Services qui refusent de démarrer

[microcut]

Bonjour,

 

Alors voilà mon problème qui me suit depuis maintenant 5 jours

 

Il ce trouve qu' Itunes refuse de s'installer et me dit ce message d'erreur " Echec du démarrage du service Service de l'iPod ( iPod Service ). Vérifiez que vous disposez des privilèges suffisants pour démarrer les services système."

Mon antivirus (antivirguard) lui aussi refuse de se lancer. Je suis alors dépourvu de protection anti-virus!

 

Voila, je me rend alors dans les Services et aperçoit le "Service Antivir", ce dernier étant à l'arrêt, j'essaye de le lancer et là nouveau message d'erreur: "Windows n'a pas pu démarrer le Service Avira antvir Guard... sur Ordinateur local. Erreur 5: Accès refusé.

 

J'ai d'abord pensé au virus Bagle qui bloque les protections mais aucunes traces de ce dernier même après plusieurs scan de logiciels différents, peut-être est-ce alors un bug de windows vista? Et pour ce qui est de la restauration système, il est trop tard

 

Merci d'avance pour vos réponses!

Modifié le 17 février 2009 par microcut

[pear]

Bonsoir,

 

Recherche

Télécharger OTScanIt2 de Old_Timer sur leBureau ,

b]Vous devez désactiver la protection en temps réel de votre Antivirus[/b] qui peut considérer certains composants de ce logiciel comme néfastes.

* Pour cela, faites un clic droit sur l'icône de l'antivirus en bas à droite à côté de l'horloge puis Disable Guard ou Shield ou Résident...

Double-clic sur l'archive pour dézipper le dossier et crée run dossier OTScanIt2 sur le Bureau,

Un compte disposant de droits administrateurs est nécessaire pour exécuter le programme

Fermer tous les autres programmes à l'exception du navigateur,

Ouvrez le dossier OTScanIt2 et faiste un double-clic sur le fichier OTScanIt2.exe ( sous Vista, faites un clic droit sur OTScanIt.exe et choisissez d'exécuter en tant qu'administrateur),

Sous "File Age" en haut, cliquer sur le menu déroulant et sélectionne "90 days".

Dans la sectionRootkit Searchs , choisir Yes.

 

Sous "Additional Scans" cliquersur le bouton "Extras" puis cocher la case située devant les éléments suivants afin de les sélectionner :

Reg - ColumnHandlers,

Reg - Desktop Components,

Reg - Disabled MS Config Items,

Reg - NetSvcs,

Reg - Session Manager Settings,

Reg - Shell Spawning,

Reg - Tcpip Persistent Routes

 

Ensuite, cliquez sur le bouton Run Scan dans la barre d'outils,

Laissez le programme tourner sans intervenir,

Lorsque l'analyse est terminée, le bloc-note va s'ouvrir avec le rapport d'analyse.

Cliquer sur le menu Format et vérifier que Retour automatique à la ligne n'est pas coché.

Editer le rapport, en plusieurs fois si nécessaire si un message d'erreur apparait ,et le coller sur le forum.

 

[microcut]

Tout d'abors merci pour ta réponse, voici le rapport (désolé pour la longueur, sous forme de code le message n'apparaissait pas)

 

OTScanIt2 logfile created on: 17/02/2009 19:43:32 - Run 1

OTScanIt2 by OldTimer - Version 1.0.7.1 Folder = C:\Users\Simon\Desktop\OTScanIt2

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

893,77 Mb Total Physical Memory | 360,34 Mb Available Physical Memory | 40,32% Memory free

2,00 Gb Paging File | 1,18 Gb Available in Paging File | 58,95% Paging File free

Paging file location(s): ?:\pagefile.sys;

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 145,80 Gb Total Space | 19,05 Gb Free Space | 13,07% Space Free | Partition Type: NTFS

Drive D: | 145,46 Gb Total Space | 77,63 Gb Free Space | 53,37% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: PC-DE-SIMON

Current User Name: Simon

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 90 Days

 

[Processes - Safe List]

applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.)

ati2evxx.exe -> %SystemRoot%\System32\Ati2evxx.exe -> [2007/08/22 02:54:26 | 00,610,304 | ---- | M] (ATI Technologies Inc.)

ati2evxx.exe -> %SystemRoot%\System32\Ati2evxx.exe -> [2007/08/22 02:54:26 | 00,610,304 | ---- | M] (ATI Technologies Inc.)

avgnt.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> [2008/06/12 13:28:40 | 00,266,497 | ---- | M] (Avira GmbH)

btdna.exe -> %ProgramFiles%\DNA\btdna.exe -> [2009/01/02 22:02:49 | 00,342,848 | ---- | M] (BitTorrent, Inc.)

conime.exe -> %SystemRoot%\System32\conime.exe -> [2008/01/19 08:33:04 | 00,069,120 | ---- | M] (Microsoft Corporation)

dwm.exe -> %SystemRoot%\System32\dwm.exe -> [2008/01/19 08:33:08 | 00,081,920 | ---- | M] (Microsoft Corporation)

edsservice.exe -> %SystemDrive%\Acer\Empowering Technology\eDataSecurity\eDSService.exe -> [2007/02/06 23:04:26 | 00,457,512 | ---- | M] (HiTRSUT)

ehmsas.exe -> %SystemRoot%\ehome\ehmsas.exe -> [2008/01/19 08:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation)

ehtray.exe -> %SystemRoot%\ehome\ehtray.exe -> [2008/01/19 08:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation)

erecoveryservice.exe -> %SystemDrive%\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -> [2006/12/14 14:38:46 | 00,049,152 | ---- | M] (Acer Inc.)

firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2009/02/07 07:09:18 | 00,307,704 | ---- | M] (Mozilla Corporation)

infocard.exe -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/06/20 02:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation)

isuspm.exe -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> [2006/03/21 01:34:50 | 00,213,936 | ---- | M] (Macrovision Corporation)

lsm.exe -> %SystemRoot%\System32\lsm.exe -> [2008/01/19 08:33:14 | 00,229,888 | ---- | M] (Microsoft Corporation)

lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2006/10/19 13:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company)

lxcccoms.exe -> %SystemRoot%\System32\lxcccoms.exe -> [2007/03/26 06:49:26 | 00,537,520 | ---- | M] ( )

memcheck.exe -> %SystemDrive%\Acer\Empowering Technology\ePerformance\MemCheck.exe -> [2006/12/18 12:27:12 | 00,024,576 | ---- | M] ()

mobsync.exe -> %SystemRoot%\System32\mobsync.exe -> [2008/01/19 08:33:15 | 00,095,744 | ---- | M] (Microsoft Corporation)

msascui.exe -> %ProgramFiles%\Windows Defender\MSASCui.exe -> [2008/01/19 08:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation)

otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/01/26 12:13:22 | 00,485,376 | ---- | M] (OldTimer Tools)

pnkbstra.exe -> %SystemRoot%\System32\PnkBstrA.exe -> [2007/10/07 07:33:15 | 00,066,872 | ---- | M] ()

rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> [2006/11/09 03:57:00 | 03,784,704 | ---- | M] (Realtek Semiconductor)

searchindexer.exe -> %SystemRoot%\System32\SearchIndexer.exe -> [2008/05/27 06:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation)

sidebar.exe -> %ProgramFiles%\Windows Sidebar\sidebar.exe -> [2008/01/19 08:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation)

slsvc.exe -> %SystemRoot%\System32\SLsvc.exe -> [2008/01/19 08:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation)

taskeng.exe -> %SystemRoot%\System32\taskeng.exe -> [2008/01/19 08:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation)

taskeng.exe -> %SystemRoot%\System32\taskeng.exe -> [2008/01/19 08:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation)

unsecapp.exe -> %SystemRoot%\System32\wbem\unsecapp.exe -> [2008/01/19 08:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation)

wininit.exe -> %SystemRoot%\System32\wininit.exe -> [2008/01/19 08:33:37 | 00,096,768 | ---- | M] (Microsoft Corporation)

wmiprvse.exe -> %SystemRoot%\System32\wbem\WmiPrvSE.exe -> [2008/01/19 08:33:39 | 00,245,248 | ---- | M] (Microsoft Corporation)

wudfhost.exe -> %SystemRoot%\System32\WUDFHost.exe -> [2008/01/19 08:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation)

 

[Win32 Services - Safe List]

(AcerMemUsageCheckService) ePerformance Service [Win32_Own | Auto | Running] -> %SystemDrive%\Acer\Empowering Technology\ePerformance\MemCheck.exe -> [2006/12/18 12:27:12 | 00,024,576 | ---- | M] ()

(AeLookupSvc) Expérience d’application [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\aelupsvc.dll -> [2006/11/02 10:46:02 | 00,024,576 | ---- | M] (Microsoft Corporation)

(AntiVirScheduler) Planificateur Avira AntiVir Personal - Free Antivirus [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> [2008/10/15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH)

(AntiVirService) Avira AntiVir Personal - Free Antivirus Guard [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> [2008/10/15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH)

(Appinfo) Informations d'application [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\appinfo.dll -> [2008/01/19 08:33:43 | 00,033,280 | ---- | M] (Microsoft Corporation)

(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.)

(Ati External Event Utility) Ati External Event Utility [Win32_Own | Auto | Running] -> %SystemRoot%\System32\Ati2evxx.exe -> [2007/08/22 02:54:26 | 00,610,304 | ---- | M] (ATI Technologies Inc.)

(BFE) Moteur de filtrage de base [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\BFE.DLL -> [2008/01/19 08:33:47 | 00,328,704 | ---- | M] (Microsoft Corporation)

(Bonjour Service) Service Bonjour [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.)

(CertPropSvc) Propagation du certificat [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\certprop.dll -> [2008/01/19 08:33:51 | 00,040,448 | ---- | M] (Microsoft Corporation)

(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/27 19:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation)

(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Stopped] -> -> File not found

(DFSR) Réplication DFS [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\dfsr.exe -> [2008/01/19 08:33:06 | 02,091,520 | ---- | M] (Microsoft Corporation)

(DPS) Service de stratégie de diagnostic [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\dps.dll -> [2008/01/19 08:34:06 | 00,134,656 | ---- | M] (Microsoft Corporation)

(eDataSecurity Service) eDSService.exe [Win32_Own | Auto | Running] -> %SystemDrive%\Acer\Empowering Technology\eDataSecurity\eDSService.exe -> [2007/02/06 23:04:26 | 00,457,512 | ---- | M] (HiTRSUT)

(ehRecvr) Service de réception Windows Media Center [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\ehome\ehrecvr.exe -> [2008/01/19 08:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation)

(ehSched) Service de planification Windows Media Center [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\ehome\ehsched.exe -> [2006/11/02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation)

(ehstart) Lanceur des services Windows Media Center [Win32_Shared | Auto | Stopped] -> %SystemRoot%\ehome\ehstart.dll -> [2006/11/02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation)

(EMDMgmt) Service ReadyBoost [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\emdmgmt.dll -> [2008/06/26 04:29:02 | 00,565,248 | ---- | M] (Microsoft Corporation)

(eRecoveryService) eRecovery Service [Win32_Own | Auto | Running] -> %SystemDrive%\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -> [2006/12/14 14:38:46 | 00,049,152 | ---- | M] (Acer Inc.)

(fdPHost) Hôte du fournisseur de découverte de fonctions [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\fdPHost.dll -> [2008/01/19 08:34:21 | 00,013,312 | ---- | M] (Microsoft Corporation)

(FDResPub) Publication des ressources de découverte de fonctions [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\FDResPub.dll -> [2006/11/02 10:46:04 | 00,027,648 | ---- | M] (Microsoft Corporation)

(FontCache3.0.0.0) Cache de police de Windows Presentation Foundation 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/06/20 02:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation)

(gpsvc) Client de stratégie de groupe [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\gpsvc.dll -> [2008/01/19 08:34:25 | 00,574,464 | ---- | M] (Microsoft Corporation)

(gusvc) Google Updater Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008/10/22 14:14:56 | 00,168,432 | ---- | M] (Google)

(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)

(idsvc) Windows CardSpace [Win32_Shared | Unknown | Running] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/06/20 02:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation)

(IKEEXT) Modules de génération de clés IKE et AuthIP [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\IKEEXT.DLL -> [2008/01/19 08:34:32 | 00,438,272 | ---- | M] (Microsoft Corporation)

(IPBusEnum) Énumérateur de bus IP PnP-X [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\IPBusEnum.dll -> [2008/01/19 08:34:34 | 00,074,240 | ---- | M] (Microsoft Corporation)

(iphlpsvc) Assistance IP [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\iphlpsvc.dll -> [2008/01/19 08:34:34 | 00,188,416 | ---- | M] (Microsoft Corporation)

(KtmRm) Service KtmRm pour Distributed Transaction Coordinator [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\msdtckrm.dll -> [2008/01/19 08:34:56 | 00,344,576 | ---- | M] (Microsoft Corporation)

(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2006/10/19 13:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company)

(lltdsvc) Mappage de découverte de topologie de la couche de liaison [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\lltdsvc.dll -> [2008/01/19 08:34:42 | 00,188,928 | ---- | M] (Microsoft Corporation)

(lxcc_device) lxcc_device [Win32_Own | Auto | Running] -> %SystemRoot%\System32\lxcccoms.exe -> [2007/03/26 06:49:26 | 00,537,520 | ---- | M] ( )

(Mcx2Svc) Service Windows Media Center Extender [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\System32\Mcx2Svc.dll -> [2008/01/19 08:34:44 | 00,053,760 | ---- | M] (Microsoft Corporation)

(MMCSS) Planificateur de classes multimédias [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\mmcss.dll -> [2008/01/19 08:34:49 | 00,045,056 | ---- | M] (Microsoft Corporation)

(MpsSvc) Pare-feu Windows [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\MPSSVC.dll -> [2008/01/19 08:34:53 | 00,393,216 | ---- | M] (Microsoft Corporation)

(MSiSCSI) Service Initiateur iSCSI de Microsoft [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\iscsiexe.dll -> [2008/01/19 08:34:35 | 00,111,616 | ---- | M] (Microsoft Corporation)

(netprofm) Service Liste des réseaux [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\netprofm.dll -> [2008/01/19 08:35:36 | 00,237,056 | ---- | M] (Microsoft Corporation)

(NetTcpPortSharing) Service de partage de ports Net.Tcp [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/06/20 02:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation)

(NlaSvc) Connaissance des emplacements réseau [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\nlasvc.dll -> [2008/01/19 08:35:38 | 00,168,448 | ---- | M] (Microsoft Corporation)

(nsi) Service Interface du magasin réseau [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\nsisvc.dll -> [2008/01/19 08:35:57 | 00,018,432 | ---- | M] (Microsoft Corporation)

(p2pimsvc) Gestionnaire d'identité réseau homologue [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\p2psvc.dll -> [2008/01/19 08:36:09 | 00,658,944 | ---- | M] (Microsoft Corporation)

(p2psvc) Groupement de mise en réseau de pairs [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\p2psvc.dll -> [2008/01/19 08:36:09 | 00,658,944 | ---- | M] (Microsoft Corporation)

(PcaSvc) Service de l’Assistant Compatibilité des programmes [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\pcasvc.dll -> [2008/01/19 08:36:03 | 00,037,888 | ---- | M] (Microsoft Corporation)

(pla) Journaux & alertes de performance [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\pla.dll -> [2008/01/19 08:36:06 | 01,502,208 | ---- | M] (Microsoft Corporation)

(PlugPlay) Plug-and-Play [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\umpnpmgr.dll -> [2008/01/19 08:36:45 | 00,221,696 | ---- | M] (Microsoft Corporation)

