ... Si tu a un doc CFScript sur ton bureau , supprimes le et on reprend ,

1-Crées un doc texte sur ton bureau :
pointes ta souris sur ton bureau , cliques droit : vas dans "nouveau" et choisis "document texte" .

Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de créer :

Driver::
SROSA

File::
C:\Windows\system32\mdelk.exe
C:\Windows\system32\ban_list.txt
C:\Windows\system32\drivers\mdelk.exe
C:\Windows\system32\drivers\srosa.sys

Folder::
C:\Windows\system32\drivers\downld

Registry::
[-HKEY_USERS\S-1-5-21-3006126301-1578542936-2715256611-1003\Software\Classes\VirtualStore\MACHINE\SOFTWARE\OTSCANIT\Files]

[-HKEY_USERS\S-1-5-21-3006126301-1578542936-2715256611-1003\Software\Classes\VirtualStore\MACHINE\SOFTWARE\OTSCANIT\Files]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode"

Puis vas dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi :
CFScript puis valides ...

2-Nettoyage :

!! Déconnectes toi, fermes toutes tes applications et désactives TOUTES TES DEFENSES ( tu les réactiveras après ) !!

--->Sur ton bureau, fais un glissé avec ta souris le fichier CFScript sur l'icône de ComboFix.exe .

(Regarde ici : http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif )

Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tapes 1 puis valide.

Puis patientes le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)

!! Ne touches à rien tant que le scan n'est pas terminé !!

Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.

Une fois le scan achevé, un rapport va s'afficher : Postes le accompagné d' un nouveau rapport FindB pour analyse ...

( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )

Réponse 216 / 247

afideg Messages postés 10517 Date d'inscription lundi 10 octobre 2005 Statut Contributeur sécurité Dernière intervention 12 avril 2022 602
21 août 2008 à 22:05

Re olivier

J'ai pensé à _OTMoveIt
Quoiqu'il en soit, je ne trouve pas
[HKEY_USERS\S-1-5-21-3006126301-.........-1003_Classes\VirtualStore\MACHINE\SOFTWARE
sur mon PC

Ne suffit-il pas de faire
[HKEY_USERS\S-1-5-21-3006126301-1578542936-2715256611-1003\Software\Classes\VirtualStore\MACHINE\SOFTWARE\OTSCANIT\Files]
"C:\\WINDOWS\\SYSTEM32\\DRIVERS\\SROSA.SYS"=-
pour supprimer cette valeur ?

Pour
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
Je ne trouve que ceci:
• O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
• CCUTRAYICON U CCU_TrayIcon.exe Related to Traybar Launcher from Intel Corporation belonging to Intel(R) Viiv(TM) Note: Located in \%Program Files%\Intel\IntelDH\CCU\
• ccu_trayicon.exe ==> Common Path(s): %programfiles%\intel\inteldh\ccu
• Internal Name: CCU_Engine.exe ; CCU_TrayIcon.exe ; CCU_Desktop.exe

Albert

Réponse 217 / 247

maxouxd Messages postés 122 Date d'inscription lundi 18 août 2008 Statut Membre Dernière intervention 22 août 2008
21 août 2008 à 22:17

+- FindB mis a jours le 21/08/08 par Chiquitine29

+- Recherche de fichier bagle :

+- Recherche dans : C:\Windows\Prefetch :

C:\Windows\Prefetch\WINTEMS.EXE Absent
C:\Windows\Prefetch\MDELK.EXE Absent
C:\Windows\Prefetch\HLDRRR.EXE Absent
C:\Windows\Prefetch\FLEC006.EXE Absent
C:\Windows\Prefetch\KEYGENPATCH.EXE-????????.pf Absent
C:\Windows\Prefetch\WINTEMS.EXE-????????.pf Présent!!
C:\Windows\Prefetch\MDELK.EXE-????????.pf Présent!!
C:\Windows\Prefetch\HLDRRR.EXE-????????.pf Absent
C:\Windows\Prefetch\FLEC006.EXE-????????.pf Absent

+- Recherche dans : C:\Windows\system32 :

C:\Windows\system32\hldrrr.exe Absent
C:\Windows\system32\mdelk.exe Présent!!
C:\Windows\system32\wintems.exe Absent
C:\Windows\system32\ban_list.txt Présent!!

+- Recherche dans : C:\Windows\system32\drivers :

C:\Windows\system32\drivers\mdelk.exe Présent!!
C:\Windows\system32\drivers\srosa.sys Absent
C:\Windows\system32\drivers\hldrrr.exe Absent
C:\Windows\system32\drivers\downld Présent!!

+- Recherche dans : C:\Users\Max\AppData\Roaming :

C:\Users\Max\AppData\Roaming\m\flec006.exe Absent
C:\Users\Max\AppData\Roaming\m\list.oct Absent
C:\Users\Max\AppData\Roaming\m\data.oct Absent
C:\Users\Max\AppData\Roaming\m\srvlist.oct Absent
C:\Users\Max\AppData\Roaming\m\ Absent
C:\Users\Max\AppData\Roaming\m\shared\ Absent

+- Registre :

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
IAAnotif REG_SZ "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
Acer Empowering Technology Monitor REG_SZ C:\Acer\Empowering Technology\SysMonitor.exe
eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
CCUTRAYICON REG_SZ FactoryMode
NMSSupport REG_SZ "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
WarReg_PopUp REG_SZ C:\Acer\WR_PopUp\WarReg_PopUp.exe
Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
V0230Mon.exe REG_SZ C:\Windows\V0230Mon.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
NeroFilterCheck REG_SZ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
WPCUMI REG_SZ C:\Windows\system32\WpcUmi.exe
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Steam REG_SZ "c:\program files\valve\steam\steam.exe" -silent
Speech Recognition REG_SZ "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe

+- Recherche terminee !

+- Execute le : 21/08/2008 a 18:46:09,40

Réponse 218 / 247

afideg Messages postés 10517 Date d'inscription lundi 10 octobre 2005 Statut Contributeur sécurité Dernière intervention 12 avril 2022 602
21 août 2008 à 22:18

Max

Si tu as le courage

Télécharge System Repair Engineer - SREng (par Smallfrogs) sur ton Bureau :
http://www.kztechs.com/eng/download.html
Et clic comme indiqué ici http://img120.imageshack.us/img120/9794/screenshot414rr9.png
Extrais tout son contenu sur ton Bureau
(clic-droit sur le fichier .zip >> "Extraire tout...")
Du dossier sreng2 qui se trouve maintenant sur ton Bureau, double-clique sur SREngPS.exe afin de lancer l'outil
Avec VISTA, il faut :
Du dossier sreng2 qui se trouve maintenant sur ton Bureau, (l'ouvrir) clic-droit sur SREngPS.exe , choisir éventuellement "Exécuter en tant qu'administrateur" afin de lancer l'outil.

Clique sur Smart Scan
Ensuite, clique sur le bouton [Scan]. L'analyse durera quelques instants.
Lorsque complété, clique sur le bouton [Save Reports]
Sauvegarde le rapport sur ton Bureau
Copie/colle le contenu du fichier SREnglLOG.log dans ta prochaine réponse, s'il te plait

Merci
Al.

Réponse 219 / 247

maxouxd Messages postés 122 Date d'inscription lundi 18 août 2008 Statut Membre Dernière intervention 22 août 2008
21 août 2008 à 22:24

[CODE]

2008-08-21,22:22:36

System Repair Engineer 2.6.12.1018
Smallfrogs (http://www.KZTechs.com)

Windows Vista Home Premium Edition (Build 6000) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Running Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Sidebar><C:\Program Files\Windows Sidebar\sidebar.exe /autoRun> [(Verified)Microsoft Windows]
<msnmsgr><"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background> [Microsoft Corporation]
<Steam><"c:\program files\valve\steam\steam.exe" -silent> [(Verified)Valve]
<Speech Recognition><"C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup> [(Verified)Microsoft Windows]
<WMPNSCFG><C:\Program Files\Windows Media Player\WMPNSCFG.exe> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IAAnotif><"C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"> [Intel Corporation]
<CCUTRAYICON><FactoryMode> [N/A]
<NMSSupport><"C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup> [Intel Corporation]
<WarReg_PopUp><C:\Acer\WR_PopUp\WarReg_PopUp.exe> [Acer Inc.]
<Acer Tour Reminder><C:\Acer\AcerTour\Reminder.exe> [Acer Inc.]
<V0230Mon.exe><C:\Windows\V0230Mon.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
<NeroFilterCheck><C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe> [Nero AG]
<WPCUMI><C:\Windows\system32\WpcUmi.exe> [(Verified)Microsoft Windows]
<NvSvc><RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<NvCplDaemon><RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<NvMediaCenter><RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<AppleSyncNotifier><C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe> [(Verified)Apple Inc.]
<QuickTime Task><"C:\Program Files\QuickTime\QTTask.exe" -atboottime> [Apple Inc.]
<iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)Apple Inc.]
<avgnt><"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min> [Avira GmbH]
<COMODO SafeSurf><"C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s> [(Verified)Comodo CA Limited]
<COMODO Firewall Pro><"C:\Program Files\COMODO\Firewall\cfp.exe" -h> [(Verified)Comodo CA Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<COMODO Firewall Pro><"C:\Program Files\COMODO\Firewall\cfpconfg.exe" -z -o> [(Verified)Comodo CA Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows]
<Userinit><C:\Windows\system32\userinit.exe,> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs>< C:\Windows\system32\guard32.dll C:\Windows\system32\cssdll32.dll> [(Verified)Comodo CA Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
<WinlogonNotify: igfxcui><igfxdev.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Windows Mail 7><"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE> [File is missing]

==================================
Startup Folders
[Empowering Technology Launcher]
<C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk --> C:\Acer\EMPOWE~1\EAPLAU~1.EXE [Acer Inc.]><N>
[Empowering Technology Launcher]
<C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk --> C:\Acer\EMPOWE~1\EAPLAU~1.EXE [Acer Inc.]><N>

==================================
Services
[ePerformance Service / AcerMemUsageCheckService][Running/Auto Start]
<C:\Acer\Empowering Technology\ePerformance\MemCheck.exe><>
[Intel(R) Alert Service / AlertService][Running/Auto Start]
<"C:\Program Files\Intel\IntelDH\CCU\AlertService.exe"><Intel(R) Corporation>
[Avira AntiVir Personal - Free Antivirus Scheduler / AntiVirScheduler][Running/Auto Start]
<"C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"><Avira GmbH>
[Avira AntiVir Personal - Free Antivirus Guard / AntiVirService][Running/Auto Start]
<"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"><Avira GmbH>
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
<"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple Inc.>
[DQLWinService / DQLWinService][Running/Auto Start]
<"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe"><>
[eDSService.exe / eDataSecurity Service][Running/Auto Start]
<"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe"><HiTRSUT>
[eRecovery Service / eRecoveryService][Running/Auto Start]
<C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe><Acer Inc.>
[Google Updater Service / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Intel(R) Matrix Storage Event Monitor / IAANTMON][Running/Auto Start]
<C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe><Intel Corporation>
[IntelDHSvcConf / IntelDHSvcConf][Stopped/Manual Start]
<"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe"><Intel(R) Corporation>
[Service de l'iPod / iPod Service][Running/Manual Start]
<"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[Intel(R) Software Services Manager / ISSM][Stopped/Manual Start]
<"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe"><Intel(R) Corporation>
[LightScribeService Direct Disc Labeling Service / LightScribeService][Running/Auto Start]
<"C:\Program Files\Common Files\LightScribe\LSSrvc.exe"><Hewlett-Packard Company>
[Intel(R) Viiv(TM) Media Server / M1 Server][Stopped/Manual Start]
<C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe><N/A>
[Intel(R) Application Tracker / MCLServiceATL][Stopped/Manual Start]
<"C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe"><Intel(R) Corporation>
[NBService / NBService][Stopped/Manual Start]
<C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe><Nero AG>
[Planificateur LiveUpdate automatique / Planificateur LiveUpdate automatique][Running/Auto Start]
<"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"><Symantec Corporation>
[PnkBstrA / PnkBstrA][Running/Auto Start]
<C:\Windows\system32\PnkBstrA.exe><N/A>
[Intel(R) Remoting Service / Remote UI Service][Stopped/Manual Start]
<"C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe"><Intel(R) Corporation>
[Steam Client Service / Steam Client Service][Running/Manual Start]
<C:\Program Files\Common Files\Steam\SteamService.exe /RunAsService><Valve Corporation>