(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\System32\PnkBstrA.exe -> [2007/10/07 07:33:15 | 00,066,872 | ---- | M] ()

(PNRPAutoReg) Service de publication des noms d’ordinateurs PNRP [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\p2psvc.dll -> [2008/01/19 08:36:09 | 00,658,944 | ---- | M] (Microsoft Corporation)

(PNRPsvc) Protocole de résolution de noms d'homologues [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\p2psvc.dll -> [2008/01/19 08:36:09 | 00,658,944 | ---- | M] (Microsoft Corporation)

(PolicyAgent) Agent de stratégie IPsec [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\IPSECSVC.DLL -> [2008/06/19 04:31:48 | 00,361,984 | ---- | M] (Microsoft Corporation)

(ProfSvc) Service de profil utilisateur [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\profsvc.dll -> [2008/01/19 08:36:11 | 00,153,600 | ---- | M] (Microsoft Corporation)

(QWAVE) Expérience audio-vidéo haute qualité Windows [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\qwave.dll -> [2008/01/19 08:36:14 | 00,243,712 | ---- | M] (Microsoft Corporation)

(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Stopped] -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [2005/01/21 12:37:16 | 00,143,360 | ---- | M] ()

(SCardSvr) Carte à puce [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\SCardSvr.dll -> [2008/01/19 08:36:19 | 00,095,232 | ---- | M] (Microsoft Corporation)

(SCPolicySvc) Stratégie de retrait de la carte à puce [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\certprop.dll -> [2008/01/19 08:33:51 | 00,040,448 | ---- | M] (Microsoft Corporation)

(SDRSVC) Sauvegarde Windows [Win32_Own | On_Demand | Running] -> %SystemRoot%\System32\sdrsvc.dll -> [2008/01/19 08:36:20 | 00,104,960 | ---- | M] (Microsoft Corporation)

(SessionEnv) Configuration des services Terminal Server [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\SessEnv.dll -> [2008/01/19 08:36:21 | 00,084,992 | ---- | M] (Microsoft Corporation)

(slsvc) Licence du logiciel [Win32_Own | Auto | Running] -> %SystemRoot%\System32\SLsvc.exe -> [2008/01/19 08:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation)

(SLUINotify) Service de notification de l’interface utilisateur SL [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\SLUINotify.dll -> [2008/01/19 08:36:30 | 00,057,856 | ---- | M] (Microsoft Corporation)

(SNMPTRAP) Interruption SNMP [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\snmptrap.exe -> [2006/11/02 10:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation)

(SstpSvc) Service SSTP (Secure Socket Tunneling Protocol) [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\sstpsvc.dll -> [2008/01/19 08:36:36 | 00,116,736 | ---- | M] (Microsoft Corporation)

(Steam Client Service) Steam Client Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Steam\SteamService.exe -> [2009/02/11 18:43:29 | 00,316,664 | ---- | M] (Valve Corporation)

(swprv) Fournisseur de cliché instantané de logiciel Microsoft [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\swprv.dll -> [2008/01/19 08:36:37 | 00,310,784 | ---- | M] (Microsoft Corporation)

(SysMain) Superfetch [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\sysmain.dll -> [2008/01/19 08:36:38 | 00,574,976 | ---- | M] (Microsoft Corporation)

(TabletInputService) Service Panneau de saisie Tablet PC [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\TabSvc.dll -> [2006/11/02 13:35:24 | 00,068,096 | ---- | M] (Microsoft Corporation)

(TBS) Services de base de module de plateforme sécurisée [Win32_Shared | Auto | Stopped] -> %SystemRoot%\System32\tbssvc.dll -> [2008/01/19 08:36:39 | 00,056,320 | ---- | M] (Microsoft Corporation)

(THREADORDER) Serveur de priorités des threads [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\mmcss.dll -> [2008/01/19 08:34:49 | 00,045,056 | ---- | M] (Microsoft Corporation)

(TrustedInstaller) Programme d’installation de modules Windows [Win32_Own | Unknown | Stopped] -> %SystemRoot%\servicing\TrustedInstaller.exe -> [2008/01/19 08:33:33 | 00,039,424 | ---- | M] (Microsoft Corporation)

(UI0Detect) Détection de services interactifs [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\UI0Detect.exe -> [2008/01/19 08:33:33 | 00,035,840 | ---- | M] (Microsoft Corporation)

(UxSms) Gestionnaire de sessions du Gestionnaire de fenêtrage [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\uxsms.dll -> [2008/01/19 08:36:47 | 00,028,672 | ---- | M] (Microsoft Corporation)

(vds) Disque virtuel [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\vds.exe -> [2008/01/19 08:33:33 | 00,382,976 | ---- | M] (Microsoft Corporation)

(wcncsvc) Windows Connect Now - Registre de configuration [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\wcncsvc.dll -> [2008/01/19 08:36:49 | 00,412,672 | ---- | M] (Microsoft Corporation)

(WcsPlugInService) Système de couleurs Windows [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\WcsPlugInService.dll -> [2006/11/02 10:46:13 | 00,032,256 | ---- | M] (Microsoft Corporation)

(WdiServiceHost) Service hôte WDIServiceHost [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\wdi.dll -> [2008/01/19 08:36:50 | 00,073,728 | ---- | M] (Microsoft Corporation)

(WdiSystemHost) Hôte système de diagnostics [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\wdi.dll -> [2008/01/19 08:36:50 | 00,073,728 | ---- | M] (Microsoft Corporation)

(Wecsvc) Collecteur d'événements de Windows [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\wecsvc.dll -> [2008/01/19 08:36:52 | 00,145,408 | ---- | M] (Microsoft Corporation)

(wercplsupport) Prise en charge de l’application Rapports et solutions aux problèmes du Panneau de configuration [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\wercplsupport.dll -> [2008/01/19 08:36:52 | 00,062,976 | ---- | M] (Microsoft Corporation)

(WerSvc) Service de rapport d'erreurs Windows [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\wersvc.dll -> [2008/09/18 05:56:07 | 00,125,952 | ---- | M] (Microsoft Corporation)

(WinDefend) Windows Defender [Win32_Shared | Auto | Running] -> %ProgramFiles%\Windows Defender\MpSvc.dll -> [2008/01/19 08:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation)

(WinHttpAutoProxySvc) Service de découverte automatique de Proxy Web pour les services HTTP Windows [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\winhttp.dll -> [2008/01/19 08:36:55 | 00,376,832 | ---- | M] (Microsoft Corporation)

(WinRM) Gestion à distance de Windows (Gestion WSM) [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\WsmSvc.dll -> [2008/01/19 08:37:11 | 00,745,472 | ---- | M] (Microsoft Corporation)

(Wlansvc) Service de configuration automatique WLAN [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\wlansvc.dll -> [2008/01/19 08:36:57 | 00,513,536 | ---- | M] (Microsoft Corporation)

(WMPNetworkSvc) Service Partage réseau du Lecteur Windows Media [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2008/01/19 08:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation)

(WPCSvc) Contrôle parental [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\wpcsvc.dll -> [2008/01/19 08:37:08 | 00,140,288 | ---- | M] (Microsoft Corporation)

(WPDBusEnum) Service Énumérateur d’appareil mobile [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\wpdbusenum.dll -> [2008/01/19 08:37:08 | 00,070,144 | ---- | M] (Microsoft Corporation)

(WSearch) Windows Search [Win32_Own | Auto | Running] -> %SystemRoot%\System32\SearchIndexer.exe -> [2008/05/27 06:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation)

(wuauserv) Windows Update [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\wuaueng.dll -> [2008/10/16 22:13:38 | 01,809,944 | ---- | M] (Microsoft Corporation)

(wudfsvc) Windows Driver Foundation - Infrastructure de pilote mode-utilisateur [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\WUDFSvc.dll -> [2008/01/19 08:37:12 | 00,055,296 | ---- | M] (Microsoft Corporation)

 

[Driver Services - Safe List]

(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adp94xx.sys -> [2006/11/02 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.)

(adpahci) adpahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpahci.sys -> [2006/11/02 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.)

(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu160m.sys -> [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.)

(adpu320) adpu320 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu320.sys -> [2006/11/02 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.)

(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\djsvs.sys -> [2006/11/02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.)

(aliide) aliide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\aliide.sys -> [2006/11/02 10:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.)

(amdagp) AMD AGP Bus Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\AMDAGP.SYS -> [2006/11/02 10:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation)

(amdide) amdide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\amdide.sys -> [2006/11/02 10:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation)

(AmdK7) AMD K7 Processor Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\amdk7.sys -> [2006/11/02 09:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation)

(AmdK8) AMD K8 Processor Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\amdk8.sys -> [2006/11/02 09:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation)

(arc) arc [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arc.sys -> [2006/11/02 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.)

(arcsas) arcsas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arcsas.sys -> [2006/11/02 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.)

(atikmdag) atikmdag [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\atikmdag.sys -> [2007/08/22 03:08:30 | 03,076,608 | ---- | M] (ATI Technologies Inc.)

(AtiPcie) ATI PCI Express (3GIO) Filter [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\AtiPcie.sys -> [2006/10/30 16:22:26 | 00,008,192 | ---- | M] (ATI Technologies Inc.)

(avgio) avgio [Kernel | System | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgio.sys -> [2007/02/27 14:24:55 | 00,011,840 | ---- | M] (Avira GmbH)

(avgntflt) avgntflt [File_System | On_Demand | Stopped] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -> [2008/05/20 15:29:43 | 00,052,032 | ---- | M] (Avira GmbH)

(avipbb) avipbb [Kernel | System | Running] -> %SystemRoot%\System32\drivers\avipbb.sys -> [2008/10/30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH)

(bowser) bowser [File_System | On_Demand | Running] -> %SystemRoot%\System32\drivers\bowser.sys -> [2008/01/19 06:28:26 | 00,069,632 | ---- | M] (Microsoft Corporation)

(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltLo.sys -> [2006/11/02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.)

(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltUp.sys -> [2006/11/02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.)

(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerId.sys -> [2006/11/02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.)

(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerWdm.sys -> [2006/11/02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.)

(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrUsbMdm.sys -> [2006/11/02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.)

(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrUsbSer.sys -> [2006/11/02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.)

(BTHMODEM) Bluetooth Serial Communications Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\bthmodem.sys -> [2006/11/02 09:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation)

(circlass) Consumer IR Devices [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\circlass.sys -> [2006/11/02 09:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation)

(CLFS) Common Log (CLFS) [Kernel | Unknown | Running] -> %SystemRoot%\System32\clfs.sys -> [2008/01/19 08:42:58 | 00,247,352 | ---- | M] (Microsoft Corporation)

(cmdide) cmdide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\cmdide.sys -> [2006/11/02 10:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.)

(crcdisk) Crcdisk Filter Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\crcdisk.sys -> [2006/11/02 10:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation)

(Crusoe) Transmeta Crusoe Processor Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\crusoe.sys -> [2006/11/02 09:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation)

(DfsC) DFS Namespace Client Driver [File_System | System | Running] -> %SystemRoot%\System32\drivers\dfsc.sys -> [2008/01/19 06:28:20 | 00,075,264 | ---- | M] (Microsoft Corporation)

(DXGKrnl) LDDM Graphics Subsystem [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\dxgkrnl.sys -> [2008/08/02 02:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation)

(E1G60) Intel® PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\E1G60I32.sys -> [2006/11/02 08:30:54 | 00,117,760 | ---- | M] (Intel Corporation)

(Ecache) ReadyBoost Caching Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\ecache.sys -> [2008/01/19 08:42:11 | 00,143,416 | ---- | M] (Microsoft Corporation)

(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> [2007/10/16 10:20:06 | 00,395,312 | ---- | M] (Symantec Corporation)

(elxstor) elxstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\elxstor.sys -> [2006/11/02 10:51:34 | 00,316,520 | ---- | M] (Emulex)

(exfat) exFAT File System Driver [File_System | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\exfat.sys -> [2008/01/19 06:28:01 | 00,136,192 | ---- | M] (Microsoft Corporation)

(FileInfo) File Information FS MiniFilter [File_System | Boot | Running] -> %SystemRoot%\System32\drivers\fileinfo.sys -> [2008/01/19 08:42:31 | 00,058,936 | ---- | M] (Microsoft Corporation)

(Filetrace) Filetrace [File_System | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\filetrace.sys -> [2008/01/19 06:30:23 | 00,027,648 | ---- | M] (Microsoft Corporation)

(gagp30kx) Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\GAGP30KX.SYS -> [2006/11/02 10:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation)

(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\GEARAspiWDM.sys -> [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.)

(hamachi) Hamachi Network Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\hamachi.sys -> [2009/01/18 14:03:58 | 00,025,280 | ---- | M] (LogMeIn, Inc.)

(HdAudAddService) Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\HdAudio.sys -> [2006/11/02 08:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation)

(HDAudBus) Pilote de bus UAA Microsoft pour High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\hdaudbus.sys -> [2008/01/19 05:30:49 | 00,053,760 | ---- | M] (Microsoft Corporation)

(HidBth) Microsoft Bluetooth HID Miniport [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\hidbth.sys -> [2006/11/02 09:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation)

(HidIr) Microsoft Infrared HID Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\hidir.sys -> [2006/11/02 09:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation)

(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\HpCISSs.sys -> [2006/11/02 10:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company)

(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iaStorV.sys -> [2006/11/02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation)

(iirsp) iirsp [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iirsp.sys -> [2006/11/02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)

(int15) int15 [Kernel | Auto | Running] -> %SystemDrive%\Acer\Empowering Technology\eRecovery\int15.sys -> [2006/12/07 17:12:02 | 00,076,584 | ---- | M] ()

(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\RTKVHDA.sys -> [2006/11/08 12:09:00 | 01,647,976 | ---- | M] (Realtek Semiconductor Corp.)

(IPMIDRV) IPMIDRV [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\IPMIDrv.sys -> [2006/11/02 09:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation)

(iScsiPrt) Pilote iScsiPort [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\msiscsi.sys -> [2008/01/19 08:42:35 | 00,181,304 | ---- | M] (Microsoft Corporation)

(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteatapi.sys -> [2006/11/02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)

(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteraid.sys -> [2006/11/02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)

(kbdhid) Keyboard HID Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\kbdhid.sys -> [2006/11/02 09:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation)

(Lbd) Lbd [File_System | Boot | Running] -> %SystemRoot%\System32\drivers\Lbd.sys -> [2009/01/19 15:35:20 | 00,064,160 | ---- | M] (Lavasoft AB)

(lltdio) Pilote d’E/S du mappage de découverte de topologie de la couche de liaison [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\lltdio.sys -> [2008/01/19 06:55:03 | 00,047,104 | ---- | M] (Microsoft Corporation)

(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_fc.sys -> [2006/11/02 10:50:04 | 00,065,640 | ---- | M] (LSI Logic)

(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_sas.sys -> [2006/11/02 10:50:05 | 00,065,640 | ---- | M] (LSI Logic)

(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_scsi.sys -> [2006/11/02 10:50:10 | 00,065,640 | ---- | M] (LSI Logic)

(luafv) UAC File Virtualization [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\luafv.sys -> [2008/01/19 06:30:36 | 00,084,480 | ---- | M] (Microsoft Corporation)

(megasas) megasas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\megasas.sys -> [2006/11/02 10:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation)

(monitor) Service Pilote de fonction de classe Moniteur Microsoft [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\monitor.sys -> [2008/01/19 06:52:19 | 00,041,984 | ---- | M] (Microsoft Corporation)

(mpio) Microsoft Multi-Path Bus Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\mpio.sys -> [2006/11/02 10:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation)

(mpsdrv) Pilote d’autorisation du Pare-feu Windows [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\mpsdrv.sys -> [2008/01/19 06:54:46 | 00,064,000 | ---- | M] (Microsoft Corporation)

(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\Mraid35x.sys -> [2006/11/02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation)

(mrxsmb10) SMB 1.x MiniRedirector [File_System | On_Demand | Running] -> %SystemRoot%\System32\drivers\mrxsmb10.sys -> [2008/08/27 02:05:41 | 00,212,480 | ---- | M] (Microsoft Corporation)

(mrxsmb20) SMB 2.0 MiniRedirector [File_System | On_Demand | Running] -> %SystemRoot%\System32\drivers\mrxsmb20.sys -> [2008/01/19 06:28:37 | 00,078,848 | ---- | M] (Microsoft Corporation)

(msahci) msahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\msahci.sys -> [2006/11/02 10:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation)

(msdsm) Microsoft Multi-Path Device Specific Module [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\msdsm.sys -> [2006/11/02 10:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation)

(msisadrv) Pilote de classe ISA/EISA [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\msisadrv.sys -> [2008/01/19 08:41:14 | 00,016,440 | ---- | M] (Microsoft Corporation)

(MsRPC) MsRPC [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\msrpc.sys -> [2008/01/19 08:42:29 | 00,163,384 | ---- | M] (Microsoft Corporation)

(NativeWifiP) Filtre NativeWiFi [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\nwifi.sys -> [2008/05/20 03:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation)

(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nfrd960.sys -> [2006/11/02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation)

(nsiproxy) NSI proxy service [Kernel | System | Running] -> %SystemRoot%\System32\drivers\nsiproxy.sys -> [2008/01/19 06:55:50 | 00,016,384 | ---- | M] (Microsoft Corporation)

(NTIDrvr) Upper Class Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\NTIDrvr.sys -> [2006/12/13 10:34:05 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.)

(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ntrigdigi.sys -> [2006/11/02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies)

(nvraid) nvraid [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvraid.sys -> [2006/11/02 10:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation)

(nvstor) nvstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvstor.sys -> [2006/11/02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation)

(nv_agp) NVIDIA nForce AGP Bus Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\NV_AGP.SYS -> [2006/11/02 10:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation)

(pavboot) pavboot [File_System | Boot | Running] -> %SystemRoot%\System32\drivers\pavboot.sys -> [2008/06/19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.)

(pcouffin) VSO Software pcouffin [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\pcouffin.sys -> [2007/06/25 09:44:02 | 00,047,360 | ---- | M] (VSO Software)

(PEAUTH) PEAUTH [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\PEAuth.sys -> [2006/11/02 10:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation)

(PSched) Planificateur de paquets QoS [Kernel | System | Running] -> %SystemRoot%\System32\drivers\pacer.sys -> [2008/04/05 02:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation)

(PSDFilter) PSDFilter [File_System | Boot | Running] -> %SystemRoot%\System32\drivers\psdfilter.sys -> [2007/02/06 23:04:48 | 00,020,264 | ---- | M] (HiTRUST)

(PSDNServ) PSDNSERVER [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\PSDNServ.sys -> [2007/02/06 23:04:54 | 00,016,680 | ---- | M] (HiTRUST)

(psdvdisk) psdvdisk [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\psdvdisk.sys -> [2007/02/06 23:04:50 | 00,060,712 | ---- | M] (HiTRUST)

(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\PxHelp20.sys -> [2006/10/18 01:00:00 | 00,036,624 | ---- | M] (Sonic Solutions)

(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql2300.sys -> [2006/11/02 10:51:45 | 00,900,712 | ---- | M] (QLogic Corporation)

(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql40xx.sys -> [2006/11/02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation)

(QWAVEdrv) Pilote QWAVE [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\qwavedrv.sys -> [2008/01/19 06:56:07 | 00,031,232 | ---- | M] (Microsoft Corporation)

(R300) R300 [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\atikmdag.sys -> [2007/08/22 03:08:30 | 03,076,608 | ---- | M] (ATI Technologies Inc.)

(RasSstp) Miniport réseau étendu WAN (SSTP) [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\rassstp.sys -> [2008/01/19 06:56:43 | 00,069,120 | ---- | M] (Microsoft Corporation)

(RDPENCDD) RDP Encoder Mirror Driver [Kernel | System | Running] -> %SystemRoot%\System32\drivers\RDPENCDD.sys -> [2008/01/19 07:01:09 | 00,006,144 | ---- | M] (Microsoft Corporation)

(rspndr) Répondeur de découverte de topologie de la couche de liaison [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\rspndr.sys -> [2008/01/19 06:55:03 | 00,060,416 | ---- | M] (Microsoft Corporation)

(sbp2port) SBP-2 Transport/Protocol Bus Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sbp2port.sys -> [2006/11/02 10:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation)

(se59bus) Sony Ericsson Device 089 driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\se59bus.sys -> [2006/09/05 19:07:00 | 00,061,536 | ---- | M] (MCCI)

(sermouse) Serial Mouse Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sermouse.sys -> [2008/01/19 06:49:16 | 00,019,968 | ---- | M] (Microsoft Corporation)

(sfdrv01) StarForce Protection Environment Driver (version 1.x) [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\sfdrv01.sys -> [2006/07/05 13:39:29 | 00,059,256 | ---- | M] (Protection Technology (StarForce))

(sffdisk) SFF Storage Class Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sffdisk.sys -> [2006/11/02 09:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation)

(sffp_mmc) SFF Storage Protocol Driver for MMC [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\sffp_mmc.sys -> [2006/11/02 09:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation)

(sffp_sd) SFF Storage Protocol Driver for SDBus [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\sffp_sd.sys -> [2006/11/02 09:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation)

(sfhlp02) StarForce Protection Helper Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\sfhlp02.sys -> [2006/06/14 15:56:56 | 00,013,680 | ---- | M] (Protection Technology (StarForce))

(sfsync02) StarForce Protection Synchronization Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\sfsync02.sys -> [2005/08/10 15:06:28 | 00,019,968 | ---- | M] (Protection Technology)

(sfvfs02) StarForce Protection VFS Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\sfvfs02.sys -> [2007/01/12 19:09:53 | 00,082,296 | ---- | M] (Protection Technology (StarForce))

(sisagp) SIS AGP Bus Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\SISAGP.SYS -> [2006/11/02 10:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation)

(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid2.sys -> [2006/11/02 10:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.)

(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid4.sys -> [2006/11/02 10:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems)

(Smb) Protocoles TCP/IP et TCP/IPv6 orienté messages (session SMB) [Kernel | System | Running] -> %SystemRoot%\System32\drivers\smb.sys -> [2008/01/19 06:55:27 | 00,066,560 | ---- | M] (Microsoft Corporation)

(spldr) Security Processor Loader Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\spldr.sys -> [2008/01/19 08:41:30 | 00,021,048 | ---- | M] (Microsoft Corporation)

(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\sptd.sys -> [2007/11/03 10:33:21 | 00,685,816 | ---- | M] ()

(srv2) srv2 [File_System | On_Demand | Running] -> %SystemRoot%\System32\drivers\srv2.sys -> [2008/01/19 06:29:15 | 00,144,384 | ---- | M] (Microsoft Corporation)

(srvnet) srvnet [File_System | On_Demand | Running] -> %SystemRoot%\System32\drivers\srvnet.sys -> [2008/01/19 06:29:12 | 00,098,304 | ---- | M] (Microsoft Corporation)

(ssmdrv) ssmdrv [Kernel | System | Running] -> %SystemRoot%\System32\drivers\ssmdrv.sys -> [2007/11/08 18:03:26 | 00,021,248 | ---- | M] (AVIRA GmbH)

(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\symc8xx.sys -> [2006/11/02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic)

(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_hi.sys -> [2006/11/02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic)

(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_u3.sys -> [2006/11/02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic)

(tcpipreg) TCP/IP Registry Compatibility [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\tcpipreg.sys -> [2008/01/19 06:56:07 | 00,030,208 | ---- | M] (Microsoft Corporation)

(tdx) Pilote de prise en charge TDI héritée NetIO [Kernel | System | Running] -> %SystemRoot%\System32\drivers\tdx.sys -> [2008/01/19 06:55:58 | 00,071,680 | ---- | M] (Microsoft Corporation)

(tssecsrv) Terminal Services Security Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\tssecsrv.sys -> [2008/01/19 07:01:15 | 00,023,552 | ---- | M] (Microsoft Corporation)

(tunmp) Pilote de carte miniport Microsoft Tun [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\TUNMP.SYS -> [2008/01/19 06:55:41 | 00,015,360 | ---- | M] (Microsoft Corporation)

(tunnel) Pilote de carte miniport Microsoft IPv6 Tunnel [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\tunnel.sys -> [2008/01/19 06:55:50 | 00,023,040 | ---- | M] (Microsoft Corporation)

(uagp35) Microsoft AGPv3.5 Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\UAGP35.SYS -> [2006/11/02 10:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation)

(UBHelper) UBHelper [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\UBHelper.sys -> [2006/08/29 03:30:04 | 00,013,952 | ---- | M] ()

(uliagpkx) Uli AGP Bus Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\ULIAGPKX.SYS -> [2006/11/02 10:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation)

(uliahci) uliahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\uliahci.sys -> [2006/11/02 10:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.)

(UlSata) UlSata [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata.sys -> [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.)

(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata2.sys -> [2006/11/02 10:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.)

(umbus) Pilote d’énumérateur UMBus [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\umbus.sys -> [2008/01/19 06:53:40 | 00,034,816 | ---- | M] (Microsoft Corporation)

(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\usbaapl.sys -> [2008/10/01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.)

(usbcir) eHome Infrared Receiver (USBCIR) [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\usbcir.sys -> [2006/11/02 09:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation)

(vga) vga [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\vgapnp.sys -> [2006/11/02 09:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation)

(ViaC7) VIA C7 Processor Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\viac7.sys -> [2006/11/02 09:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation)

(viaide) viaide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\viaide.sys -> [2006/11/02 10:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.)

(volmgr) Pilote du Gestionnaire de volume [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\volmgr.sys -> [2008/01/19 08:42:18 | 00,052,792 | ---- | M] (Microsoft Corporation)

(volmgrx) Dynamic Volume Manager [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\volmgrx.sys -> [2008/01/19 08:43:03 | 00,294,456 | ---- | M] (Microsoft Corporation)

(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\vsmraid.sys -> [2006/11/02 10:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd)

(WacomPen) Wacom Serial Pen HID Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\wacompen.sys -> [2006/11/02 09:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation)

(Wd) Microsoft Watchdog Timer Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\wd.sys -> [2006/11/02 10:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation)

(Wdf01000) Kernel Mode Driver Frameworks service [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\Wdf01000.sys -> [2008/01/19 08:43:27 | 00,503,864 | ---- | M] (Microsoft Corporation)

(WmiAcpi) Microsoft Windows Management Interface for ACPI [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\wmiacpi.sys -> [2006/11/02 09:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation)

(ws2ifsl) Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ws2ifsl.sys -> [2008/01/19 06:56:49 | 00,015,872 | ---- | M] (Microsoft Corporation)

(yukonwlh) NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\yk60x86.sys -> [2007/12/06 09:51:00 | 00,298,496 | ---- | M] (Marvell)

 

[Registry - Safe List]

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->

HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://fr.fr.acer.yahoo.com ->

HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->

HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> ->

HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->

HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->

HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->

HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->

HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.msn.com/ ->

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->

HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\Windows\system32\blank.htm ->

HKEY_CURRENT_USER\: Main\\"SEARCH PAGE" -> http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com ->

HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search ->

HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7 ->

HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.fr/ ->

HKEY_CURRENT_USER\: Main\\"StartPageCache" -> ->

HKEY_CURRENT_USER\: SearchURL\\"" -> http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com ->

HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] -> File not found

HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->

HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->

< FireFox Settings [Default Profile] > -> C:\Users\Simon\AppData\Roaming\Mozilla\FireFox\Profiles\m3z3zits.default\prefs.js ->

browser.startup.homepage_override.mstone -> "rv:1.9.0.6" ->

extensions.enabledItems -> {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.3 ->

extensions.enabledItems -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03 ->

extensions.enabledItems -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02 ->

extensions.enabledItems -> video-dowloader@magic-imv.ro:2.2.280608 ->

extensions.enabledItems -> {dd68c513-9296-4b63-8d8b-8f1c991c8a48}:0.1.7.3 ->

extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6 ->

< HOSTS File > (293422 bytes and 10147 lines) -> C:\Windows\System32\drivers\etc\Hosts ->

First 25 entries...

127.0.0.1 localhost

::1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.100888290cs.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

127.0.0.1 www.10sek.com

127.0.0.1 10sek.com

127.0.0.1 www.123topsearch.com

127.0.0.1 123topsearch.com

127.0.0.1 www.132.com

127.0.0.1 132.com

127.0.0.1 www.136136.net

127.0.0.1 136136.net

127.0.0.1 www.163ns.com

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Aide pour le lien d'Adobe PDF Reader] -> [2006/10/22 23:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> %ProgramFiles%\Windows Live\Messenger\wlchtc.dll [Click-to-Call BHO] -> [2008/12/02 21:44:36 | 00,073,040 | ---- | M] (Microsoft Corporation)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [sSVHelper Class] -> [2007/09/25 01:11:33 | 00,501,136 | ---- | M] (Sun Microsystems, Inc.)

{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> %CommonProgramFiles%\microsoft shared\Windows Live\WindowsLiveLogin.dll [Programme d'aide de l'Assistant de connexion Windows Live] -> [2008/11/18 13:47:06 | 00,408,952 | ---- | M] (Microsoft Corporation)

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [Google Toolbar Notifier BHO] -> [2008/10/22 14:15:02 | 00,652,784 | ---- | M] (Google Inc.)

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->

"{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}" [HKLM] -> %SystemRoot%\System32\eDStoolbar.dll [Acer eDataSecurity Management] -> [2007/02/06 22:51:48 | 00,151,552 | ---- | M] (HiTRUST)

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->

ShellBrowser\\"{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}" [HKLM] -> %SystemRoot%\System32\eDStoolbar.dll [Acer eDataSecurity Management] -> [2007/02/06 22:51:48 | 00,151,552 | ---- | M] (HiTRUST)

WebBrowser\\"{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

"Acer Tour" -> [] -> File not found

"avgnt" -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe ["C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min] -> [2008/06/12 13:28:40 | 00,266,497 | ---- | M] (Avira GmbH)

"eRecoveryService" -> [] -> File not found

"LXCCCATS" -> %SystemRoot%\System32\spool\drivers\w32x86\3\lxcctime.dll [rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16] -> [2007/02/22 04:13:40 | 00,073,728 | ---- | M] ()

"RtHDVCpl" -> %SystemRoot%\RtHDVCpl.exe [RtHDVCpl.exe] -> [2006/11/09 03:57:00 | 03,784,704 | ---- | M] (Realtek Semiconductor)

"Windows Defender" -> %ProgramFiles%\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/19 08:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation)

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

"BitTorrent DNA" -> %ProgramFiles%\DNA\btdna.exe ["C:\Program Files\DNA\btdna.exe"] -> [2009/01/02 22:02:49 | 00,342,848 | ---- | M] (BitTorrent, Inc.)