==================================
Drivers
[adp94xx / adp94xx][Stopped/Disabled]
<\SystemRoot\system32\drivers\adp94xx.sys><Adaptec, Inc.>
[adpahci / adpahci][Stopped/Disabled]
<\SystemRoot\system32\drivers\adpahci.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Disabled]
<\SystemRoot\system32\drivers\adpu160m.sys><Adaptec, Inc.>
[adpu320 / adpu320][Stopped/Disabled]
<\SystemRoot\system32\drivers\adpu320.sys><Adaptec, Inc.>
[aic78xx / aic78xx][Stopped/Disabled]
<\SystemRoot\system32\drivers\djsvs.sys><Adaptec, Inc.>
[aliide / aliide][Stopped/Disabled]
<\SystemRoot\system32\drivers\aliide.sys><Acer Laboratories Inc.>
[arc / arc][Stopped/Disabled]
<\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[arcsas / arcsas][Stopped/Disabled]
<\SystemRoot\system32\drivers\arcsas.sys><Adaptec, Inc.>
[avgio / avgio][Running/System Start]
<\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys><Avira GmbH>
[avgntflt / avgntflt][Running/Manual Start]
<\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys><Avira GmbH>
[avipbb / avipbb][Running/System Start]
<system32\DRIVERS\avipbb.sys><Avira GmbH>
[blbdrive / blbdrive][Stopped/Disabled]
<\SystemRoot\system32\drivers\blbdrive.sys><N/A>
[Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start]
<\SystemRoot\system32\drivers\brfiltlo.sys><Brother Industries, Ltd.>
[Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start]
<\SystemRoot\system32\drivers\brfiltup.sys><Brother Industries, Ltd.>
[Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Disabled]
<\SystemRoot\system32\drivers\brserid.sys><Brother Industries Ltd.>
[Brother WDM Serial driver / BrSerWdm][Stopped/Disabled]
<\SystemRoot\system32\drivers\brserwdm.sys><Brother Industries Ltd.>
[Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Disabled]
<\SystemRoot\system32\drivers\brusbmdm.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
<\SystemRoot\system32\drivers\brusbser.sys><Brother Industries Ltd.>
[cmdide / cmdide][Stopped/Disabled]
<\SystemRoot\system32\drivers\cmdide.sys><CMD Technology, Inc.>
[Pilote de la connexion réseau Intel(R) PRO/1000 PCI Express / e1express][Running/Manual Start]
<system32\DRIVERS\e1e6032.sys><Intel Corporation>
[Intel(R) PRO/1000 NDIS 6 Adapter Driver / E1G60][Stopped/Manual Start]
<system32\DRIVERS\E1G60I32.sys><Intel Corporation>
[elxstor / elxstor][Stopped/Disabled]
<\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[GEARAspiWDM / GEARAspiWDM][Running/Manual Start]
<System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[gmer / gmer][Stopped/Manual Start]
<System32\DRIVERS\gmer.sys><N/A>
[Intel(R) Management Engine Interface / HECI][Running/Manual Start]
<system32\DRIVERS\HECI.sys><Intel Corporation>
[HpCISSs / HpCISSs][Stopped/Disabled]
<\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[Intel RAID Controller / iaStor][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\iaStor.sys><Intel Corporation>
[Contrôleur RAID Intel Vista / iaStorV][Stopped/Disabled]
<\SystemRoot\system32\drivers\iastorv.sys><Intel Corporation>
[igfx / igfx][Stopped/Manual Start]
<system32\DRIVERS\igdkmd32.sys><N/A>
[iirsp / iirsp][Stopped/Disabled]
<\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[int15 / int15][Running/Auto Start]
<\??\C:\Acer\Empowering Technology\eRecovery\int15.sys><N/A>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RTKVHDA.sys><Realtek Semiconductor Corp.>
[IntelDH Driver / IntelDH][Running/Manual Start]
<System32\Drivers\IntelDH.sys><Intel Corporation>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
<system32\DRIVERS\ipinip.sys><N/A>
[ITEATAPI_Service_Install / iteatapi][Stopped/Disabled]
<\SystemRoot\system32\drivers\iteatapi.sys><Integrated Technology Express, Inc.>
[ITERAID_Service_Install / iteraid][Stopped/Disabled]
<\SystemRoot\system32\drivers\iteraid.sys><Integrated Technology Express, Inc.>
[LSI_FC / LSI_FC][Stopped/Disabled]
<\SystemRoot\system32\drivers\lsi_fc.sys><LSI Logic>
[LSI_SAS / LSI_SAS][Stopped/Disabled]
<\SystemRoot\system32\drivers\lsi_sas.sys><LSI Logic>
[LSI_SCSI / LSI_SCSI][Stopped/Disabled]
<\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Logic>
[megasas / megasas][Stopped/Disabled]
<\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[Mraid35x / Mraid35x][Stopped/Disabled]
<\SystemRoot\system32\drivers\mraid35x.sys><LSI Logic Corporation>
[nfrd960 / nfrd960][Stopped/Disabled]
<\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[GoProto Protocol Driver for NMS / nmsgopro][Running/Auto Start]
<system32\DRIVERS\nmsgopro.sys><Gteko Ltd.>
[UniDriver for NMS / nmsunidr][Running/Auto Start]
<system32\DRIVERS\nmsunidr.sys><Gteko Ltd.>
[Upper Class Filter Driver / NTIDrvr][Running/Manual Start]
<system32\DRIVERS\NTIDrvr.sys><NewTech Infosystems, Inc.>
[N-trig HID Tablet Driver / ntrigdigi][Stopped/Disabled]
<\SystemRoot\system32\drivers\ntrigdigi.sys><N-trig Innovative Technologies>
[nvlddmkm / nvlddmkm][Running/Manual Start]
<system32\DRIVERS\nvlddmkm.sys><NVIDIA Corporation>
[nvraid / nvraid][Stopped/Disabled]
<\SystemRoot\system32\drivers\nvraid.sys><NVIDIA Corporation>
[nvstor / nvstor][Stopped/Disabled]
<\SystemRoot\system32\drivers\nvstor.sys><NVIDIA Corporation>
[IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start]
<system32\DRIVERS\nwlnkflt.sys><N/A>
[IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start]
<system32\DRIVERS\nwlnkfwd.sys><N/A>
[PSDFilter / PSDFilter][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\psdfilter.sys><HiTRUST>
[PSDNSERVER / PSDNServ][Running/Boot Start]
<\SystemRoot\system32\drivers\PSDNServ.sys><HiTRUST>
[psdvdisk / psdvdisk][Running/Boot Start]
<\SystemRoot\system32\drivers\psdvdisk.sys><HiTRUST>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[QLogic Fibre Channel Miniport Driver / ql2300][Stopped/Disabled]
<\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[QLogic iSCSI Miniport Driver / ql40xx][Stopped/Disabled]
<\SystemRoot\system32\drivers\ql40xx.sys><QLogic Corporation>
[SDDMI2 / SDDMI2][Stopped/Manual Start]
<\??\C:\Windows\system32\DDMI2.sys><N/A>
[SiSRaid2 / SiSRaid2][Stopped/Disabled]
<\SystemRoot\system32\drivers\sisraid2.sys><Silicon Integrated Systems Corp.>
[SiSRaid4 / SiSRaid4][Stopped/Disabled]
<\SystemRoot\system32\drivers\sisraid4.sys><Silicon Integrated Systems>
[ssmdrv / ssmdrv][Running/System Start]
<system32\DRIVERS\ssmdrv.sys><Avira GmbH>
[Symc8xx / Symc8xx][Stopped/Disabled]
<\SystemRoot\system32\drivers\symc8xx.sys><LSI Logic>
[SYMDNS / SYMDNS][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\SYMDNS.SYS><Symantec Corporation>
[SYMFW / SYMFW][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\SYMFW.SYS><Symantec Corporation>
[SYMIDS / SYMIDS][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\SYMIDS.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Stopped/System Start]
<\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[Sym_hi / Sym_hi][Stopped/Disabled]
<\SystemRoot\system32\drivers\sym_hi.sys><LSI Logic>
[Sym_u3 / Sym_u3][Stopped/Disabled]
<\SystemRoot\system32\drivers\sym_u3.sys><LSI Logic>
[TSHWMDTCP / TSHWMDTCP][Stopped/Manual Start]
<\??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys><N/A>
[uliahci / uliahci][Stopped/Disabled]
<\SystemRoot\system32\drivers\uliahci.sys><ULi Electronics Inc.>
[UlSata / UlSata][Stopped/Disabled]
<\SystemRoot\system32\drivers\ulsata.sys><Promise Technology, Inc.>
[ulsata2 / ulsata2][Stopped/Disabled]
<\SystemRoot\system32\drivers\ulsata2.sys><Promise Technology, Inc.>
[V0230Vfx / V0230Vfx][Running/Manual Start]
<system32\DRIVERS\V0230Vfx.sys><EyePower Games Pte. Ltd.>
[Live! Cam Video IM Pro / V0230VID][Running/Manual Start]
<system32\DRIVERS\V0230VID.sys><Creative Technology Ltd.>
[viaide / viaide][Stopped/Disabled]
<\SystemRoot\system32\drivers\viaide.sys><VIA Technologies, Inc.>
[vsmraid / vsmraid][Stopped/Disabled]
<\SystemRoot\system32\drivers\vsmraid.sys><VIA Technologies Inc.,Ltd>
[Comodo Firewall Network Driver / Inspect][Running/Manual Start]
<system32\DRIVERS\inspect.sys><COMODO>