"ehTray.exe" -> %SystemRoot%\ehome\ehtray.exe [C:\Windows\ehome\ehTray.exe] -> [2008/01/19 08:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation)

"ISUSPM" -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler] -> [2006/03/21 01:34:50 | 00,213,936 | ---- | M] (Macrovision Corporation)

"ISUSPM Startup" -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> [2006/03/21 01:34:50 | 00,213,936 | ---- | M] (Macrovision Corporation)

"LeechGet" -> [] -> File not found

"Sidebar" -> %ProgramFiles%\Windows Sidebar\sidebar.exe [C:\Program Files\Windows Sidebar\sidebar.exe /autoRun] -> [2008/01/19 08:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation)

"Wallpaper" -> %ProgramFiles%\Wallpaper\Wallpaper.exe ["C:\Program Files\Wallpaper\Wallpaper.exe" Starter] -> [2007/07/29 00:09:06 | 00,233,472 | ---- | M] ()

"捁牥吠畯r" -> [] -> File not found

< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

\\"ConsentPromptBehaviorAdmin" -> [2] -> File not found

\\"ConsentPromptBehaviorUser" -> [1] -> File not found

\\"EnableInstallerDetection" -> [1] -> File not found

\\"EnableSecureUIAPaths" -> [1] -> File not found

\\"EnableVirtualization" -> [1] -> File not found

\\"PromptOnSecureDesktop" -> [1] -> File not found

\\"ValidateAdminCodeSignatures" -> [0] -> File not found

\\"dontdisplaylastusername" -> [0] -> File not found

\\"legalnoticecaption" -> [] -> File not found

\\"legalnoticetext" -> [] -> File not found

\\"scforceoption" -> [0] -> File not found

\\"shutdownwithoutlogon" -> [1] -> File not found

\\"undockwithoutlogon" -> [1] -> File not found

\\"FilterAdministratorToken" -> [1] -> File not found

\\"EnableUIADesktopToggle" -> [0] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats

\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" -> [1] -> File not found

\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" -> [2] -> File not found

\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" -> [7] -> File not found

\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" -> [8] -> File not found

\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" -> [9] -> File not found

\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" -> [13] -> File not found

\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" -> [17] -> File not found

< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveTypeAutoRun" -> [145] -> File not found

< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

\\"LogonHoursAction" -> [2] -> File not found

\\"DontDisplayLogonHoursWarnings" -> [1] -> File not found

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->

{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec [HKLM] -> %SystemRoot%\bdoscandel.exe [Menu: Uninstall BitDefender Online Scanner v8] -> [2006/05/25 01:22:06 | 00,053,248 | ---- | M] ()

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->

PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->

PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->

< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix

"" -> http://

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5263 domain(s) found. ->

49 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5284 domain(s) found. ->

50 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab [QuickTime Object] ->

{04CB5B64-5915-4629-B869-8945CEBADD21} [HKLM] -> https://static.impots.gouv.fr/abos/static/s...te/certdgi1.cab [Module de délivrance de certificat MINEFI] ->

{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://gfx2.hotmail.com/mail/w2/resources/...NPUpldfr-fr.cab [MSN Photo Upload Tool] ->

{5D6F45B3-9043-443D-A792-115447494D24} [HKLM] -> http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab [unoCtrl Class] ->

{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_03] ->

{C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab [MessengerStatsClient Class] ->

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_02] ->

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_03] ->

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_03] ->

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->

{33417D56-5BD1-4033-BD59-4783FF91B01D} -> (Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller) ->

{3FFFF09A-1C2A-4278-9A6E-B18CC02A40C7} -> () ->

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->

*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->

credssp.dll -> %SystemRoot%\System32\credssp.dll -> [2008/01/19 08:33:59 | 00,015,872 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> ->

< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->

*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->

tspkg -> %SystemRoot%\System32\TSpkg.dll -> [2008/01/19 08:36:42 | 00,062,464 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> ->

< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->

"C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> [2008/12/16 21:16:10 | 00,637,232 | ---- | M] (BitTorrent, Inc.)

< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->

"AlternateShell" -> cmd.exe ->

< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->

"AutoRun" -> 1 ->

"DisplayName" -> Pilote de CD-ROM ->

"ImagePath" -> %SystemRoot%\System32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/01/19 06:49:51 | 00,067,072 | ---- | M] (Microsoft Corporation)

< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->

\{dccf696d-d28e-11dd-9aaf-0019db505523}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dccf696d-d28e-11dd-9aaf-0019db505523}\shell\AutoRun\command

\{dccf696d-d28e-11dd-9aaf-0019db505523}\shell\AutoRun\command\\"" -> K:\AutoTransfer.exe [K:\AutoTransfer.exe] -> File not found

 

[Registry - Additional Scans - Safe List]

< ColumnHandlers - Folder [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ ->

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} [HKLM] -> %ProgramFiles%\OpenOffice.org 2.3\program\shlxthdl.dll [Reg Error: Value does not exist or could not be read.] -> [2007/11/01 19:09:06 | 00,335,872 | ---- | M] (Sun Microsystems, Inc.)

{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\pdfshell.dll [PDF Shell Extension] -> [2007/05/10 22:54:08 | 00,372,736 | ---- | M] (Adobe Systems, Inc.)

< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ ->

C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk -> %SystemDrive%\Acer\Empowering Technology\eAPLauncher.exe -> [2006/11/21 20:11:00 | 00,528,384 | ---- | M] (Acer Inc.)

C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> [2008/10/22 14:14:50 | 00,161,264 | ---- | M] (Google)

< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->

!AVG Anti-Spyware hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> File not found

Acer Empowering Technology Monitor hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\System32\SysMonitor.exe -> [2006/11/23 15:24:54 | 00,319,488 | ---- | M] ()

Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> File not found

AVG8_TRAY hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgtray.exe -> File not found

BitTorrent DNA hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemDrive%\Utilisateurs\Simon\Program Files\DNA\btdna.exe -> File not found

eDataSecurity Loader hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemDrive%\Acer\Empowering Technology\eDataSecurity\eDSloader.exe -> [2007/02/06 23:04:16 | 00,464,168 | ---- | M] (HiTRUST)

EzPrint hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Lexmark 3300 Series\ezprint.exe -> [2007/05/11 07:58:58 | 00,103,344 | ---- | M] (Lexmark International Inc.)

Google Update hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %UserProfile%\AppData\Local\Google\Update\GoogleUpdate.exe -> File not found

ISUSPM Startup hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> [2006/03/21 01:34:50 | 00,213,936 | ---- | M] (Macrovision Corporation)

iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\iTunes\iTunesHelper.exe -> File not found

LXCCCATS hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\System32\spool\drivers\w32x86\3\lxcctime.dll -> [2007/02/22 04:13:40 | 00,073,728 | ---- | M] ()

lxccmon.exe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Lexmark 3300 Series\lxccmon.exe -> [2007/05/11 07:57:58 | 00,205,744 | ---- | M] (Lexmark International, Inc.)

msnmsgr hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\MSN Messenger\msnmsgr.exe -> File not found

QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\QuickTime\QTTask.exe -> [2008/11/04 10:30:50 | 00,413,696 | ---- | M] (Apple Inc.)

SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> [2007/09/25 01:11:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

swg hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2007/09/08 16:45:44 | 00,068,856 | ---- | M] (Google Inc.)

WarReg_PopUp hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemDrive%\Acer\WR_PopUp\WarReg_PopUp.exe -> [2006/11/05 20:48:22 | 00,057,344 | ---- | M] (Acer Inc.)

捁牥吠畯⁲敒業摮牥 hkey= key= -> -> File not found

< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state ->

"services" -> 2 ->

"startup" -> 2 ->

< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->

.bat [@ = batfile] -> "%1" %* ->

.chm [@ = chm.file] -> %SystemRoot%\hh.exe -> [2006/11/02 10:45:13 | 00,014,848 | ---- | M] (Microsoft Corporation)

.cmd [@ = cmdfile] -> "%1" %* ->

.com [@ = comfile] -> "%1" %* ->

.cpl [@ = cplfile] -> %SystemRoot%\System32\control.exe -> [2006/11/02 10:44:59 | 00,211,968 | ---- | M] (Microsoft Corporation)

.exe [@ = exefile] -> "%1" %* ->

.hlp [@ = hlpfile] -> %SystemRoot%\winhlp32.exe -> [2006/11/02 10:45:57 | 00,009,216 | ---- | M] (Microsoft Corporation)

.hta [@ = htafile] -> %SystemRoot%\System32\mshta.exe -> [2008/01/19 08:33:16 | 00,045,568 | ---- | M] (Microsoft Corporation)

.html [@ = FirefoxHTML] -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2009/02/07 07:09:18 | 00,307,704 | ---- | M] (Mozilla Corporation)

.inf [@ = inffile] -> %SystemRoot%\System32\notepad.exe -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

.ini [@ = inifile] -> %SystemRoot%\System32\notepad.exe -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

.js [@ = JSFile] -> %SystemRoot%\System32\wscript.exe -> [2008/05/08 22:59:26 | 00,155,648 | ---- | M] (Microsoft Corporation)

.jse [@ = JSEFile] -> %SystemRoot%\System32\wscript.exe -> [2008/05/08 22:59:26 | 00,155,648 | ---- | M] (Microsoft Corporation)

.pif [@ = piffile] -> "%1" %* ->

.reg [@ = regfile] -> %SystemRoot%\regedit.exe -> [2008/01/19 08:33:24 | 00,134,656 | ---- | M] (Microsoft Corporation)

.scr [@ = scrfile] -> "%1" /S ->

.txt [@ = txtfile] -> %SystemRoot%\System32\notepad.exe -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

.vbe [@ = VBEFile] -> %SystemRoot%\System32\wscript.exe -> [2008/05/08 22:59:26 | 00,155,648 | ---- | M] (Microsoft Corporation)

.vbs [@ = VBSFile] -> %SystemRoot%\System32\wscript.exe -> [2008/05/08 22:59:26 | 00,155,648 | ---- | M] (Microsoft Corporation)

.wsf [@ = WSFFile] -> %SystemRoot%\System32\wscript.exe -> [2008/05/08 22:59:26 | 00,155,648 | ---- | M] (Microsoft Corporation)

.wsh [@ = WSHFile] -> %SystemRoot%\System32\wscript.exe -> [2008/05/08 22:59:26 | 00,155,648 | ---- | M] (Microsoft Corporation)

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->

*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->

AeLookupSvc -> C:\Windows\System32\aelupsvc.dll [C:\Windows\System32\aelupsvc.dll] -> [2006/11/02 10:46:02 | 00,024,576 | ---- | M] (Microsoft Corporation)

wercplsupport -> C:\Windows\System32\wercplsupport.dll [C:\Windows\System32\wercplsupport.dll] -> [2008/01/19 08:36:52 | 00,062,976 | ---- | M] (Microsoft Corporation)

CertPropSvc -> C:\Windows\System32\certprop.dll [C:\Windows\System32\certprop.dll] -> [2008/01/19 08:33:51 | 00,040,448 | ---- | M] (Microsoft Corporation)

SCPolicySvc -> C:\Windows\System32\certprop.dll [C:\Windows\System32\certprop.dll] -> [2008/01/19 08:33:51 | 00,040,448 | ---- | M] (Microsoft Corporation)

gpsvc -> C:\Windows\System32\gpsvc.dll [C:\Windows\System32\gpsvc.dll] -> [2008/01/19 08:34:25 | 00,574,464 | ---- | M] (Microsoft Corporation)

IKEEXT -> C:\Windows\System32\IKEEXT.DLL [C:\Windows\System32\IKEEXT.DLL] -> [2008/01/19 08:34:32 | 00,438,272 | ---- | M] (Microsoft Corporation)

FastUserSwitchingCompatibility -> [] ->

Ias -> [] ->

Irmon -> [] ->

Nla -> [] ->

Ntmssvc -> [] ->

NWCWorkstation -> [] ->

Nwsapagent -> [] ->

SRService -> [] ->

Wmi -> [] ->

WmdmPmSp -> [] ->

wuauserv -> C:\Windows\System32\wuaueng.dll [C:\Windows\System32\wuaueng.dll] -> [2008/10/16 22:13:38 | 01,809,944 | ---- | M] (Microsoft Corporation)

LogonHours -> [] ->

PCAudit -> [] ->

helpsvc -> [] ->

uploadmgr -> [] ->

iphlpsvc -> C:\Windows\System32\iphlpsvc.dll [C:\Windows\System32\iphlpsvc.dll] -> [2008/01/19 08:34:34 | 00,188,416 | ---- | M] (Microsoft Corporation)

AppInfo -> C:\Windows\System32\appinfo.dll [C:\Windows\System32\appinfo.dll] -> [2008/01/19 08:33:43 | 00,033,280 | ---- | M] (Microsoft Corporation)

msiscsi -> C:\Windows\System32\iscsiexe.dll [C:\Windows\System32\iscsiexe.dll] -> [2008/01/19 08:34:35 | 00,111,616 | ---- | M] (Microsoft Corporation)

MMCSS -> C:\Windows\System32\mmcss.dll [C:\Windows\System32\mmcss.dll] -> [2008/01/19 08:34:49 | 00,045,056 | ---- | M] (Microsoft Corporation)

ProfSvc -> C:\Windows\System32\profsvc.dll [C:\Windows\System32\profsvc.dll] -> [2008/01/19 08:36:11 | 00,153,600 | ---- | M] (Microsoft Corporation)

SessionEnv -> C:\Windows\System32\SessEnv.dll [C:\Windows\System32\SessEnv.dll] -> [2008/01/19 08:36:21 | 00,084,992 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> ->

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->

livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> %ProgramFiles%\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll[Reg Error: Value does not exist or could not be read.] -> [2008/12/02 22:37:44 | 00,062,280 | ---- | M] (Microsoft Corporation)

msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> %ProgramFiles%\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll[Reg Error: Value does not exist or could not be read.] -> [2008/12/02 22:37:44 | 00,062,280 | ---- | M] (Microsoft Corporation)

wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} [HKLM] -> %ProgramFiles%\Windows Live\Mail\mailcomm.dll[Windows Live Mail HTML Asynchronous Pluggable Protocol Handler] -> [2008/12/02 22:38:50 | 00,791,368 | ---- | M] (Microsoft Corporation)

< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center

\\"cval" -> [1] -> File not found

\\"UacDisableNotify" -> [1] -> File not found

\\"InternetSettingsDisableNotify" -> [0] -> File not found

\\"AutoUpdateDisableNotify" -> [0] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

\Monitoring\\"DisableMonitoring" -> [1] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus

\Monitoring\SymantecAntiVirus\\"DisableMonitoring" -> [1] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall

\Monitoring\SymantecFirewall\\"DisableMonitoring" -> [1] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc

\Svc\\"AntiVirusOverride" -> [0] -> File not found

\Svc\\"AntiSpywareOverride" -> [0] -> File not found

\Svc\\"FirewallOverride" -> [0] -> File not found

\Svc\\"VistaSp1" -> [] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol\ -> ->

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

\\"DisableNotifications" -> [0] -> File not found

\\"EnableFirewall" -> [1] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\ -> ->

< Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager ->

"BootExecute" -> autocheck autochk *; ->

"ExcludeFromKnownDlls" -> ->

*ObjectDirectories* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\ObjectDirectories ->

\Windows -> -> File not found

\RPC Control -> -> File not found

*MultiFile Done* -> ->

< Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment ->

"ComSpec" -> C:\Windows\System32\cmd.exe -> [2008/01/19 08:33:04 | 00,318,976 | ---- | M] (Microsoft Corporation)