==================================
Browser Add-ons
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, (Signed) Yahoo! Inc.>
[Aide pour le lien d'Adobe PDF Reader]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[Ask Toolbar BHO]
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} <C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL, Ask.com>
[Send to OneNote from Internet Explorer button]
{2670000A-7350-4f3c-8081-5663EE0C6C49} <C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll, (Signed) Microsoft Corporation>
[&Rechercher]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[Show Norton Toolbar]
{90222687-F593-4738-B738-FBEE9C7B26DF} <c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll, N/A>
[Acer eDataSecurity Management]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} <C:\Windows\system32\eDStoolbar.dll, HiTRUST>
[Yahoo! Toolbar avec bloqueur de fenêtres pop-up]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, (Signed) Yahoo! Inc.>
[Ask Toolbar]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} <C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL, Ask.com>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\Windows\system32\LegitCheckControl.DLL, (Signed) Microsoft Corporation>
[YInstStarter Class]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\PROGRA~1\Yahoo!\common\yinsthelper.dll, (Signed) Yahoo! Inc.>
[]
{00000000-0000-0000-0000-000000000000} <, >
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, (Signed) Yahoo! Inc.>
[Aide pour le lien d'Adobe PDF Reader]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\Windows\system32\LegitCheckControl.DLL, (Signed) Microsoft Corporation>
[]
{2670000A-7350-4F3C-8081-5663EE0C6C49} <, >
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\Windows\system32\ieframe.dll, (Signed) Microsoft Corporation>
[Acer eDataSecurity Management]
{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} <C:\Windows\system32\eDStoolbar.dll, HiTRUST>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, >
[]
{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} <, >
[Free Threaded XML DOM Document 6.0]
{88D96A06-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[XSL Template 6.0]
{88D96A08-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[Show Norton Toolbar]
{90222687-F593-4738-B738-FBEE9C7B26DF} <c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll, N/A>
[]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} <, >
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\Flash9b.ocx, (Signed) Adobe Systems, Inc.>
[]
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC9~1.DLL, (Signed) N/A>
[Yahoo! Toolbar avec bloqueur de fenêtres pop-up]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, (Signed) Yahoo! Inc.>
[Ask Toolbar BHO]
{F0D4B231-DA4B-4DAF-81E4-DFEE4931A4AA} <C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL, Ask.com>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[E&xporter vers Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 468 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 532 / SYSTEM][C:\Windows\system32\csrss.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 576 / SYSTEM][C:\Windows\system32\wininit.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 588 / SYSTEM][C:\Windows\system32\csrss.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 620 / SYSTEM][C:\Windows\system32\services.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 632 / SYSTEM][C:\Windows\system32\lsass.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 648 / SYSTEM][C:\Windows\system32\lsm.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 788 / SYSTEM][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 844 / SERVICE RÉSEAU][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 896 / SERVICE LOCAL][C:\Windows\System32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\system32\RtkAPO.dll] [Realtek Semiconductor Corp., 11.0.6000.25 built by: WinDDK]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 924 / SYSTEM][C:\Windows\System32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 936 / SYSTEM][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 1044 / SYSTEM][C:\Windows\system32\winlogon.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1088 / SERVICE RÉSEAU][C:\Windows\system32\SLsvc.exe] [Microsoft Corporation, 6.0.6000.16509 (vista_gdr.070620-1500)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 1140 / SERVICE LOCAL][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 1240 / SERVICE RÉSEAU][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 1396 / SYSTEM][C:\Windows\System32\spoolsv.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Windows\System32\msonpmon.dll] [Microsoft Corporation, 12.3.4518.1014]
[C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Windows\system32\spool\PRTPROCS\W32X86\msonpppr.dll] [Microsoft Corporation, 12.3.4518.1014]
[PID: 1420 / SYSTEM][C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe] [Avira GmbH, 8.00.00.16]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\schedr.dll] [Avira GmbH, 8.00.03.00]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\avevtlog.dll] [Avira GmbH, 8.00.00.16]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\sqlite3.dll] [, 3.3.17.1]
[PID: 1436 / SERVICE LOCAL][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 316 / Max][C:\Windows\system32\Dwm.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Windows\system32\nvd3dum.dll] [NVIDIA Corporation, 7.15.11.6925]
[PID: 1000 / Max][C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe] [Intel Corporation, 6.2.0.2002]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll] [Intel Corporation, 6.2.0.2002]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Intel\Intel Matrix Storage Manager\IAAMon_FRA.dll] [Intel Corporation, 6.2.0.2002]
[C:\Program Files\Intel\IntelDH\bin\IntelDH.dll] [Intel(R) Corporation, 1.6.372.0]
[PID: 572 / Max][C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe] [Intel Corporation, 3, 0, 0, 179]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\GTAgnt.dll] [Intel Corporation, 1, 0, 1, 12]
[C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\CfgData.DLL] [Intel Corporation, 1, 0, 3, 41]
[C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\ActMgr.dll] [Intel Corporation, 1, 0, 1, 18]
[c:\progra~1\common~1\intel\inteldh\nms\support\gtaction\handlers\grouph.dll] [Intel Corporation, 1, 0, 3, 39]
[c:\progra~1\common~1\intel\inteldh\nms\support\gtaction\handlers\pnph.dll] [Intel Corporation, 1, 0, 2, 5]
[c:\progra~1\common~1\intel\inteldh\nms\support\gtaction\handlers\qdiagh.dll] [Intel Corporation, 1, 0, 2, 32]
[c:\progra~1\common~1\intel\inteldh\nms\support\gtaction\handlers\trgloadh.dll] [Intel Corporation, 1, 0, 1, 12]
[c:\progra~1\common~1\intel\inteldh\nms\support\gtaction\handlers\trgregh.dll] [Intel Corporation, 1, 0, 1, 32]
[C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\TrgMgr.DLL] [Intel Corporation, 1, 0, 2, 21]
[C:\PROGRA~1\COMMON~1\Intel\IntelDH\NMS\Support\gdql_in.dll] [Intel Corporation, 1, 0, 1, 140]
[C:\PROGRA~1\COMMON~1\INTEL\INTELDH\NMS\SUPPORT\GTACTION\TRIGGERS\NETWORKT.DLL] [Intel Corporation, 1, 0, 1, 26]
[PID: 1184 / Max][C:\Windows\V0230Mon.exe] [Creative Technology Ltd., 1.01.01.00]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 1924 / Max][C:\Windows\System32\wpcumi.exe] [Microsoft Corporation, 1.0.0.1]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
[PID: 1720 / Max][C:\Program Files\iTunes\iTunesHelper.exe] [Apple Inc., 7.7.0.43]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\iTunes\iTunesHelper.Resources\fr.lproj\iTunesHelperLocalized.DLL] [Apple Inc., 7.7.0.30]
[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Inc., 7.7.0.43]
[C:\Program Files\QuickTime\QTSystem\QuickTime.qts] [Apple Inc., 7.5 (861)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
[C:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll] [Apple Inc., 7, 8, 118, 0]
[PID: 2052 / Max][C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe] [Avira GmbH, 8.00.70.02]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\cclib.dll] [Avira GmbH, 8.00.70.05]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[c:\program files\avira\antivir personaledition classic\ccgen.dll] [Avira GmbH, 8.00.70.03]
[c:\program files\avira\antivir personaledition classic\ccgenrc.dll] [Avira GmbH, 8.00.70.00]
[c:\program files\avira\antivir personaledition classic\ccguard.dll] [Avira GmbH, 8.00.70.04]
[c:\program files\avira\antivir personaledition classic\ccgrdrc.dll] [Avira GmbH, 8.00.72.00]
[c:\program files\avira\antivir personaledition classic\avipc.dll] [Avira GmbH, 1.0.6.0]
[c:\program files\avira\antivir personaledition classic\ccupdate.dll] [Avira GmbH, 8.00.70.02]
[c:\program files\avira\antivir personaledition classic\ccupdrc.dll] [Avira GmbH, 8.00.70.00]
[c:\program files\avira\antivir personaledition classic\cclic.dll] [Avira GmbH, 8.00.70.04]
[c:\program files\avira\antivir personaledition classic\cclicrc.dll] [Avira GmbH, 8.00.70.00]
[c:\program files\avira\antivir personaledition classic\ccmsg.dll] [Avira GmbH, 8.00.00.06]
[PID: 2064 / Max][C:\Program Files\Windows Sidebar\sidebar.exe] [Microsoft Corporation, 6.0.6000.16615 (vista_gdr.071215-2230)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\system32\nvd3dum.dll] [NVIDIA Corporation, 7.15.11.6925]
[C:\Windows\system32\icm32.dll] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2076 / Max][C:\Program Files\Windows Live\Messenger\msnmsgr.exe] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger]
[C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Windows Live\Messenger\MSIMG32.dll] [Patchou, 4, 60, 0, 324]
[C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
[C:\Program Files\Windows Live\Messenger\MSNCore.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger]
[C:\Program Files\Windows Live\Messenger\UXCore.dll] [Microsoft Corp., 9.0.1407.1107 (next-working.client.messenger (by BTSA010 on TK1BLD46))]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Windows Live\Messenger\msidcrl40.dll] [Microsoft Corporation, 4.200.513.1]
[C:\Program Files\Windows Live\Messenger\wldlog.dll] [N/A, ]
[C:\Program Files\Windows Live\Messenger\ContactsUX.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger]
[C:\Program Files\Windows Live\Messenger\uxcontacts.dll] [Microsoft Corp., 9.0.1407.1107 (next-working.client.messenger (by BTSA010 on TK1BLD46))]
[C:\Program Files\Windows Live\Messenger\LiveNatTrav.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger]
[C:\Program Files\Windows Live\Messenger\LiveTransport.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger]
[C:\Program Files\Windows Live\Messenger\PresenceIM.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger]
[C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll] [Patchou, 4, 60, 0, 326]
[C:\Program Files\Messenger Plus! Live\Detoured.dll] [N/A, ]
[C:\Program Files\Windows Live\Messenger\msgslang.9.0.1407.1107.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger]
[C:\Program Files\Windows Live\Messenger\msgsres.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger]
[C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes1.dll] [Patchou, 4, 60, 0, 324]
[C:\Program Files\Windows Live\Messenger\msgrvsta.thm] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger]
[C:\Program Files\Windows Live\Messenger\uccapi.dll] [Microsoft Corporation, 2.0.6362.525 built by: lcs_se_ls2007_uccasdk]
[C:\Program Files\Windows Live\Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.6362.525 built by: lcs_se_ls2007_uccasdk]
[C:\Program Files\Windows Live\Messenger\msgswcam.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger]
[C:\Windows\system32\sirenacm.dll] [Microsoft Corp., 9.0.1407.1107 (next-working.client.messenger (by BTSA010 on TK1BLD46))]
[C:\Program Files\Windows Live\Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
[C:\Program Files\Windows Live\Contacts\lmcdata.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger]
[C:\Program Files\Windows Live\Contacts\contact.dll] [Microsoft Corp., 9.0.1407.1107 (next-working.client.messenger (by BTSA010 on TK1BLD46))]
[C:\Program Files\Windows Live\Contacts\conproxy.dll] [Microsoft Corp., 9.0.1407.1107 (next-working.client.messenger (by BTSA010 on TK1BLD46))]