"TEMP" -> %SystemRoot%\TEMP ->

"TMP" -> %SystemRoot%\TEMP ->

"windir" -> %SystemRoot% ->

*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path ->

%SystemRoot%\system32 -> %SystemRoot%\System32 -> [2009/02/17 17:58:10 | 00,000,000 | ---D | M]

%SystemRoot% -> %SystemRoot% -> [2009/02/17 07:15:52 | 00,000,000 | ---D | M]

%SystemRoot%\System32\Wbem -> %SystemRoot%\System32\wbem -> [2009/01/30 19:49:46 | 00,000,000 | ---D | M]

C:\Program Files\QuickTime\QTSystem\ -> %ProgramFiles%\QuickTime\QTSystem -> [2008/11/24 14:04:04 | 00,000,000 | ---D | M]

*MultiFile Done* -> ->

*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT ->

.COM -> -> File not found

.EXE -> -> File not found

.BAT -> -> File not found

.CMD -> -> File not found

.VBS -> -> File not found

.VBE -> -> File not found

.JS -> -> File not found

.JSE -> -> File not found

.WSF -> -> File not found

.WSH -> -> File not found

.MSC -> -> File not found

*MultiFile Done* -> ->

< Session Manager FileRenameOperations Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations ->

< Session Manager KnownDlls Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls ->

"advapi32" -> C:\Windows\System32\advapi32.dll -> [2008/01/19 08:33:43 | 00,798,720 | ---- | M] (Microsoft Corporation)

"clbcatq" -> C:\Windows\System32\clbcatq.dll -> [2008/01/19 08:33:52 | 00,523,776 | ---- | M] (Microsoft Corporation)

"COMDLG32" -> C:\Windows\System32\comdlg32.dll -> [2008/01/19 08:33:58 | 00,450,048 | ---- | M] (Microsoft Corporation)

"DllDirectory" -> C:\Windows\System32 -> [2009/02/17 17:58:10 | 00,000,000 | ---D | M]

"gdi32" -> C:\Windows\System32\gdi32.dll -> [2008/10/21 06:25:18 | 00,296,960 | ---- | M] (Microsoft Corporation)

"IERTUTIL" -> C:\Windows\System32\iertutil.dll -> [2009/01/15 07:07:53 | 00,270,336 | ---- | M] (Microsoft Corporation)

"IMAGEHLP" -> C:\Windows\System32\imagehlp.dll -> [2008/01/19 08:34:32 | 00,153,088 | ---- | M] (Microsoft Corporation)

"IMM32" -> C:\Windows\System32\imm32.dll -> [2008/01/19 08:34:33 | 00,114,688 | ---- | M] (Microsoft Corporation)

"kernel32" -> C:\Windows\System32\kernel32.dll -> [2008/01/19 08:34:36 | 00,888,320 | ---- | M] (Microsoft Corporation)

"LPK" -> C:\Windows\System32\lpk.dll -> [2008/01/19 08:34:43 | 00,023,552 | ---- | M] (Microsoft Corporation)

"MSCTF" -> C:\Windows\System32\msctf.dll -> [2008/01/19 08:34:55 | 00,806,912 | ---- | M] (Microsoft Corporation)

"MSVCRT" -> C:\Windows\System32\msvcrt.dll -> [2008/01/19 08:35:15 | 00,680,448 | ---- | M] (Microsoft Corporation)

"NORMALIZ" -> C:\Windows\System32\normaliz.dll -> [2006/11/02 09:33:06 | 00,002,560 | ---- | M] (Microsoft Corporation)

"NSI" -> C:\Windows\System32\nsi.dll -> [2008/01/19 08:35:57 | 00,008,192 | ---- | M] (Microsoft Corporation)

"ole32" -> C:\Windows\System32\ole32.dll -> [2008/01/19 08:36:01 | 01,315,328 | ---- | M] (Microsoft Corporation)

"OLEAUT32" -> C:\Windows\System32\oleaut32.dll -> [2008/01/19 08:36:01 | 00,563,200 | ---- | M] (Microsoft Corporation)

"rpcrt4" -> C:\Windows\System32\rpcrt4.dll -> [2008/04/12 04:32:11 | 00,784,896 | ---- | M] (Microsoft Corporation)

"Setupapi" -> C:\Windows\System32\setupapi.dll -> [2008/01/19 08:36:24 | 01,590,272 | ---- | M] (Microsoft Corporation)

"SHELL32" -> C:\Windows\System32\shell32.dll -> [2008/11/06 14:14:25 | 11,580,928 | ---- | M] (Microsoft Corporation)

"SHLWAPI" -> C:\Windows\System32\shlwapi.dll -> [2008/01/19 08:36:29 | 00,351,744 | ---- | M] (Microsoft Corporation)

"URLMON" -> C:\Windows\System32\urlmon.dll -> [2009/01/15 07:11:05 | 01,166,336 | ---- | M] (Microsoft Corporation)

"user32" -> C:\Windows\System32\user32.dll -> [2008/01/19 08:36:46 | 00,627,200 | ---- | M] (Microsoft Corporation)

"USP10" -> C:\Windows\System32\usp10.dll -> [2008/01/19 08:36:47 | 00,501,760 | ---- | M] (Microsoft Corporation)

"WININET" -> C:\Windows\System32\wininet.dll -> [2009/01/15 07:11:16 | 00,827,392 | ---- | M] (Microsoft Corporation)

"WLDAP32" -> C:\Windows\System32\Wldap32.dll -> [2008/01/19 08:36:57 | 00,289,280 | ---- | M] (Microsoft Corporation)

"WS2_32" -> C:\Windows\System32\ws2_32.dll -> [2008/01/19 08:37:09 | 00,179,200 | ---- | M] (Microsoft Corporation)

< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->

batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

batfile [open] -> "%1" %* -> File not found

batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> [2006/11/02 10:45:13 | 00,014,848 | ---- | M] (Microsoft Corporation)

cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

cmdfile [open] -> "%1" %* -> File not found

cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

comfile [open] -> "%1" %* -> File not found

cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2006/11/02 10:44:59 | 00,211,968 | ---- | M] (Microsoft Corporation)

exefile [open] -> "%1" %* -> File not found

helpfile [open] -> Reg Error: Key does not exist or could not be opened.

hlpfile [open] -> %SystemRoot%\winhlp32.exe %1 -> [2006/11/02 10:45:57 | 00,009,216 | ---- | M] (Microsoft Corporation)

htafile [open] -> %SystemRoot%\system32\mshta.exe "%1" %* -> [2008/01/19 08:33:16 | 00,045,568 | ---- | M] (Microsoft Corporation)

htmlfile [edit] -> Reg Error: Key does not exist or could not be opened.

htmlfile [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> [2008/01/19 08:33:12 | 00,625,664 | ---- | M] (Microsoft Corporation)

htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 -> [2008/01/19 08:33:12 | 00,625,664 | ---- | M] (Microsoft Corporation)

http [open] -> "%ProgramFiles%\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" -> [2009/02/07 07:09:18 | 00,307,704 | ---- | M] (Mozilla Corporation)

https [open] -> "%ProgramFiles%\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" -> [2009/02/07 07:09:18 | 00,307,704 | ---- | M] (Mozilla Corporation)

inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2008/01/19 08:33:12 | 00,011,776 | ---- | M] (Microsoft Corporation)

inffile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

inffile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

inifile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

inifile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2008/05/08 22:59:26 | 00,155,648 | ---- | M] (Microsoft Corporation)

jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2008/05/08 22:59:26 | 00,155,648 | ---- | M] (Microsoft Corporation)

jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

piffile [open] -> "%1" %* -> File not found

regfile [edit] -> %SystemRoot%\system32\notepad.exe "%1" -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

regfile [open] -> regedit.exe "%1" -> [2008/01/19 08:33:24 | 00,134,656 | ---- | M] (Microsoft Corporation)

regfile [merge] -> Reg Error: Key does not exist or could not be opened.

regfile [print] -> %SystemRoot%\system32\notepad.exe /p "%1" -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

scrfile [config] -> "%1" -> File not found

scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/01/19 08:32:56 | 00,368,640 | ---- | M] (Microsoft Corporation)

scrfile [open] -> "%1" /S -> File not found

txtfile [edit] -> Reg Error: Key does not exist or could not be opened.

txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

vbefile [edit] -> "%SystemRoot%\System32\Notepad.exe" %1 -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

vbefile [open] -> "%SystemRoot%\System32\WScript.exe" "%1" %* -> [2008/05/08 22:59:26 | 00,155,648 | ---- | M] (Microsoft Corporation)

vbefile [print] -> "%SystemRoot%\System32\Notepad.exe" /p %1 -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

vbsfile [edit] -> "%SystemRoot%\System32\Notepad.exe" %1 -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

vbsfile [open] -> "%SystemRoot%\System32\WScript.exe" "%1" %* -> [2008/05/08 22:59:26 | 00,155,648 | ---- | M] (Microsoft Corporation)

vbsfile [print] -> "%SystemRoot%\System32\Notepad.exe" /p %1 -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

wsffile [edit] -> "%SystemRoot%\System32\Notepad.exe" %1 -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

wsffile [open] -> "%SystemRoot%\System32\WScript.exe" "%1" %* -> [2008/05/08 22:59:26 | 00,155,648 | ---- | M] (Microsoft Corporation)

wsffile [print] -> "%SystemRoot%\System32\Notepad.exe" /p %1 -> [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation)

wshfile [open] -> "%SystemRoot%\System32\WScript.exe" "%1" %* -> [2008/05/08 22:59:26 | 00,155,648 | ---- | M] (Microsoft Corporation)

Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2008/01/19 08:33:04 | 00,318,976 | ---- | M] (Microsoft Corporation)

Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 -> [2008/01/19 08:33:12 | 00,625,664 | ---- | M] (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -> [2008/01/19 08:33:12 | 00,625,664 | ---- | M] (Microsoft Corporation)

< Tcpip Persistent Routes > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes ->

< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->

{01523985-2098-43AF-9C97-12B07BE02A9B} -> Windows Live Call

{059C042E-796A-4ACC-A81A-ECC2010BB78C} -> Windows Live Messenger

{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} -> NTI CD & DVD-Maker

{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} -> Google Earth

{205C6BDD-7B73-42DE-8505-9A093F35A238} -> Outil de téléchargement Windows Live

{2231CE39-B963-4B9D-823A-F412ECA637B1} -> Windows Live Writer

{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} -> MSVCRT

{3248F0A8-6813-11D6-A77B-00B0D0160020} -> Java 6 Update 2

{3248F0A8-6813-11D6-A77B-00B0D0160030} -> Java 6 Update 3

{331DFBF7-734D-4545-8A9D-48CB5D73AF07} -> OpenOffice.org 2.3

{3CCB732A-E472-4CF9-B1EE-F18365341FE0} -> Installation Windows Live

{3E31821C-7917-367E-938E-E65FC413EA31} -> Microsoft .NET Framework 3.5 Language Pack SP1 - fra

{41581EF5-45A7-11DA-9D78-000129760D75} -> Acer Picture Slide DVD

{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B} -> ATI Catalyst Install Manager

{43563ACB-371B-4C58-8979-B192B390424C} -> Galerie de photos Windows Live

{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A} -> Junk Mail filter update

{5ED7F74A-B4AB-4209-B99C-B88012C712F2} -> Windows Live Movie Maker Bêta

{63DC2DA0-2A6C-4C38-9249-B75395458657} -> Windows Live Mail

{67ADE9AF-5CD9-4089-8825-55DE4B366799} -> NTI Backup NOW! 4.7

{67D0313C-4F15-437D-9A2D-C1564088A26A} -> Windows Live Sync

{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update

{6E7DD182-9FC6-4651-0095-2E666CC6AF35} -> Les Sims 2

{716E0306-8318-4364-8B8F-0CC4E9376BAC} -> MSXML 4.0 SP2 Parser and SDK

{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable

{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC} -> Acer ScreenSaver

{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight

{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} -> Bonjour

{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} -> Choice Guard

{90529245-9C54-45B5-BBB3-B180CA04F248} -> Search Settings

{94389919-B0AA-4882-9BE8-9F0B004ECA35} -> Acer Tour

{95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting

{97C82B44-D408-4F14-9252-47FC1636D23E}_is1 -> IZArc 3.81

{AA4BF92B-2AAF-11DA-9D78-000129760D75} -> Acer Zone SoftDMA

{AB6097D9-D722-4987-BD9E-A076E2848EE2} -> Acer Empowering Technology

{AC76BA86-7AD7-1036-7B44-A81300000003} -> Adobe Reader 8.1.3 - Français

{AC76BA86-7AD7-5464-3428-800000000003} -> Spelling Dictionaries Support For Adobe Reader 8

{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} -> ABBYY FineReader 6.0 Sprint

{AEEAE013-92F1-4515-B278-139F1A692A36} -> Acer eDataSecurity Management

{B0B28C0B-832E-FBBA-BF03-7E285AC700B7} -> Catalyst Control Center Core Implementation

{B145EC69-66F5-11D8-9D75-000129760D75} -> Acer Zone MakeDisk

{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1 -> ConvertXtoDVD 2.2.3.258

{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1

{CC516453-9703-ABF9-201F-58A5EC567292} -> ATI Catalyst Install Manager

{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1

{D462BF9E-0C35-4705-BF9B-3DF9F3816643} -> Acer ePerformance Management

{D6E592B3-67DA-4BBB-9783-E1838FB253A2} -> Assistant de connexion Windows Live

{DFFE2B1F-07E0-45A9-8801-CD8514CAA876} -> Prince of Persia T2T

{E1180142-3B31-4DCC-9D27-7AC2D37662BF} -> LightScribe 1.4.124.1

{EC4455AB-F155-4CC1-A4C5-88F3777F9886} -> Apple Mobile Device Support

{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37} -> Acer Zone Main Page

{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} -> Microsoft SQL Server 2005 Compact Edition [ENU]

{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver

{F333A33D-125C-32A2-8DCE-5C5D14231E27} -> Visual C++ 2008 x86 Runtime - (v9.0.30729)

{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01 -> Visual C++ 2008 x86 Runtime - v9.0.30729.01

{F69E83CF-B440-43F8-89E6-6EA80712109B} -> Windows Live Communications Platform

{F6EFFB76-4A07-11DA-9D78-000129760D75} -> Acer Plug and Record

{F79A208D-D929-11D9-9D77-000129760D75} -> Acer Zone MagicDirector

{F958CA02-BB40-4007-894B-258729456EE4} -> QuickTime

ActiveScan 2.0 -> Panda ActiveScan 2.0

Adobe Acrobat 5.0 -> Adobe Acrobat 5.0

Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX

Adobe Flash Player Plugin -> Adobe Flash Player Plugin

Adobe Shockwave Player -> Adobe Shockwave Player

AntiVir PersonalEdition Classic -> Avira AntiVir Personal - Free Antivirus

AviSynth -> AviSynth 2.5

CCleaner -> CCleaner (remove only)

Counter-Strike: Source -> Counter-Strike: Source

EVEREST Ultimate Edition_is1 -> EVEREST Ultimate Edition v5.00

FindyKill -> FindyKill

FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1 -> FLV to AVI MPEG WMV 3GP MP4 iPod Converter 4.2.0622

Free FLV Converter_is1 -> Free FLV Converter V 5.5

Free Mp3 Wma Converter_is1 -> Free Mp3 Wma Converter V 1.6.1

GIF Animator -> Microsoft GIF Animator

Google Updater -> Outil de mise à jour Google

Guitar Pro 5_is1 -> Guitar Pro 5.2

HijackThis -> HijackThis 2.0.2

InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} -> NTI CD & DVD-Maker

LeechGet 2003_is1 -> LeechGet 2003 Version 1.0

Lexmark 3300 Series -> Lexmark 3300 Series

Lexmark Fax Solutions -> Solutions de télécopie Lexmark

Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1

Microsoft .NET Framework 3.5 Language Pack SP1 - fra -> Module linguistique Microsoft .NET Framework 3.5 SP1- fra

Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1

Mozilla Firefox (3.0.6) -> Mozilla Firefox (3.0.6)

PacSteamT -> PacSteamT

PhotoFiltre -> PhotoFiltre

Shareaza_is1 -> Shareaza 2.4.0.0

SLD Codec Pack -> SLD Codec Pack

TmNationsForever_is1 -> TmNationsForever

Videora iPod Converter -> Videora iPod Converter 3.04

Virtual DJ - Atomix Productions -> Virtual DJ - Atomix Productions

VLC media player -> VideoLAN VLC media player 0.8.6c

VSO DivxToDVD_is1 -> DivxToDVD 0.5.2

Wallpaper -> Wallpaper

WinLiveSuite_Wave3 -> Installation Windows Live

World of Warcraft -> World of Warcraft

Wow Cartographe -> Wow Cartographe 1.08b

Xvid_is1 -> Xvid 1.1.3 final uninstall

< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->

BitTorrent -> BitTorrent

BitTorrent DNA -> DNA

< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->

NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -> %SystemRoot%\System32\nlaapi.dll -> [2008/01/19 08:35:38 | 00,048,128 | ---- | M] (Microsoft Corporation)

NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] -> %SystemRoot%\System32\NapiNSP.dll -> [2008/01/19 08:35:35 | 00,050,176 | ---- | M] (Microsoft Corporation)

NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -> %SystemRoot%\System32\pnrpnsp.dll -> [2008/01/19 08:36:07 | 00,062,464 | ---- | M] (Microsoft Corporation)

NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -> %SystemRoot%\System32\pnrpnsp.dll -> [2008/01/19 08:36:07 | 00,062,464 | ---- | M] (Microsoft Corporation)

NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> [2008/08/29 08:53:50 | 00,147,456 | ---- | M] (Apple Inc.)

< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->

ldap -> 4 = Restricted sites (Not a Default Protocol) ->

news -> 4 = Restricted sites (Not a Default Protocol) ->

nntp -> 4 = Restricted sites (Not a Default Protocol) ->

oecmd -> 4 = Restricted sites (Not a Default Protocol) ->

snews -> 4 = Restricted sites (Not a Default Protocol) ->

< EventViewer Logs - Last 10 Errors > -> Event Information -> Description

Application [ Error ] 29/06/2008 07:47:25 Computer Name = PC-de-Simon | Source = EventSystem | ID = 4621 -> Description =

Application [ Error ] 29/06/2008 17:15:40 Computer Name = PC-de-Simon | Source = EventSystem | ID = 4621 -> Description =

Application [ Error ] 01/07/2008 01:24:46 Computer Name = PC-de-Simon | Source = ESENT | ID = 215 -> Description = WinMail (3600) WindowsMail0: La sauvegarde a été arrêtée car elle a été interrompue par le client ou la connexion avec le client a échoué.

Application [ Error ] 01/07/2008 02:43:12 Computer Name = PC-de-Simon | Source = Application Error | ID = 1000 -> Description = Application défaillante Shareaza.exe, version 2.3.1.0, horodatage 0x477a60f4, module défaillant xvidcore.dll, version 0.0.0.0, horodatage 0x4683e743, code d’exception 0xc0000094, décalage d’erreur 0x00055583, ID du processus 0xc7c, heure de début de l’application 0x01c8db40c25b885b.

Application [ Error ] 01/07/2008 06:06:07 Computer Name = PC-de-Simon | Source = Application Error | ID = 1000 -> Description = Application défaillante Shareaza.exe, version 2.3.1.0, horodatage 0x477a60f4, module défaillant xvidcore.dll, version 0.0.0.0, horodatage 0x4683e743, code d’exception 0xc0000094, décalage d’erreur 0x00055583, ID du processus 0xcf0, heure de début de l’application 0x01c8db5fe0ae02a2.

Application [ Error ] 01/07/2008 06:59:44 Computer Name = PC-de-Simon | Source = Application Error | ID = 1000 -> Description = Application défaillante Shareaza.exe, version 2.3.1.0, horodatage 0x477a60f4, module défaillant xvidcore.dll, version 0.0.0.0, horodatage 0x4683e743, code d’exception 0xc0000094, décalage d’erreur 0x00055583, ID du processus 0xe94, heure de début de l’application 0x01c8db62164e16f2.

Application [ Error ] 01/07/2008 13:20:47 Computer Name = PC-de-Simon | Source = Application Hang | ID = 1002 -> Description = Le programme Shareaza.exe version 2.3.1.0 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : c8c Heure de début : 01c8db6995222eb2 Heure de fin : 711

Application [ Error ] 01/07/2008 13:33:03 Computer Name = PC-de-Simon | Source = Application Error | ID = 1000 -> Description = Application défaillante Cdmkr32.exe, version 7.7.0.10, horodatage 0x4570ba0b, module défaillant msvcrt.dll, version 7.0.6001.18000, horodatage 0x4791a727, code d’exception 0xc00000fd, décalage d’erreur 0x00025b67, ID du processus 0x17f0, heure de début de l’application 0x01c8db9e373cc1e2.

Application [ Error ] 02/07/2008 02:56:55 Computer Name = PC-de-Simon | Source = EventSystem | ID = 4621 -> Description =

Application [ Error ] 02/07/2008 15:38:07 Computer Name = PC-de-Simon | Source = EventSystem | ID = 4621 -> Description =

System [ Error ] 17/02/2009 12:16:58 Computer Name = PC-de-Simon | Source = Service Control Manager | ID = 7000 -> Description =

System [ Error ] 17/02/2009 12:32:21 Computer Name = PC-de-Simon | Source = Service Control Manager | ID = 7000 -> Description =

System [ Error ] 17/02/2009 12:32:59 Computer Name = PC-de-Simon | Source = Service Control Manager | ID = 7000 -> Description =

System [ Error ] 17/02/2009 12:42:51 Computer Name = PC-de-Simon | Source = Service Control Manager | ID = 7030 -> Description =

System [ Error ] 17/02/2009 12:42:54 Computer Name = PC-de-Simon | Source = Service Control Manager | ID = 7000 -> Description =

System [ Error ] 17/02/2009 12:46:43 Computer Name = PC-de-Simon | Source = Service Control Manager | ID = 7000 -> Description =

System [ Error ] 17/02/2009 12:47:59 Computer Name = PC-de-Simon | Source = Service Control Manager | ID = 7000 -> Description =

System [ Error ] 17/02/2009 12:57:43 Computer Name = PC-de-Simon | Source = Service Control Manager | ID = 7000 -> Description =

System [ Error ] 17/02/2009 13:27:18 Computer Name = PC-de-Simon | Source = Service Control Manager | ID = 7000 -> Description =

System [ Error ] 17/02/2009 13:28:29 Computer Name = PC-de-Simon | Source = Service Control Manager | ID = 7000 -> Description =

 

[Files/Folders - Created Within 90 Days]

32 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp ->

32 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp ->

OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/02/17 19:40:47 | 00,000,000 | ---D | C]

OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/02/17 19:39:57 | 00,656,714 | ---- | C] ()

IconCache.db -> %UserProfile%\AppData\Local\IconCache.db -> [2009/02/17 16:59:09 | 02,473,315 | -H-- | C] ()

rsit -> %SystemDrive%\rsit -> [2009/02/17 16:33:18 | 00,000,000 | ---D | C]

RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/02/17 16:32:02 | 00,781,851 | ---- | C] ()

hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/02/17 16:20:34 | 93,794,3040 | -HS- | C] ()

DrWeb.csv -> %UserProfile%\Documents\DrWeb.csv -> [2009/02/17 16:14:53 | 00,000,502 | ---- | C] ()

DoctorWeb -> %UserProfile%\DoctorWeb -> [2009/02/17 07:18:27 | 00,000,000 | ---D | C]

AntiVir PE Classic.lnk -> %SystemDrive%\Users\Public\Desktop\AntiVir PE Classic.lnk -> [2009/02/17 07:04:04 | 00,001,955 | ---- | C] ()

ssmdrv.sys -> %SystemRoot%\System32\drivers\ssmdrv.sys -> [2009/02/17 07:03:51 | 00,021,248 | ---- | C] (AVIRA GmbH)

avipbb.sys -> %SystemRoot%\System32\drivers\avipbb.sys -> [2009/02/17 07:03:50 | 00,075,072 | ---- | C] (Avira GmbH)

cc_20090216_221935.reg -> %UserProfile%\Documents\cc_20090216_221935.reg -> [2009/02/16 22:19:37 | 00,634,500 | ---- | C] ()

.housecall6.6 -> %UserProfile%\.housecall6.6 -> [2009/02/16 21:28:29 | 00,000,000 | ---D | C]

Sun -> %SystemRoot%\Sun -> [2009/02/16 21:28:17 | 00,000,000 | ---D | C]

Zeb-Restore -> %UserProfile%\Desktop\Zeb-Restore -> [2009/02/16 21:21:39 | 00,000,000 | ---D | C]

Zeb-Restore.zip -> %UserProfile%\Desktop\Zeb-Restore.zip -> [2009/02/16 21:21:14 | 00,074,505 | ---- | C] ()

ELIBAGLA.BCØBBØØI.EXE -> %UserProfile%\Desktop\ELIBAGLA.BCØBBØØI.EXE -> [2009/02/16 21:06:53 | 00,057,878 | ---- | C] (Satinfo S.L.)

BIBLIOTHÈQUE récente.xml -> %UserProfile%\Desktop\BIBLIOTHÈQUE récente.xml -> [2009/02/16 20:31:07 | 03,457,721 | ---- | C] ()

FindyKill.lnk -> %UserProfile%\Desktop\FindyKill.lnk -> [2009/02/16 19:15:17 | 00,001,650 | ---- | C] ()

FindyKill -> %ProgramFiles%\FindyKill -> [2009/02/16 19:15:07 | 00,000,000 | ---D | C]

Malwarebytes -> %AppData%\Malwarebytes -> [2009/02/16 13:31:13 | 00,000,000 | ---D | C]

Malwarebytes' Anti-Malware.lnk -> %SystemDrive%\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/02/16 13:31:11 | 00,000,782 | ---- | C] ()

mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/02/16 13:31:10 | 00,015,504 | ---- | C] (Malwarebytes Corporation)

mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/02/16 13:31:08 | 00,038,496 | ---- | C] (Malwarebytes Corporation)

Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2009/02/16 13:31:07 | 00,000,000 | ---D | C]

Malwarebytes -> %AllUsersProfile%\Malwarebytes -> [2009/02/16 13:31:07 | 00,000,000 | ---D | C]

ToolBar SD -> %SystemDrive%\ToolBar SD -> [2009/02/16 12:33:37 | 00,000,000 | ---D | C]

ToolBarSD.exe -> %UserProfile%\Desktop\ToolBarSD.exe -> [2009/02/16 12:20:49 | 00,343,017 | ---- | C] ()

Trend Micro -> %ProgramFiles%\Trend Micro -> [2009/02/16 11:46:38 | 00,000,000 | ---D | C]

HjT -> %UserProfile%\Desktop\HjT -> [2009/02/16 11:43:35 | 00,000,000 | ---D | C]

Rooter$ -> %SystemDrive%\Rooter$ -> [2009/02/16 11:31:44 | 00,000,000 | ---D | C]

Rooter.exe -> %UserProfile%\Desktop\Rooter.exe -> [2009/02/16 11:25:54 | 00,268,052 | ---- | C] ()

pavboot.sys -> %SystemRoot%\System32\drivers\pavboot.sys -> [2009/02/16 08:29:58 | 00,028,544 | ---- | C] (Panda Security, S.L.)

Panda Security -> %ProgramFiles%\Panda Security -> [2009/02/16 08:29:55 | 00,000,000 | ---D | C]

BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [2009/02/16 08:22:04 | 00,000,000 | ---D | C]

Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [2009/02/15 22:12:44 | 00,000,000 | ---D | C]

Lbd.sys -> %SystemRoot%\System32\drivers\Lbd.sys -> [2009/02/15 22:02:07 | 00,064,160 | ---- | C] (Lavasoft AB)

Lavasoft -> %ProgramFiles%\Lavasoft -> [2009/02/15 21:56:23 | 00,000,000 | ---D | C]

Kaspersky Lab -> %ProgramFiles%\Kaspersky Lab -> [2009/02/15 21:08:32 | 00,000,000 | ---D | C]

Microsoft Silverlight -> %ProgramFiles%\Microsoft Silverlight -> [2009/02/14 15:37:34 | 00,000,000 | ---D | C]

Profiles -> %SystemRoot%\Profiles -> [2009/02/14 14:40:43 | 00,000,000 | ---D | C]

Adobe -> %ProgramFiles%\Adobe -> [2009/02/14 14:40:28 | 00,000,000 | ---D | C]

My eBooks -> %UserProfile%\Documents\My eBooks -> [2009/02/14 14:40:27 | 00,000,000 | ---D | C]

InterTrust -> %AppData%\InterTrust -> [2009/02/14 14:40:27 | 00,000,000 | ---D | C]

Avira -> %ProgramFiles%\Avira -> [2009/02/14 14:40:10 | 00,000,000 | ---D | C]

Avira -> %AllUsersProfile%\Avira -> [2009/02/14 14:40:10 | 00,000,000 | ---D | C]

Steam -> %CommonProgramFiles%\Steam -> [2009/02/14 13:30:56 | 00,000,000 | ---D | C]

Musique.lnk -> %UserProfile%\Desktop\Musique.lnk -> [2009/02/14 12:10:47 | 00,000,365 | ---- | C] ()

World Of Goo.lnk -> %UserProfile%\Desktop\World Of Goo.lnk -> [2009/02/14 12:03:01 | 00,000,792 | ---- | C] ()

PacSteamT.lnk -> %UserProfile%\Desktop\PacSteamT.lnk -> [2009/02/14 12:02:09 | 00,001,452 | ---- | C] ()

Kaspersky Lab -> %AllUsersProfile%\Kaspersky Lab -> [2009/02/14 11:33:10 | 00,000,000 | ---D | C]

Kaspersky Lab Setup Files -> %AllUsersProfile%\Kaspersky Lab Setup Files -> [2009/02/14 10:40:10 | 00,000,000 | ---D | C]

appcache -> %ProgramFiles%\appcache -> [2009/02/13 23:14:25 | 00,000,000 | ---D | C]

steamapps -> %ProgramFiles%\steamapps -> [2009/02/13 23:14:10 | 00,000,000 | ---D | C]

logs -> %ProgramFiles%\logs -> [2009/02/13 23:14:08 | 00,000,000 | ---D | C]

config -> %ProgramFiles%\config -> [2009/02/13 23:12:39 | 00,000,000 | ---D | C]

Graphics -> %ProgramFiles%\Graphics -> [2009/02/13 23:12:38 | 00,000,000 | ---D | C]

skins -> %ProgramFiles%\skins -> [2009/02/13 23:12:34 | 00,000,000 | ---D | C]

resource -> %ProgramFiles%\resource -> [2009/02/13 23:12:33 | 00,000,000 | ---D | C]

old -> %ProgramFiles%\old -> [2009/02/13 23:12:32 | 00,000,000 | -H-D | C]

bin -> %ProgramFiles%\bin -> [2009/02/13 23:04:26 | 00,000,000 | ---D | C]

Public -> %ProgramFiles%\Public -> [2009/02/13 23:04:25 | 00,000,000 | ---D | C]