[C:\Program Files\Windows Live\Messenger\dfsr.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger]
[C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Windows Live\Messenger\usnsvcps.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger]
[C:\Program Files\Messenger Plus! Live\libsndfile.dll] [N/A, ]
[C:\Program Files\Messenger Plus! Live\lame_enc.dll] [N/A, ]
[C:\Program Files\Windows Live\Messenger\wmv9vcm.dll] [Microsoft Corporation, 9.0.1.1184]
[C:\Windows\system32\iyuv_32.dll] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2096 / Max][C:\Program Files\Valve\Steam\Steam.exe] [Valve Corporation, 1.0.0.0]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Valve\Steam\Steam.dll] [Valve Corporation, 2.0.0.0]
[C:\Program Files\Valve\Steam\SteamUI.dll] [Valve Corporation, 1, 0, 0, 1]
[C:\Program Files\Valve\Steam\vstdlib_s.dll] [Valve Corporation, 3, 0, 0, 1]
[C:\Program Files\Valve\Steam\tier0_s.dll] [Valve Corporation, 1, 0, 0, 1]
[C:\Program Files\Valve\Steam\bin\FileSystem_Steam.dll] [Valve Corporation, 3, 0, 0, 1]
[C:\Program Files\Valve\Steam\bin\vgui2.dll] [Valve Corporation, 3, 0, 0, 1]
[C:\Program Files\Valve\Steam\steamclient.dll] [Valve Corporation, 3, 0, 0, 1]
[C:\Program Files\Valve\Steam\bin\p2pvoice.dll] [Valve Corporation, 1, 0, 0, 1]
[C:\Program Files\Valve\Steam\bin\mss32_s.dll] [N/A, ]
[c:\program files\valve\steam\bin\friendsUI.dll] [Valve Corporation, 3, 0, 0, 1]
[c:\program files\valve\steam\bin\serverbrowser.dll] [N/A, ]
[C:\Windows\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[PID: 2208 / Max][C:\Program Files\Windows Sidebar\sidebar.exe] [Microsoft Corporation, 6.0.6000.16615 (vista_gdr.071215-2230)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\system32\icm32.dll] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL] [Microsoft Corporation, 12.0.4518.1014]
[C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[PID: 2644 / SYSTEM][C:\Acer\Empowering Technology\ePerformance\MemCheck.exe] [, 1.0.0.0]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7fe79782947b85d961fd55cb5e02a129\mscorlib.ni.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)]
[C:\Windows\assembly\NativeImages_v2.0.50727_32\System\fcc712bc5da45a672e7f1ad176dbd5a5\System.ni.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)]
[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\61b951bd03727a096c1c02cb18d5ce30\System.ServiceProcess.ni.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)]
[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8fbca0140921ed343cb511595869a0ed\System.Runtime.Remoting.ni.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)]
[C:\Acer\Empowering Technology\ePerformance\MemCheck.Interface.dll] [, 1.0.0.0]
[C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll] [, 1.0.0.0]
[C:\Acer\Empowering Technology\ePerformance\log4net.dll] [The Apache Software Foundation, 1.2.10.0]
[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d7b63c1d2ab17ac3cc24881c4ff78b63\System.Configuration.ni.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)]
[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f76a7622c73e26e4d2daf54068d7ff79\System.Xml.ni.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)]
[C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)]
[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\c11c5eb32a435c14a33e62b1e150e988\System.Web.ni.dll] [Microsoft Corporation, 2.0.50727.833 (QFE.050727-8300)]
[PID: 2712 / SYSTEM][C:\Program Files\Intel\IntelDH\CCU\AlertService.exe] [Intel(R) Corporation, 1.6.414.0]
[C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 2736 / SYSTEM][C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe] [Avira GmbH, 8.00.01.27]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\avevtlog.dll] [Avira GmbH, 8.00.00.16]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\guardmsg.dll] [Avira GmbH, 8.00.08.00]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\sqlite3.dll] [, 3.3.17.1]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\AVPREF.DLL] [Avira GmbH, 8.00.02.00]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\SMTPLIB.DLL] [Avira GmbH, 1.02.00.23]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\AVGIO.DLL] [Avira GmbH, 8.00.01.03]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\aecore.dll] [Avira GmbH, 8.1.1.8]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\aevdf.dll] [Avira GmbH, 8.1.0.5]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescript.dll] [Avira GmbH, 8.1.0.68]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescn.dll] [Avira GmbH, 8.1.0.23]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\aerdl.dll] [Avira GmbH, 8.1.0.20]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\aepack.dll] [Avira GmbH, 8.1.2.1]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\unacev2.dll] [N/A, ]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeoffice.dll] [Avira GmbH, 8.1.0.22]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeheur.dll] [Avira GmbH, 8.1.0.50]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\aehelp.dll] [Avira GmbH, 8.1.0.15]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\aegen.dll] [Avira GmbH, 8.1.0.36]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeemu.dll] [Avira GmbH, 8.1.0.7]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\aebb.dll] [Avira GmbH, 8.1.0.1]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\avipc.dll] [Avira GmbH, 1.0.6.0]
[PID: 2752 / SYSTEM][C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe] [Apple Inc., 2.0.28.0]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 2772 / SYSTEM][C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe] [, 1, 0, 0, 8]
[C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\nmsmc.dll] [Gteko Ltd., 1, 0, 0, 9]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 2784 / SYSTEM][C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe] [HiTRSUT, 2, 7, 0, 2]
[C:\Windows\system32\PSDUtil.dll] [HiTRUST, 2, 2, 0, 28]
[C:\Windows\system32\CryptoAPI.dll] [HiTRUST, 2, 2, 0, 34]