Search Settings -> %AppData%\Search Settings -> [2009/02/12 17:29:03 | 00,000,000 | ---D | C]

mshtml.dll -> %SystemRoot%\System32\mshtml.dll -> [2009/02/12 11:51:42 | 03,580,416 | ---- | C] (Microsoft Corporation)

ieframe.dll -> %SystemRoot%\System32\ieframe.dll -> [2009/02/12 11:51:41 | 06,069,248 | ---- | C] (Microsoft Corporation)

urlmon.dll -> %SystemRoot%\System32\urlmon.dll -> [2009/02/12 11:51:40 | 01,166,336 | ---- | C] (Microsoft Corporation)

msfeeds.dll -> %SystemRoot%\System32\msfeeds.dll -> [2009/02/12 11:51:39 | 00,458,240 | ---- | C] (Microsoft Corporation)

wininet.dll -> %SystemRoot%\System32\wininet.dll -> [2009/02/12 11:51:38 | 00,827,392 | ---- | C] (Microsoft Corporation)

mstime.dll -> %SystemRoot%\System32\mstime.dll -> [2009/02/12 11:51:37 | 00,671,232 | ---- | C] (Microsoft Corporation)

iertutil.dll -> %SystemRoot%\System32\iertutil.dll -> [2009/02/12 11:51:36 | 00,270,336 | ---- | C] (Microsoft Corporation)

mshtml.tlb -> %SystemRoot%\System32\mshtml.tlb -> [2009/02/12 11:51:35 | 01,383,424 | ---- | C] (Microsoft Corporation)

jsproxy.dll -> %SystemRoot%\System32\jsproxy.dll -> [2009/02/12 11:51:35 | 00,028,160 | ---- | C] (Microsoft Corporation)

EncDec.dll -> %SystemRoot%\System32\EncDec.dll -> [2009/02/12 11:51:27 | 00,428,544 | ---- | C] (Microsoft Corporation)

psisrndr.ax -> %SystemRoot%\System32\psisrndr.ax -> [2009/02/12 11:51:25 | 00,217,088 | ---- | C] (Microsoft Corporation)

psisdecd.dll -> %SystemRoot%\System32\psisdecd.dll -> [2009/02/12 11:51:22 | 00,293,376 | ---- | C] (Microsoft Corporation)

mpg2splt.ax -> %SystemRoot%\System32\mpg2splt.ax -> [2009/02/12 11:51:21 | 00,177,664 | ---- | C] (Microsoft Corporation)

MSNP.ax -> %SystemRoot%\System32\MSNP.ax -> [2009/02/12 11:51:21 | 00,080,896 | ---- | C] (Microsoft Corporation)

Media Center Programs -> %AllUsersProfile%\Media Center Programs -> [2009/02/11 19:04:58 | 00,000,000 | ---D | C]

Counter-Strike Source.lnk -> %UserProfile%\Desktop\Counter-Strike Source.lnk -> [2009/02/10 13:14:41 | 00,001,470 | ---- | C] ()

Counter-Strike Source -> %ProgramFiles%\Counter-Strike Source -> [2009/02/10 12:59:44 | 00,000,000 | ---D | C]

PacSteamT -> %SystemDrive%\PacSteamT -> [2009/02/10 10:35:20 | 00,000,000 | ---D | C]

Thraex Software -> %CommonProgramFiles%\Thraex Software -> [2009/02/10 09:58:47 | 00,000,000 | ---D | C]

cc_20090209_125213.reg -> %UserProfile%\Documents\cc_20090209_125213.reg -> [2009/02/09 12:52:16 | 00,000,082 | ---- | C] ()

VirtualDJ -> %UserProfile%\Documents\VirtualDJ -> [2009/02/09 09:43:59 | 00,000,000 | ---D | C]

VirtualDJ -> %ProgramFiles%\VirtualDJ -> [2009/02/09 09:43:59 | 00,000,000 | ---D | C]

Music -> %UserProfile%\Music -> [2009/02/07 08:22:23 | 00,000,000 | R--D | C]

BIBLIOTHÈQUE.xml -> %UserProfile%\BIBLIOTHÈQUE.xml -> [2009/02/07 08:10:10 | 03,273,185 | ---- | C] ()

Lavalys -> %ProgramFiles%\Lavalys -> [2009/02/06 17:31:39 | 00,000,000 | ---D | C]

Bethesda Softworks -> %ProgramFiles%\Bethesda Softworks -> [2009/02/02 16:34:15 | 00,000,000 | ---D | C]

Oblivion -> %UserProfile%\AppData\Local\Oblivion -> [2009/02/02 16:32:11 | 00,000,000 | ---D | C]

My Games -> %UserProfile%\Documents\My Games -> [2009/02/02 16:32:11 | 00,000,000 | ---D | C]

infocardapi.dll -> %SystemRoot%\System32\infocardapi.dll -> [2009/01/30 19:31:20 | 00,097,800 | ---- | C] (Microsoft Corporation)

PresentationCFFRasterizerNative_v0300.dll -> %SystemRoot%\System32\PresentationCFFRasterizerNative_v0300.dll -> [2009/01/30 19:31:19 | 00,105,016 | ---- | C] (Microsoft Corporation)

icardagt.exe -> %SystemRoot%\System32\icardagt.exe -> [2009/01/30 19:31:18 | 00,622,080 | ---- | C] (Microsoft Corporation)

infocardcpl.cpl -> %SystemRoot%\System32\infocardcpl.cpl -> [2009/01/30 19:31:18 | 00,037,384 | ---- | C] (Microsoft Corporation)

PresentationHostProxy.dll -> %SystemRoot%\System32\PresentationHostProxy.dll -> [2009/01/30 19:31:17 | 00,043,544 | ---- | C] (Microsoft Corporation)

icardres.dll -> %SystemRoot%\System32\icardres.dll -> [2009/01/30 19:31:17 | 00,011,264 | ---- | C] (Microsoft Corporation)

PresentationNative_v0300.dll -> %SystemRoot%\System32\PresentationNative_v0300.dll -> [2009/01/30 19:31:13 | 00,781,344 | ---- | C] (Microsoft Corporation)

PresentationHost.exe -> %SystemRoot%\System32\PresentationHost.exe -> [2009/01/30 19:31:06 | 00,326,160 | ---- | C] (Microsoft Corporation)

dfshim.dll -> %SystemRoot%\System32\dfshim.dll -> [2009/01/30 19:24:14 | 00,096,760 | ---- | C] (Microsoft Corporation)

mscoree.dll -> %SystemRoot%\System32\mscoree.dll -> [2009/01/30 19:24:11 | 00,282,112 | ---- | C] (Microsoft Corporation)

netfxperf.dll -> %SystemRoot%\System32\netfxperf.dll -> [2009/01/30 19:24:10 | 00,041,984 | ---- | C] (Microsoft Corporation)

mscorier.dll -> %SystemRoot%\System32\mscorier.dll -> [2009/01/30 19:24:00 | 00,158,720 | ---- | C] (Microsoft Corporation)

mscories.dll -> %SystemRoot%\System32\mscories.dll -> [2009/01/30 19:23:49 | 00,083,968 | ---- | C] (Microsoft Corporation)

Hamachi -> %AppData%\Hamachi -> [2009/01/18 14:05:08 | 00,000,000 | ---D | C]

hamachi.sys -> %SystemRoot%\System32\drivers\hamachi.sys -> [2009/01/18 14:03:58 | 00,025,280 | ---- | C] (LogMeIn, Inc.)

TouchStoneSoftware -> %UserProfile%\AppData\Local\TouchStoneSoftware -> [2009/01/14 20:43:37 | 00,000,000 | ---D | C]

srv.sys -> %SystemRoot%\System32\drivers\srv.sys -> [2009/01/14 13:48:57 | 00,288,768 | ---- | C] (Microsoft Corporation)

Minidump -> %SystemRoot%\Minidump -> [2009/01/05 22:36:13 | 00,000,000 | ---D | C]

BitTorrent -> %ProgramFiles%\BitTorrent -> [2009/01/02 22:02:33 | 00,000,000 | ---D | C]

AutoTransfer -> %AppData%\AutoTransfer -> [2008/12/25 16:56:43 | 00,000,000 | ---D | C]

Mes fichiers reþus -> %UserProfile%\Documents\Mes fichiers reþus -> [2008/12/24 22:21:13 | 00,000,000 | ---D | C]

avg8 -> %AllUsersProfile%\avg8 -> [2008/12/24 16:42:10 | 00,000,000 | ---D | C]

2DBoy -> %AllUsersProfile%\2DBoy -> [2008/12/22 14:38:38 | 00,000,000 | ---D | C]

WorldOfGoo -> %ProgramFiles%\WorldOfGoo -> [2008/12/22 14:37:44 | 00,000,000 | ---D | C]

d3dx9_32.dll -> %SystemRoot%\System32\d3dx9_32.dll -> [2008/12/20 12:34:59 | 03,426,072 | ---- | C] (Microsoft Corporation)

Microsoft -> %ProgramFiles%\Microsoft -> [2008/12/20 12:33:18 | 00,000,000 | ---D | C]

Windows Live SkyDrive -> %ProgramFiles%\Windows Live SkyDrive -> [2008/12/20 12:32:56 | 00,000,000 | ---D | C]

Guitar Pro 5 -> %ProgramFiles%\Guitar Pro 5 -> [2008/12/17 19:37:34 | 00,000,000 | ---D | C]

BIBLIOTHÈQUE.xml -> %UserProfile%\Desktop\BIBLIOTHÈQUE.xml -> [2008/12/14 09:07:41 | 03,008,200 | ---- | C] ()

WindowsSearch -> %AllUsersProfile%\WindowsSearch -> [2008/12/10 17:46:40 | 00,000,000 | ---D | C]

tzres.dll -> %SystemRoot%\System32\tzres.dll -> [2008/12/10 16:43:17 | 00,002,048 | ---- | C] (Microsoft Corporation)

Apphlpdm.dll -> %SystemRoot%\System32\Apphlpdm.dll -> [2008/12/10 16:38:33 | 00,028,672 | ---- | C] (Microsoft Corporation)

GameUXLegacyGDFs.dll -> %SystemRoot%\System32\GameUXLegacyGDFs.dll -> [2008/12/10 16:38:31 | 04,240,384 | ---- | C] (Microsoft)

mf.dll -> %SystemRoot%\System32\mf.dll -> [2008/12/10 16:37:30 | 02,868,736 | ---- | C] (Microsoft Corporation)

WMVCORE.DLL -> %SystemRoot%\System32\WMVCORE.DLL -> [2008/12/10 16:37:29 | 02,386,944 | ---- | C] (Microsoft Corporation)

WMNetMgr.dll -> %SystemRoot%\System32\WMNetMgr.dll -> [2008/12/10 16:37:28 | 00,996,352 | ---- | C] (Microsoft Corporation)

logagent.exe -> %SystemRoot%\System32\logagent.exe -> [2008/12/10 16:37:28 | 00,094,720 | ---- | C] (Microsoft Corporation)

shell32.dll -> %SystemRoot%\System32\shell32.dll -> [2008/12/10 16:36:53 | 11,580,928 | ---- | C] (Microsoft Corporation)

gdi32.dll -> %SystemRoot%\System32\gdi32.dll -> [2008/12/10 16:36:48 | 00,296,960 | ---- | C] (Microsoft Corporation)

explorer.exe -> %SystemRoot%\explorer.exe -> [2008/12/10 16:36:42 | 02,927,104 | ---- | C] (Microsoft Corporation)

WLXPGSS.SCR -> %SystemRoot%\WLXPGSS.SCR -> [2008/12/05 00:11:14 | 00,308,584 | ---- | C] (Microsoft Corporation)

wucltux.dll -> %SystemRoot%\System32\wucltux.dll -> [2008/12/03 06:52:12 | 01,524,736 | ---- | C] (Microsoft Corporation)

wuauclt.exe -> %SystemRoot%\System32\wuauclt.exe -> [2008/12/03 06:52:12 | 00,051,224 | ---- | C] (Microsoft Corporation)

wups2.dll -> %SystemRoot%\System32\wups2.dll -> [2008/12/03 06:52:12 | 00,043,544 | ---- | C] (Microsoft Corporation)

wuaueng.dll -> %SystemRoot%\System32\wuaueng.dll -> [2008/12/03 06:52:11 | 01,809,944 | ---- | C] (Microsoft Corporation)

wuapi.dll -> %SystemRoot%\System32\wuapi.dll -> [2008/12/03 06:51:47 | 00,561,688 | ---- | C] (Microsoft Corporation)

wudriver.dll -> %SystemRoot%\System32\wudriver.dll -> [2008/12/03 06:51:47 | 00,083,456 | ---- | C] (Microsoft Corporation)

wups.dll -> %SystemRoot%\System32\wups.dll -> [2008/12/03 06:51:47 | 00,034,328 | ---- | C] (Microsoft Corporation)

wuwebv.dll -> %SystemRoot%\System32\wuwebv.dll -> [2008/12/03 06:51:39 | 00,162,064 | ---- | C] (Microsoft Corporation)

wuapp.exe -> %SystemRoot%\System32\wuapp.exe -> [2008/12/03 06:51:39 | 00,031,232 | ---- | C] (Microsoft Corporation)

sirenacm.dll -> %SystemRoot%\System32\sirenacm.dll -> [2008/12/02 22:37:20 | 00,049,480 | ---- | C] (Microsoft Corporation)

WowCartographe -> %ProgramFiles%\WowCartographe -> [2008/11/26 18:22:58 | 00,000,000 | ---D | C]

PhotoMetadataHandler.dll -> %SystemRoot%\System32\PhotoMetadataHandler.dll -> [2008/11/26 17:06:37 | 00,425,472 | ---- | C] (Microsoft Corporation)

WindowsCodecsExt.dll -> %SystemRoot%\System32\WindowsCodecsExt.dll -> [2008/11/26 17:06:37 | 00,347,648 | ---- | C] (Microsoft Corporation)

WindowsCodecs.dll -> %SystemRoot%\System32\WindowsCodecs.dll -> [2008/11/26 17:06:36 | 00,712,704 | ---- | C] (Microsoft Corporation)

PortableDeviceApi.dll -> %SystemRoot%\System32\PortableDeviceApi.dll -> [2008/11/26 17:06:35 | 00,241,152 | ---- | C] (Microsoft Corporation)

connect.dll -> %SystemRoot%\System32\connect.dll -> [2008/11/26 17:06:32 | 01,645,568 | ---- | C] (Microsoft Corporation)

QuickTime -> %ProgramFiles%\QuickTime -> [2008/11/24 14:03:50 | 00,000,000 | ---D | C]

 

[Files/Folders - Modified Within 90 Days]

32 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp ->

32 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp ->

ntuser.dat -> %UserProfile%\ntuser.dat -> [2009/02/17 19:41:15 | 06,291,456 | -HS- | M] ()

OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/02/17 19:40:13 | 00,656,714 | ---- | M] ()

7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/02/17 19:00:24 | 00,003,168 | -H-- | M] ()

7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/02/17 19:00:23 | 00,003,168 | -H-- | M] ()

SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/02/17 17:00:25 | 00,000,006 | -H-- | M] ()

bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/02/17 17:00:21 | 00,067,584 | --S- | M] ()

hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/02/17 17:00:16 | 93,794,3040 | -HS- | M] ()

NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms -> %UserProfile%\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms -> [2009/02/17 16:59:12 | 00,524,288 | -HS- | M] ()

NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf -> %UserProfile%\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf -> [2009/02/17 16:59:12 | 00,065,536 | -HS- | M] ()

IconCache.db -> %UserProfile%\AppData\Local\IconCache.db -> [2009/02/17 16:59:10 | 02,473,315 | -H-- | M] ()

RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/02/17 16:32:14 | 00,781,851 | ---- | M] ()

User_Feed_Synchronization-{657365F8-5832-40D0-8707-F8281FF22188}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{657365F8-5832-40D0-8707-F8281FF22188}.job -> [2009/02/17 16:23:21 | 00,000,418 | -H-- | M] ()

DrWeb.csv -> %UserProfile%\Documents\DrWeb.csv -> [2009/02/17 16:14:54 | 00,000,502 | ---- | M] ()

AntiVir PE Classic.lnk -> %SystemDrive%\Users\Public\Desktop\AntiVir PE Classic.lnk -> [2009/02/17 07:04:04 | 00,001,955 | ---- | M] ()

perfc00C.dat -> %SystemRoot%\System32\perfc00C.dat -> [2009/02/17 07:03:55 | 00,391,572 | ---- | M] ()

perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2009/02/17 07:03:55 | 00,341,268 | ---- | M] ()

perfh00C.dat -> %SystemRoot%\System32\perfh00C.dat -> [2009/02/17 07:03:55 | 00,244,198 | ---- | M] ()

PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2009/02/17 07:03:54 | 01,016,226 | ---- | M] ()

perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2009/02/17 07:03:54 | 00,045,246 | ---- | M] ()

qmgr1.dat -> %AllUsersProfile%\Microsoft\Network\Downloader\qmgr1.dat -> [2009/02/17 07:02:05 | 04,194,304 | ---- | M] ()

qmgr0.dat -> %AllUsersProfile%\Microsoft\Network\Downloader\qmgr0.dat -> [2009/02/17 07:02:05 | 04,194,304 | ---- | M] ()

PublishedRacMonSWITable.DAT -> %AllUsersProfile%\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [2009/02/17 06:28:03 | 00,180,056 | ---- | M] ()

PublishedRacMonAFLTable.DAT -> %AllUsersProfile%\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [2009/02/17 06:28:03 | 00,115,092 | ---- | M] ()

PublishedRacMonOSFTable.DAT -> %AllUsersProfile%\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [2009/02/17 06:28:03 | 00,040,296 | ---- | M] ()

PublishedRacMonIndex.DAT -> %AllUsersProfile%\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [2009/02/17 06:28:03 | 00,008,760 | ---- | M] ()

PublishedRacMonHFLTable.DAT -> %AllUsersProfile%\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [2009/02/17 06:28:03 | 00,000,000 | ---- | M] ()

PublishedRacMonCLKTable.DAT -> %AllUsersProfile%\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [2009/02/17 06:28:03 | 00,000,000 | ---- | M] ()

cc_20090216_221935.reg -> %UserProfile%\Documents\cc_20090216_221935.reg -> [2009/02/16 22:28:26 | 00,634,500 | ---- | M] ()

Zeb-Restore.zip -> %UserProfile%\Desktop\Zeb-Restore.zip -> [2009/02/16 21:21:15 | 00,074,505 | ---- | M] ()

ELIBAGLA.BCØBBØØI.EXE -> %UserProfile%\Desktop\ELIBAGLA.BCØBBØØI.EXE -> [2009/02/16 21:07:18 | 00,057,878 | ---- | M] (Satinfo S.L.)

GDIPFONTCACHEV1.DAT -> %UserProfile%\AppData\Local\GDIPFONTCACHEV1.DAT -> [2009/02/16 20:38:25 | 00,052,136 | ---- | M] ()

FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009/02/16 20:37:24 | 00,240,984 | ---- | M] ()

BIBLIOTHÈQUE récente.xml -> %UserProfile%\Desktop\BIBLIOTHÈQUE récente.xml -> [2009/02/16 20:31:07 | 03,457,721 | ---- | M] ()

FindyKill.lnk -> %UserProfile%\Desktop\FindyKill.lnk -> [2009/02/16 19:15:17 | 00,001,650 | ---- | M] ()

Malwarebytes' Anti-Malware.lnk -> %SystemDrive%\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/02/16 13:31:11 | 00,000,782 | ---- | M] ()

ToolBarSD.exe -> %UserProfile%\Desktop\ToolBarSD.exe -> [2009/02/16 12:21:02 | 00,343,017 | ---- | M] ()

Rooter.exe -> %UserProfile%\Desktop\Rooter.exe -> [2009/02/16 11:26:15 | 00,268,052 | ---- | M] ()

Counter-Strike Source.lnk -> %UserProfile%\Desktop\Counter-Strike Source.lnk -> [2009/02/16 09:41:11 | 00,001,470 | ---- | M] ()

d3d9caps.dat -> %UserProfile%\AppData\Local\d3d9caps.dat -> [2009/02/15 10:36:18 | 00,001,356 | ---- | M] ()

config.nt -> %SystemRoot%\System32\config.nt -> [2009/02/15 08:38:22 | 00,002,577 | ---- | M] ()

Musique.lnk -> %UserProfile%\Desktop\Musique.lnk -> [2009/02/14 12:10:47 | 00,000,365 | ---- | M] ()

hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2009/02/14 12:08:28 | 00,293,422 | R--- | M] ()

hosts.20090214-120828.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090214-120828.backup -> [2009/02/14 12:06:58 | 00,293,422 | R--- | M] ()

World Of Goo.lnk -> %UserProfile%\Desktop\World Of Goo.lnk -> [2009/02/14 12:03:01 | 00,000,792 | ---- | M] ()

PacSteamT.lnk -> %UserProfile%\Desktop\PacSteamT.lnk -> [2009/02/14 12:02:09 | 00,001,452 | ---- | M] ()

hosts.20090214-120658.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090214-120658.backup -> [2009/02/14 10:11:51 | 00,293,422 | R--- | M] ()

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/02/11 15:57:35 | 00,098,816 | ---- | M] ()

mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation)

mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation)

hosts.20090214-101151.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090214-101151.backup -> [2009/02/10 08:00:18 | 00,293,507 | R--- | M] ()

cc_20090209_125213.reg -> %UserProfile%\Documents\cc_20090209_125213.reg -> [2009/02/09 12:52:16 | 00,000,082 | ---- | M] ()

BIBLIOTHÈQUE.xml -> %UserProfile%\BIBLIOTHÈQUE.xml -> [2009/02/07 08:10:12 | 03,273,185 | ---- | M] ()

mrt.exe -> %SystemRoot%\System32\mrt.exe -> [2009/02/04 00:21:12 | 21,244,864 | ---- | M] (Microsoft Corporation)

hosts.20090210-080018.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090210-080018.backup -> [2009/01/31 11:37:17 | 00,292,591 | R--- | M] ()

Lbd.sys -> %SystemRoot%\System32\drivers\Lbd.sys -> [2009/01/19 15:35:20 | 00,064,160 | ---- | M] (Lavasoft AB)

hamachi.sys -> %SystemRoot%\System32\drivers\hamachi.sys -> [2009/01/18 14:03:58 | 00,025,280 | ---- | M] (LogMeIn, Inc.)

hosts.20090131-113717.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090131-113717.backup -> [2009/01/17 08:19:57 | 00,292,591 | R--- | M] ()

wininet.dll -> %SystemRoot%\System32\wininet.dll -> [2009/01/15 07:11:16 | 00,827,392 | ---- | M] (Microsoft Corporation)

urlmon.dll -> %SystemRoot%\System32\urlmon.dll -> [2009/01/15 07:11:05 | 01,166,336 | ---- | M] (Microsoft Corporation)

mstime.dll -> %SystemRoot%\System32\mstime.dll -> [2009/01/15 07:08:50 | 00,671,232 | ---- | M] (Microsoft Corporation)

mshtml.dll -> %SystemRoot%\System32\mshtml.dll -> [2009/01/15 07:08:35 | 03,580,416 | ---- | M] (Microsoft Corporation)

msfeeds.dll -> %SystemRoot%\System32\msfeeds.dll -> [2009/01/15 07:08:34 | 00,458,240 | ---- | M] (Microsoft Corporation)

jsproxy.dll -> %SystemRoot%\System32\jsproxy.dll -> [2009/01/15 07:08:05 | 00,028,160 | ---- | M] (Microsoft Corporation)

ieframe.dll -> %SystemRoot%\System32\ieframe.dll -> [2009/01/15 07:07:53 | 06,069,248 | ---- | M] (Microsoft Corporation)

iertutil.dll -> %SystemRoot%\System32\iertutil.dll -> [2009/01/15 07:07:53 | 00,270,336 | ---- | M] (Microsoft Corporation)

mshtml.tlb -> %SystemRoot%\System32\mshtml.tlb -> [2009/01/15 04:36:16 | 01,383,424 | ---- | M] (Microsoft Corporation)

hosts.20090117-081957.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090117-081957.backup -> [2008/12/26 12:19:54 | 00,292,110 | R--- | M] ()

hosts.20081226-121954.backup -> %SystemRoot%\System32\drivers\etc\hosts.20081226-121954.backup -> [2008/12/26 12:19:34 | 00,292,110 | R--- | M] ()

srv.sys -> %SystemRoot%\System32\drivers\srv.sys -> [2008/12/16 03:42:39 | 00,288,768 | ---- | M] (Microsoft Corporation)

BIBLIOTHÈQUE.xml -> %UserProfile%\Desktop\BIBLIOTHÈQUE.xml -> [2008/12/14 09:07:42 | 03,008,200 | ---- | M] ()

hosts.20081226-121934.backup -> %SystemRoot%\System32\drivers\etc\hosts.20081226-121934.backup -> [2008/12/10 17:02:58 | 00,291,286 | R--- | M] ()

hosts.20081210-170258.backup -> %SystemRoot%\System32\drivers\etc\hosts.20081210-170258.backup -> [2008/12/10 17:02:38 | 00,291,286 | R--- | M] ()

psisdecd.dll -> %SystemRoot%\System32\psisdecd.dll -> [2008/12/05 05:32:36 | 00,293,376 | ---- | M] (Microsoft Corporation)

EncDec.dll -> %SystemRoot%\System32\EncDec.dll -> [2008/12/05 05:32:35 | 00,428,544 | ---- | M] (Microsoft Corporation)

psisrndr.ax -> %SystemRoot%\System32\psisrndr.ax -> [2008/12/05 05:31:30 | 00,217,088 | ---- | M] (Microsoft Corporation)

mpg2splt.ax -> %SystemRoot%\System32\mpg2splt.ax -> [2008/12/05 05:31:30 | 00,177,664 | ---- | M] (Microsoft Corporation)

MSNP.ax -> %SystemRoot%\System32\MSNP.ax -> [2008/12/05 05:31:30 | 00,080,896 | ---- | M] (Microsoft Corporation)

WLXPGSS.SCR -> %SystemRoot%\WLXPGSS.SCR -> [2008/12/05 00:11:14 | 00,308,584 | ---- | M] (Microsoft Corporation)

sirenacm.dll -> %SystemRoot%\System32\sirenacm.dll -> [2008/12/02 22:37:20 | 00,049,480 | ---- | M] (Microsoft Corporation)

Juliette.dat -> %AllUsersProfile%\Microsoft\User Account Pictures\Juliette.dat -> [2007/06/25 10:10:28 | 00,000,000 | ---- | M] ()

Isabelle.dat -> %AllUsersProfile%\Microsoft\User Account Pictures\Isabelle.dat -> [2007/06/25 09:54:39 | 00,000,000 | ---- | M] ()

Michel.dat -> %AllUsersProfile%\Microsoft\User Account Pictures\Michel.dat -> [2007/06/25 09:51:05 | 00,000,000 | ---- | M] ()

Simon.dat -> %AllUsersProfile%\Microsoft\User Account Pictures\Simon.dat -> [2007/06/25 09:23:35 | 00,000,000 | ---- | M] ()

Administrator.dat -> %AllUsersProfile%\Microsoft\User Account Pictures\Administrator.dat -> [2006/11/02 14:03:35 | 00,000,000 | ---- | M] ()

 

[Alternate Data Streams]

@Alternate Data Stream - 16 bytes -> %UserProfile%\Documents\Shareaza Downloads:Shareaza.GUID

[CatchMe Rootkit Scan by GMER]

< Windows folder & sub-folders >

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:e2,55,83,14,45,f5,17,35,2e,33,a8,35,69,f0,39,fd,d8,ec,07,e9,18,..

"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,43,9e,4d,df,c8,82,40,59,bf,18,37,b4,35,55,55,42,e5,..

"khjeh"=hex:44,a8,ad,ce,ff,c5,31,72,f5,8b,de,81,8a,c7,a2,ec,07,f9,91,27,af,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:32,1f,98,0a,29,de,42,e1,13,5c,31,00,60,4b,e0,9b,dc,80,d8,ff,65,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:e2,55,83,14,45,f5,17,35,2e,33,a8,35,69,f0,39,fd,d8,ec,07,e9,18,..

"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,43,9e,4d,df,c8,82,40,59,bf,18,37,b4,35,55,55,42,e5,..

"khjeh"=hex:44,a8,ad,ce,ff,c5,31,72,f5,8b,de,81,8a,c7,a2,ec,07,f9,91,27,af,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:32,1f,98,0a,29,de,42,e1,13,5c,31,00,60,4b,e0,9b,dc,80,d8,ff,65,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\\xb9\xc7\x2dc\xfc]

"CacheSizeInMB"=dword:00000000

"CacheStatus"=dword:00000002

"USBVersion"=dword:00020000

"ReadSpeedKBs"=dword:00000000

"WriteSpeedKBs"=dword:00000000

"PhysicalDeviceSizeMB"=dword:000174a1

"RecommendedCacheSizeMB"=dword:00000000

"HasSlowRegions"=dword:00000000

"DoRetestDevice"=dword:00000000

"DeviceStatus"=dword:00000001

"LastTestedTime"=hex(b):00,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Acer Tour?"=""

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

< Document and Settings folder & sub folders >

scanning hidden files ...

scan completed successfully

hidden files: 0

 

< End of report >

Modifié le 17 février 2009 par microcut

[pear]

Je ne vois rien de particulier.Désolé.

Sauf ceci:

(AntiVirScheduler) Planificateur Avira AntiVir Personal - Free Antivirus [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> [2008/10/15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH)

(AntiVirService) Avira AntiVir Personal - Free Antivirus Guard [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> [2008/10/15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH)

 

Tentez cette manipulation provisoire:

 

Copiez collez dans le bloc notes.

Enregistrez sous Serv.bat, sur le bureau.

Double clic pour lancer.

@echo off

sc config iPod Sercice start= auto

sc config AntiVirService start= auto

sc config AntiVirScheduler start= auto

 

net start iPod Sercice

net start AntiVirService

net start AntiVirScheduler

 

 

Si cela marche, mettez le fichier Bat dans votre Dossier Démarrage

Modifié le 17 février 2009 par pear

[microcut]

Merci quand même pour ton aide mais sa ne fonctionne pas.

[maybe]

Hello Microcut,

 

- Démarrer / Exécuter / taper services.msc / OK

- le services Planificateur de tâches est bien sur Démarré et Automatique ?

[microcut]

J'ai vérifier, le planificateur de tâches est démarrer et en automatique.

 

Peut qu'il s'agit d'un virus qui bloquerait certain services?

[maybe]

ça pourrait, oui.

 

- Lancer RSIT. Deux rapports vont s'éditer à la fin de l'analyse : les poster en deux fois s'ils ne passent pas sur un seul message

 

http://forum.pcastuces.com/randoms_system_...rsit-f31s31.htm