[C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Windows\system32\sysenv.dll] [HiTRUST, 2, 5, 3021, 108]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 2916 / SYSTEM][C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe] [Intel Corporation, 6.2.0.2002]
[PID: 2960 / SYSTEM][C:\Program Files\Common Files\LightScribe\LSSrvc.exe] [Hewlett-Packard Company, 1.4.136.1]
[C:\Program Files\Common Files\LightScribe\LSSProxy.dll] [Hewlett-Packard Company, 1.4.136.1]
[C:\Program Files\Common Files\LightScribe\LSLog.dll] [Hewlett-Packard Company, 1.4.136.1]
[C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 3008 / SYSTEM][C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe] [Symantec Corporation, 3.2.0.68]
[C:\Program Files\Symantec\LiveUpdate\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0]
[C:\Program Files\Symantec\LiveUpdate\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 3060 / SYSTEM][C:\Windows\system32\PnkBstrA.exe] [N/A, ]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 3080 / SERVICE RÉSEAU][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 3096 / SERVICE LOCAL][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
[PID: 3128 / SYSTEM][C:\Windows\System32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 3252 / SYSTEM][C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe] [Acer Inc., 2.5.4.1]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7fe79782947b85d961fd55cb5e02a129\mscorlib.ni.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)]
[C:\Windows\assembly\NativeImages_v2.0.50727_32\System\fcc712bc5da45a672e7f1ad176dbd5a5\System.ni.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)]
[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\61b951bd03727a096c1c02cb18d5ce30\System.ServiceProcess.ni.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)]
[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8fbca0140921ed343cb511595869a0ed\System.Runtime.Remoting.ni.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)]
[C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll] [, 2.05.4001]
[C:\Acer\Empowering Technology\eRecovery\IERYETF.dll] [, 2.05.4001]
[C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)]
[C:\Acer\Empowering Technology\eRecovery\INT15.dll] [N/A, ]
[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3fe3f7ba542ab78e52e49d19640a7e64\System.Management.ni.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)]
[PID: 3640 / Max][C:\Program Files\Windows Live\Contacts\wlcomm.exe] [Microsoft Corp., 9.0.1407.1107 (next-working.client.messenger (by BTSA010 on TK1BLD46))]
[C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Windows Live\Contacts\contact.dll] [Microsoft Corp., 9.0.1407.1107 (next-working.client.messenger (by BTSA010 on TK1BLD46))]
[C:\Program Files\Windows Live\Contacts\conproxy.dll] [Microsoft Corp., 9.0.1407.1107 (next-working.client.messenger (by BTSA010 on TK1BLD46))]
[C:\Program Files\Windows Live\Contacts\consync.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger]
[C:\Program Files\Windows Live\Contacts\wldlog.dll] [N/A, ]
[C:\Program Files\Windows Live\Contacts\lmcdata.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger]
[C:\Program Files\Windows Live\Contacts\abssm.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger]
[PID: 3800 / SYSTEM][C:\Program Files\Common Files\Steam\SteamService.exe] [Valve Corporation, 1, 0, 0, 1]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Valve\Steam\bin\SteamService.dll] [Valve Corporation, 1, 0, 0, 1]
[C:\Program Files\Valve\Steam\tier0_s.dll] [Valve Corporation, 1, 0, 0, 1]
[C:\Program Files\Valve\Steam\vstdlib_s.dll] [Valve Corporation, 3, 0, 0, 1]
[PID: 3812 / SYSTEM][C:\Windows\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 3820 / SYSTEM][C:\Windows\system32\taskeng.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 3844 / SYSTEM][C:\Program Files\iPod\bin\iPodService.exe] [Apple Inc., 7.7.0.43]
[C:\Program Files\iPod\bin\iPodService.Resources\fr.lproj\iPodServiceLocalized.DLL] [Apple Inc., 7.7.0.30]
[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Inc., 7.7.0.43]
[PID: 4084 / Max][C:\Windows\system32\taskeng.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 524 / Max][C:\Program Files\Windows Media Player\wmpnscfg.exe] [Microsoft Corporation, 11.0.6000.6324 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 1128 / SERVICE RÉSEAU][C:\Program Files\Windows Media Player\wmpnetwk.exe] [Microsoft Corporation, 11.0.6000.6324 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
[PID: 1912 / Max][C:\Windows\system32\wbem\unsecapp.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 4340 / SYSTEM][C:\Program Files\Windows Live\Messenger\usnsvc.exe] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger]
[C:\Program Files\Windows Live\Messenger\usnsvcps.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger]
[PID: 2860 / Max][C:\Windows\system32\conime.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 4536 / SYSTEM][C:\Windows\System32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 3244 / SYSTEM][C:\Windows\system32\SearchIndexer.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 3040 / Max][C:\Windows\Explorer.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\PROGRA~1\WI4EB4~1\wmpband.dll] [Microsoft Corporation, 11.0.6000.6324 (vista_rtm.061101-2205)]
[C:\Windows\system32\sysenv.dll] [HiTRUST, 2, 5, 3021, 108]
[C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll] [Malwarebytes Corporation, 1, 1, 0, 0]
[C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll] [Nero AG, 2, 7, 2, 0]
[C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll] [Avira GmbH, 7.00.00.15]
[C:\Windows\system32\eDSshellExt.dll] [HiTRUST, 2, 5, 3024, 20]
[C:\Windows\system32\CryptoAPI.dll] [HiTRUST, 2, 2, 0, 34]
[C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[PID: 3680 / Max][C:\Windows\system32\notepad.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 5916 / Max][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.9.0.1]
[C:\Program Files\Mozilla Firefox\xul.dll] [Mozilla Foundation, 1.9.0.1]
[C:\Program Files\Mozilla Firefox\sqlite3.dll] [sqlite.org, 3.5.9]
[C:\Program Files\Mozilla Firefox\MOZCRT19.dll] [Mozilla Foundation, 8.00.0000]
[C:\Program Files\Mozilla Firefox\js3250.d

Réponse 220 / 247

maxouxd Messages postés 122 Date d'inscription lundi 18 août 2008 Statut Membre Dernière intervention 22 août 2008
21 août 2008 à 22:25

[C:\Program Files\Mozilla Firefox\xul.dll] [Mozilla Foundation, 1.9.0.1]
[C:\Program Files\Mozilla Firefox\sqlite3.dll] [sqlite.org, 3.5.9]
[C:\Program Files\Mozilla Firefox\MOZCRT19.dll] [Mozilla Foundation, 8.00.0000]
[C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0]
[C:\Program Files\Mozilla Firefox\nspr4.dll] [Mozilla Foundation, 4.7.1]
[C:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.12.0.3 Basic ECC]
[C:\Program Files\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.12.0.3 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssutil3.dll] [Mozilla Foundation, 3.12.0.3 Basic ECC]
[C:\Program Files\Mozilla Firefox\plc4.dll] [Mozilla Foundation, 4.7.1]
[C:\Program Files\Mozilla Firefox\plds4.dll] [Mozilla Foundation, 4.7.1]
[C:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.12.0.3 Basic ECC]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Mozilla Firefox\xpcom.dll] [Mozilla Foundation, 1.9.0.1]
[C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll] [Mozilla Foundation, 1.9.0.1]
[C:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.12.0.3 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssdbm3.dll] [Mozilla Foundation, 3.12.0.3 Basic ECC]
[C:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.12.0.3 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssckbi.dll] [Mozilla Foundation, 1.70]
[C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll] [Mozilla Foundation, 1.9.0.1]
[C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
[PID: 4196 / SYSTEM][C:\Windows\system32\vssvc.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 3636 / SYSTEM][C:\Windows\system32\SearchProtocolHost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL] [Microsoft Corporation, 12.0.4518.1014]
[C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Windows Live\Messenger\fsshext.9.0.1407.1107.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger]
[C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
[PID: 4276 / Max][C:\Program Files\COMODO\Firewall\cfp.exe] [N/A, ]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Windows\system32\guard32.dll] [N/A, ]
[C:\Windows\system32\cssdll32.dll] [COMODO, 1, 0, 0, 7]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 6076 / SYSTEM][C:\Windows\system32\SearchFilterHost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\system32\guard32.dll] [N/A, ]
[C:\Windows\system32\cssdll32.dll] [COMODO, 1, 0, 0, 7]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 1864 / Max][C:\Users\Max\Desktop\SREngLdr.EXE] [Smallfrogs Studio, 2.6.12.1018]
[PID: 4504 / Max][C:\Users\Max\Desktop\SRE7a302d90.EXE] [Smallfrogs Studio, 2.6.12.1018]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Users\Max\Desktop\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["%SystemRoot%\hh.exe" %1]
.HLP OK. [%SystemRoot%\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2736, C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE]

==================================
API HOOK
N/A

Virus Srosa.Sys Bagle Gen Win 32

247 réponses

Discussions similaires

Newsletters